Druva's Milind Borate On How Companies Can Tackle Data Breach Amidst Remote Working Founded in 2007 by Jaspreet Singh and Milind Borate, Druva, a cloud data protection and management provider, become one of the first Indian origin SaaS-based unicorn in 2019

In the past six-seven months, there has been a paradigm shift in the way offices have functioned compared with their inception. Morning rush, arriving late at the meetings, tittle-tattle with your mates in the canteen, taking smoke or tea break after closing an important client, and finally leaving for home. Well, for most of the world, the above-mentioned "office mundane' has now shifted online due to the ongoing COVID-19 pandemic.

As the world continues to deal with uncertainty, a few of the companies have asked its employees to work from home (WFH) till the end of the year or in some cases WFH indefinitely, like Twitter.

While WFH has its ups and downs, but it is the need of the hour given the current scenario. As WFH is described as the #NewNormal, cybersecurity experts cannot stress more on the necessity for advanced data security systems to protect a company's sensitive data and employees from getting attacked by mischievous hackers. Hackers have always been there among us, but as more and more people are relying on cloud services and are working remotely, they have never been this busier.

In an email interaction with Entrepreneur India, Milind Borate, co-founder and chief technology officer of Druva, a cloud data protection and management provider talks about the changing requirements.

"Not Feasible To Apply Existing Best Practices'

According to a recent report by Malwarebytes, a security software provider, since the start of the COVID-19 pandemic, at least 20 per cent of organizations have experienced a security breach due to remote working.

Another report based on India by Barracuda Networks showed around 66 per cent of Indian organizations have suffered at least one data breach after abruptly shifting to WFH model.

This data breach not only threatens a company's reputation but also burns a big hole in their pocket. According to a study by IBM Security, the average cost of a data breach in India stood at INR 14 crore. The study spanning between August 2019 and April 2020 showed an increase of 9.4 per cent from 2019 findings.

According to Borate, because of the amount of disruption to the environment, it's not feasible to apply existing best practices to the new data sources.

For secure data protection, Borate believes that an organization has to identify the data that is critical and at-risk and then focus on meeting the regulatory standards for security and compliance for that data. This will guide a company to secure the data in a more effective manner. Once the data is secured and compliant, Borate suggests extending a backup safety net.

"Especially in a new environment, people will make mistakes, cloud systems will fail in unique and unexpected ways, and new configurations will trigger latent software bugs. When things go wrong, people will want to recover data, so they can continue to move forward. In fact, knowing that they have a safety net will enable them to proceed with more confidence," he added.

He said the final step would be to automate one's data protection. Explaining the reason behind, he said, "Since your teams are manually changing core operations on the fly, their safety net needs to always be there. With the complexity of the new environments and lack of expertise, data protection must be fully automated. It's the only way to be safe."

Types of Threats In Remote Working

Founded in 2007 by Jaspreet Singh and Borate, Druva is now entirely built on Amazon Web Service (AWS) which is trusted by over 4,000 enterprises and manage more than 150PB of data worldwide. Druva entered the coveted unicorn club in June last year.

According to Borate, there are three types of risk that organizations can face after an abrupt shift to a remote working environment. Firstly, he believes an organization needs to confront potential security vulnerabilities. As the line between personal and professional environment is getting blurred, an employee can simply download ransomware on his personal laptop, thus risking the sensitive data of an entire organization. He also points out that without prior experience, a user can expose or lose data on the cloud. "Chief information officers (CIOs) need to manage the risk of bad actors who will try to exploit vulnerable cloud and endpoint environments," he added.

Secondly, he believes that an organization must rely on a software-as-a-service (SaaS) application from messaging to sharing a document to replace face-to-face interaction.

He highlighted that CIOs need to ensure that sensitive communication transmitted over SaaS applications must comply with all regulations and be retained as business-critical information. "CIOs need to monitor and manage online communication compliance at a broader scale than ever," he added.

Lastly, Borate believes that as more people are working remotely, there will be higher chances of application outages. "Somebody will upgrade, modify, or migrate a component to the cloud without understanding all the implications. Therefore, companies need to be able to recover applications to a healthy state rapidly," he added. He said as employees continue to work remotely, they will make mistakes and miscommunicate, thus threatening security, compliance, and uptime. CIOs need to come up with a plan to identify, triage and recover from such issues.

India Slowly Moving To Cloud

In the past couple of years, there has been a significant investment behind technology infrastructure in this country. Companies who were earlier hesitant about investing in cloud solutions have gradually comprehended the importance of it. "There definitely is a shift in mindset. We are witnessing more and more companies turning to the cloud to ensure business continuity," he added. He said businesses are delving for technology that can help them scale efficiently, minimally impact employees, and can be deployed even during a restrictive work environment.

This adoption of cloud technology has helped cloud data protection players such as Druva to grow at a significant pace. The SaaS-based unicorn just announced the close of its most successful year. The company has experienced a 70 per cent year-over-year increase in recurring revenue for its data centre workload protection solution and a 50 per cent growth in overall data under management.

Stressing on the year 2020, Borate said, "This has been a strong year for our company and given our strategy combined with the current market acceleration toward cloud migration, there is an opportunity to expand our growth even further this year." The company has recently raised $130 million to power data protection, pushing total capital raised to $328 million.

Among Druva's client's are marquee names such as NASA, DHL, Emerson and Carlsberg.