Transcript
Hi Mike Matchett with Small World Big Data. We are here today with Asigra. We're talking about protecting your SaaS apps with a little bit of a twist from our other coverage on this, we're going to talk about some of the reasons why you want to protect your SaaS apps and why it's not being done by the vendors, but we're also going to look at it from how do you get help with MSPs doing it? Uh, if you're an MSP, this would be great for you. Or if you're a, uh, small medium enterprise and you use MSPs, this would be something you want to pay attention to as well. And if you're a large enterprise, you can do it for yourself. Just hang on. We're going to talk to Asigra in a second. Hi, Eric. Welcome back to our show. How are you doing? Hey, Mike. Doing great. Thanks so much for having me. So, uh, let's just set the stage here. Uh Asigra. We've obviously talked with Asigra before. We've obviously talked about SaaS Assure before. Uh, but just give us a sort of the high level view of where Asigra has been band. And what you're up to today, how you got to where you are today. Sure. Uh, so, I mean, uh, singer has actually been in business for 38 years, uh, in the backup and recovery space, uh, has been a leader really in, you know, crossing the boundary between backup and recovery and cybersecurity elements that are built into our product to really protect our customers data. Uh, and, uh, let's say about eight years ago or so, um, you know, we began backing up a whole bunch of SaaS applications as well. So looking at Microsoft 365, Google Workspace and Salesforce, and in our core product and competitive marketplace that it sits, a lot of other competitors are backing up those same SaaS applications. Yeah. And I said Asigra, you know, we could also call it SaaS for sure, because this is really the service we're talking about today, and that's the brand name that's going out. Right. Why people might see it as this, uh, when we talk about, um, uh, protecting SaaS apps, I think most people are comfortable at least have heard this a couple times. Now that you know, the the SaaS provider is not protecting their data. But what does that mean? Would you say that they're just not backing it up. They're not they're not able to restore it. They've got to be responsible for something. Yeah. So uh, typically, uh, if you look at SaaS provider, they are responsible for protecting your data. I mean, they they certainly have, you know, a number of security elements in place. Uh, they have a often geo redundant, uh, you know, data centers that protect the data. But what they're not good at is protecting individual customers data and recovering that data for an individual customer. So as an example, if I am using a SaaS application and I delete data accidentally, or if there's a malicious deletion, it's extremely difficult for that SaaS provider to recover my data. And if it's deleted, they cannot recover it at all. So they're good at recovering their full data set, but not an individual customer level. And in their terms and conditions They also state that that end customer is responsible for protecting their own data, so critical that customers are aware of this and that they have a mechanism to do so. Not to pick on Microsoft, but say there's no O365 outage they'd be responsible for bringing. Office 365 back up and making sure everyone's accounts were back up the way they were when it went out. But if you lost your account or your account got corrupted, you had some malicious actor or even accidentally deleted stuff. Some mailboxes are there. They can't really, in some cases can't, but most likely won't go in and mess with the internals of your account and restore different files and folders and such. That's just beyond them. That's correct. And they actually go a step beyond that. They they recommend that you back your data up with a third party, which is why you're also seeing so many organizations using a third party to back up that data. All right. We could we could talk about why they don't do backup and recovery as part of their service or as an extension, but let's let's go past that because I think we've had that conversation before. Uh. This is so, so people are using SaaS apps. We know that SaaS app adoption continues to grow. This is the preferred way people like to get their IT these days. It's let someone else do it. Uh, and and get the benefit of it for the credit card. Uh, where do you where do you see that that level now. And is that something that's consistent globally or is that just kind of a North America thing? Yeah. No, I mean, it's certainly consistent globally. You're seeing, you know, on average about 85% of workloads now, uh, in the cloud or in SaaS applications. Uh, and we continue to see that number grow, uh, moving into, you know, 2027 to about 95%. So it's still very pervasive and it's continuing to expand. All right. So what what can what can what can go wrong with with the SaaS account. What what are we what are we protecting from. What are we. What do we want. What do we want to like make sure that we can escape the vulnerability of. Yeah. So, uh, there's a number of things that are happening. Certainly, you're seeing a tremendous increase in phishing attacks and the complexity of those phishing attacks where companies, bad actors, ransomware companies are looking to get into the SaaS application and use the capabilities of that SaaS application against itself. So, uh, you know, deleting data, changing where the data is going to be stored. So they'll