MarTech Interview With Rémy Claret, CMO and Co-founder at Odaseva

Rémy Claret, CMO and Co-founder at Odaseva talks about the need for marketers and salespeople to imbibe better data protection practices:

________

Welcome to this MarTech Series chat, Remy, tell us about yourself and more about your role at Odaseva…how has the platform evolved over the years?

I’m the CMO and co-founder of Odaseva, and I’ve spent more than two decades working in B2B cloud and SaaS companies. Odaseva began as a company that provides backup and recovery for Salesforce data, and that’s still a large part of our business. It’s a huge need, because Salesforce, like most SaaS vendors, operates on a shared responsibility model — they protect the infrastructure but the customer is ultimately responsible for their data. But backing up and restoring SaaS data is a complex task that’s very different from protecting data on premises and in the cloud — to do it properly really requires a specialized solution.

Since then, we’ve expanded our capabilities to provide customers with an enterprise data protection platform for Salesforce, which includes tools like archiving to improve system performance, sandbox anonymization to protect developer environments, cloud replication to move data into other systems, data privacy solutions to comply with data privacy regulations like GDPR and data residency laws, and data lifecycle management.

Why should marketers be more prudent and aware of the online/cyber threats that can face their brands given the significant rise in attacks in the recent past?

As the world continues to shift from on-premises software systems to SaaS, a surprising number of even very large organizations have taken for granted that the SaaS provider will protect them from cyber-threats. To some extent, that’s true — SaaS platforms invest a lot of money and resources into securing their infrastructure. But ultimately, the data is the customer’s responsibility, and cyber-criminals are becoming much more interested in and effective at attacking SaaS data.

Sales and marketing operations today run on SaaS platforms like Salesforce, Hubspot, Marketo and Mailchimp. If the data in these services is stolen, destroyed or compromised, the damage to the entire company can be pretty extreme.

A few best practices that B2B teams need to follow to ensure better protection on the whole?

The first and most important best practice they should employ is to back up their SaaS data in a secure service that can meet their requirements for recovery. Recovery is the ultimate goal of backing up data, and too many organizations focus on backup without thinking about how quickly they can restore the data. Restoring SaaS data is, again, a complex process, and without the proper expertise, technology and testing, it can be a slow or even incomplete process.

Organizations also need to ensure they are using the strongest means of authentication possible to access SaaS data. Ideally, they will use multi-factor authentication. Passwords alone are simply not secure enough. All too often, user-generated  passwords are easy to guess or break with brute force methods, and both malware and phishing attacks can steal them. Passwords represent a single point of failure to allow unauthorized access.

Finally, the backup data should be encrypted. There’s a lot of useful information in the backups, so it needs to be protected in case someone is able to gain unauthorized access.

It’s worth noting that while the SaaS platform itself is a highly unlikely potential victim of a ransomware attack because bypassing the platform’s strict technical controls is simply too difficult, SaaS data can be targeted through phishing, malware, API key leaks and other malicious methods.

Odaseva recently conducted a survey/research on the state of ransomware attacks today, can you share a few top highlights?

Sure. I think the finding that will surprise people most is that those surveyed reported that their SaaS data was a target in 51% of ransomware attacks they experienced, and that in 52% of these attacks, the cybercriminals were able to successfully encrypt their organization’s SaaS data. In fact, attackers were more likely to succeed when they attacked SaaS data than they were with endpoint, cloud and on-premises data.

Additionally, organizations were least likely to be able to recover all their SaaS data,  as opposed to the other categories. Only half of organizations were able to do so. Compare this to on-premises data, where 81% of organizations recovered everything following a ransomware attack. This is probably because only 28% of respondents said they are “very confident” in their organization’s ability to recover after a ransomware attack on SaaS data and just 43% of companies have backed up all of their SaaS data. That’s a lot of unprotected SaaS data!

How can end users from their side of the journey be more aware and what can they do to ensure better data protection for themselves?

First, they need to perform an audit. Organizations today depend on multiple SaaS applications and many of them are mission critical, from CRM and ERP to office suites, communication and project management. They need to understand what data they have in SaaS services, and its importance.

Next, they must devise a data protection strategy. There are three backup and restore options:

• Free solution: Ideal for smaller organizations with out-of-the-box features and minimal development, but can be time consuming to implement.
• Build your own solution: Offers flexibility and control over what to build and what technologies to build it with, but meeting both the business and technical requirements can be a lengthy and very expensive process. It is a poor option, because most organizations lack the specific expertise in security, API management and the internal workings of the SaaS platform, not to mention a platform solution or the ability to scale that a strong third-party vendor can provide. It’s a task best left to a third-party specialist and not a good use of internal resources.
• Market solution: Your team can focus on delivering value to customers and employees while building trust.

A few thoughts on what the future holds for ransomware related threats and online brands/users?

Ransomware attackers are opportunists. They follow market rules, which means they choose the most optimal balance of effort versus potential revenue. That means that as SaaS data increases in volume and importance, the attacks will continue to increase in frequency and sophistication. Data is moving into SaaS services at a rapid clip, and cybercriminals are going to go where the data is. Their attacks will become more sophisticated and destructive. Organizations must be prepared with comprehensive, secure backups and the means to recover that data quickly.

Marketing Technology News: Building A Career in Enterprise Marketing