move it to the ransomware location. So they're certainly phishing attacks. Uh, but you're also seeing disgruntled employees that are, you know, deleting data or getting paid through the dark web to delete data or sell that data. You're also seeing things that go well beyond sort of malicious attacks, which is a misconfiguration that's being made by, you know, an end customer. You're seeing accidental data, deletions, all of those things, you know, are mechanisms to lose data, uh, and things that need to be protected for that aren't covered by your SaaS provider. Right. So we've got, uh, got a number, a number of risks that can happen, uh, within within a given SaaS app. I understand you've got some big SaaS apps. Obviously I mentioned O365 Salesforce, and we're going to talk about HubSpot here in a second. And some of those, those big ones, uh, but there's a lot of SaaS apps in use today too. Isn't that sort of the other part of this problem is that if you've got 100 and some SaaS apps, you don't even know that you've got data at risk. It's an interesting statistic that we found where your average mid to enterprise organization has somewhere in the neighborhood of 100, 137 SaaS applications. Most don't know they have that many. And your average user has nine SaaS applications. So there's a tremendous, uh, sprawl. And obviously everybody talks about shadow it and the number of SaaS applications that are in the market. Uh, and many organizations haven't put in place parameters that require those individuals. It might be a business owner. It might be the head of marketing that picks a CRM tool that they want to use, or a collaboration tool that they want to use. Uh, that just goes puts their credit card down and starts using it, but doesn't realize that there's a risk to that data and that they've actually created a risk to the organization. So, um, you know, making sure that those elements are in place is also important. I would think that with this shadow, it sprawl, you'd end up with, uh, some compliance issues as well. It's not simply just the security risk, but you've now, uh, worked your way into a situation where you're not compliant with any number of country specific or vertical specific regulations. Yeah. And that's often the case, even with things like QuickBooks in particular, we find that many customers, uh, depending on the industry they're in, actually are required to have a second set of that data residing outside of that SaaS application in order to be compliant. So this is something they just have to check off in any case. All right. Tell tell us where. And I'm curious. And maybe a lot of people on this call curious, uh, where, uh, an MSP can really provide value in a service like this, you know, because you guys really cater to that, that end of the market a little bit. Uh, just from your perspective, you know, what? What value does working with an MSP provide when they're doing things like this? I mean, I think what's really important as an MSP, MSPs are looking to provide value to the companies that they're working with, keep them abreast of the latest changes in technology, latest risks. If you look at most CIOs top ten list, you know, in 2025 and beyond, data protection is on that list. So both internally and for the, you know, end customers, they're serving in educating them on the need to protect the SaaS data and the risk of that data not being available to the organization if something happens, uh, is critical to their providing the right services to the companies that they're working with, uh, and ensuring that that data really is protected, uh, is something that's core to what they do for companies. So having a limited set of services on that side by only focusing on, you know, the company's core data or, you 1 or 2 SaaS applications out of potentially six, 10 or 100. It leaves a huge gap for that end customer and for that MSP. It also leaves a significant revenue opportunity off the table. There's a lot of SaaS applications, a lot of opportunity to provide value, to differentiate from the competition and to talk to your base about new areas of of of data protection. So as an MSP, it's really critical to, you know, the value that you bring to your customer base. Right. And some of those things have to do with the complexity of. I mean, let's face it, it's not about the backup, it's about the restore. It's the complexity of getting the data saved and protected in such a way that and being able to restore it if you can. And that's not simply dump the whole account into a file and then back up the whole account from a file. Right. There's a lot of a lot of things that can go into that, that an MSP can become an expert in. Absolutely. And, you know, being able to provide more granular restore on something. Thing again. You know, if I take a juror conference, it might be a project or the latest element of a project that got deleted. I only might want to restore that. I don't want to restore the entire instance because a whole bunch of work has been done on, you know, other aspects of Jira, confluence and other projects. So, you know, being able to just restore that one piece of data or that one those core elements is also really important to the service they provide. Great, great. Quite definitely. You guys have something we talked about before. I know I just want to touch on that again. Um, when we talk about cybersecurity, because you're you're sitting at a higher level in the stack, there's a lot more at risk because there's multiple end user clients here. There's multiple things. So you've got something called MPA in addition to MFA. So we all know what multifactor authentication is. Maybe you could just tell us what MPA is again. Yeah. So MPA is uh, multi-person approval. And essentially if you look at all the different ways that you can lose data, whether it's accidental deletion, a phishing attack, whether it's, you know, a disgruntled employee or employee that's been paid off to, you know, do something malicious. We built MPA, which allows the MSP to configure up to three additional people that will be emailed with a specific period of time that they need to respond in order to allow a action in the software to be completed. So best example I can give is somebody says they want to delete a whole bunch of, you know, they want to delete all this customer's data in order for that action to complete within our software, there might be three additional people that all have to say, yes, we want to delete that data. And for an extra level of protection for that MSP, they can have external people as well, so they can have the end customer agree that they want that data deleted before they ever do a data deletion. So a very, very powerful mechanism. It protects against any kind of phishing attacks, you know, internal disgruntled employees and just, you know, accidents that might occur that, you know, could cause data loss. Yeah, I think that's really that's really going the extra mile there to say it's not sufficient for one person to identify themselves through multiple ways so that you know that one person, it's really zero trust even on that one person to say, we have to have multiple people turn the keys for for any dangerous actions to happen. Uh, and I think that even I mean, if I was an MSP, I'd even want that protection, right? I'd want to be able to say, yeah, I can't I can't even from my perspective, delete all your data or do something terrible with it. Right. You have to agree at that point. Uh, okay. So let's talk about, um, sort of coverage of SAS apps. There's hundreds and hundreds of SAS apps out there. You certainly have all the main ones that we could rattle off. Um, but, uh, you know, where, where's, where's, where's some of the new things you're adding and where's sort of the growth on that, that, that index of important apps for you guys? Yeah. So, um, there's a there's a core series of SaaS applications, I guess, that fill out, uh, an organization and many that are business critical, that don't necessarily have a solution in place or have limited solutions in place. So strategic, we're looking at, um, what are the most critical SaaS applications. Where do they play? But things like ServiceNow, Freshdesk and Zendesk as service management tools are an area of focus for us. They're not ones that we've launched into the market today. Uh, but they have so much critical data and there's a lot of value in those. And again, they're quite complex to build. So, you know, the most challenging part is really the recovery of the SaaS application and making sure you get all the elements correct so that everything is in its right place. But as you can see, there's a variety of collaboration tools, accounting tools, uh, you know, ERP tools. And we see a lot of interest in the DevOps space as well. So in the short term, these are the ones we're focused on. But there's also some really interesting sort of secondary and tertiary SaaS applications, uh, that cover unique markets, uh, that maybe don't have the same, uh, Competitive element where our competitors are going to be. You know, those are our top lists of SaaS applications, and we're focused on some of those as well. And kind of as we move to bring them into market, uh, you know, we'll begin to share what those are. But this is kind of a the current roadmap ones that we're working on, the ones that we have in place. I noticed HubSpot there with Salesforce, you know, that covers a great swath of the CRM market, right? People usually have one or the other of those, whereas sometimes we only hear about, uh, you know, somebody covering Salesforce. Exactly. Right, right. So there's very few players that are covering HubSpot. Uh, and it can do granular restore. Yeah. And that are also focused on, uh, managed service providers. Most of them are focused on the end customer direct. There's very few, uh, like us in the market. Yeah. I mean, it's not that Salesforce is going to be happy to necessarily hear that you're enabling HubSpot to be more secure, but you are enabling the end customer to have more choice and more options, and therefore the MSP to address a wider market as well. Which which is which is great. Um, so, uh, we we talked I mentioned something earlier about, you know, or ask you a question if this was a global problem. Um, you know, you guys are here in North America with us. Um, I know it's Canada, and I know there's some, some, some issues with that. But putting that aside, not getting into politics, uh, how do you cover how do you cover more of a global, global region these days? Yeah. So in June, we launched North America, uh, for coverage. And, uh, in the beginning of May this year, we have now, uh, set up our UK data center to be GDPR compliant and be able to support the UK and EU. Uh, those are our largest markets today. The top four, uh, we're global with other elements of, of a, you know, our other product. But Sasha sure specifically is covering those four core markets which today are our largest markets from a growth standpoint. Right. And there's there's more to come there. Uh, let me let me ask you this. Let me ask you a different question here. Uh, I think I've understand that this has a very quick set up time, you know, 15, 20 minutes. And you can because it's a SaaS product and you can just. As long as you have the credentials, you can start protecting your data, which is great. Uh, but, um, what is, uh, what is your sort of recommendation for best practice for someone who's. Maybe not even thought about protecting their SaaS apps or just realizing like, oh, you know. We've got these. And we thought we were protected because the vendors should be doing it. Uh, what would what would sort of be your your your first steps recommendation for someone? Yeah. So I think it's really understanding the SaaS applications they have in house. Again, many don't understand. Uh, and so, uh, you know, uh, we've partnered in the past with, uh, an organization that allows us to, uh, provide a very, very quick way of discovering all the SaaS applications that reside within an organization. Once you have a sense of that, uh, again, you can map them out against the SaaS applications that we're providing and determine which ones are most important for you to start with. Uh, you know, so again typically we're seeing it's the financial data. It's the CRM data. It's the you know, email and collaboration data. Those are typically the ones people are starting with and then expanding beyond that. But it's it's really if you think about what critical data do I need within my organization that I can't live without and that I've deleted? What would the impact be on my organization? Uh, and it's, you know, understanding that and then putting a business case together, which is generally quite simple, uh, to say, okay, let's start backing up this data. And again, because it takes 15, 20 minutes to set up, you could pick your first one, set it up, play with the tool, do do a series of backups and then, you know, do a recovery to see how easy it is to work. And then begin to expand that to the critical applications that you have. Yeah. And there's really almost no excuse anymore. Uh, Eric, I mean, people have put this off forever, just. And costs have come down. I mean, the cost of storage has come down. The cost of, you know, so the cost to protect that data is very low in relation to the impact of losing that data and the downtime the organization can face at recreating it or trying to find it or, you know, having lost three months of data. And, you know, the, you know, challenge that has with talking to customers. I don't have my invoice. Well, now we have to recreate it. We don't have the information to do it. Right, right. And and really and really, as you mentioned earlier, uh, you know, phishing is a big problem these days. I mean, this is really how people are going after a lot of these SaaS apps. They're not trying to break the encryption. They're they're they're doing the social social attacks, social engineering. It's getting getting into them. So it is it is something pretty common. Uh, and uh, you know, with things like your MPA and the rest of it, you can start to get to a very secure position with that. I really like that. Um, they're also really. Helps protect against AI attacks as well. Right, as those become more sophisticated. Right. And phishing, uh, you know, having MPA in place really protects you from that type of, uh, you know, malicious attack. This attack. And because, you know, I, I'm assuming that if you're a bad actor, you can't just figure out who the 3 or 4 people are that would need to approve to do some bad action, even if you penetrated one account. Right. There's not that information doesn't isn't laying out there for them to. It doesn't exist except within the application. You can't even see it within the application. So why is the admin. Yeah, I don't even access to see who those three people are. I can't change them without permission from others. So there's a whole bunch of elements in there that really protect, uh, you know, the whole process. I mean, this is really nuclear code level security in some cases, right? You've got this, you got this thing. I like that a lot, uh, becoming more and more critical. So, uh, that's cool. So you've got, uh, you've got, uh, new data centers, you're expanding, uh, globally. You've got some new apps like HubSpot, uh, empowering MSPs to do some more things. Sounds like there's a lot more coming, uh, soon down the down the pike, as it were. Uh, if someone wants to stay current with SAS, Azure maybe wants to look at it, kick the tires. Um, what would you point them at? Yeah, they go straight to SaaS. Com and set up a free trial. So a 15 day free trial that they have. And you know, for anyone who watches this, I'm happy to pick a SaaS application and offer a 60 day, uh, you know, free usage of it to make sure they like it. Uh, see the value that it's going to deliver, uh, and, uh, move into billing relationship after that. All right. There you go. You got a 60 day offer. Just for you, Mike. Just for you and the people. Just for our. Viewers. Uh, thank you so much. Special offer. Use my use my discount code, Small World Big Data 15%. Whatever. Anyway, uh, thank you so much for being here today, Eric. I appreciate you coming back around and keeping us updated on what's going on in the SaaS business. Saas protection business. Perfect. Always a pleasure. Thanks so much for having me. And I look forward to talking to you again soon. Okay. SaasAssure.com check it out.
