Data management vendors Druva, AvePoint and Rubrik have begun offering guarantees that will recoup the costs of data that cannot be recovered, although analysts advise customers do their due diligence when signing up.
Customers of such vendors can often choose to add a data resiliency guarantee as part of a larger cloud security offering. Many of these guarantees cover data loss due to incidents including ransomware, personnel error or application failure, and they are often free with the purchase of or subscription to a service. If a customer experiences data loss as defined by the agreement, the vendor will make a payout based on recovery incident expenses.
Guarantees range from AvePoint’s $1 million up to Druva’s $10 million. Infinidat and Rubrik also offer similar guarantees, and Dell plans to roll out its own in January. Druva has reported customers in the double digits since it began offering the agreement in August.
Phil Goodwin, research vice president at IDC, said these guarantees have become a differentiator in cyber recovery offerings.
“Cyber recovery and cyber attacks are such big concerns now that IT organizations are looking for anything and everything that can help them in their defense against those kinds of attacks,” Goodwin said.
But analysts also sounded a word of caution about such guarantees, saying that for customers to reap any benefit, they need to read the fine print.
More than half (58%) of the IT and cybersecurity professionals surveyed reported that data recovery testing is part of their ransomware plan, according to research from TechTarget’s Enterprise Strategy Group. In addition, nearly 9 in 10 organizations are concerned that their backup copies could be corrupted by ransomware attacks, with 43% reporting that they are very concerned.
Data resiliency guarantees provide another way in which disaster recovery and data backup vendors are addressing those concerns.
AvePoint’s agreement launched earlier this year as part of its Ransomware Protection Toolkit. A customer must purchase AvePoint’s Ransomware Warranty as part of a subscription to its AvePoint Cloud Backup service. Customers pay a price for the guarantee, but the vendor declined to disclose the amount.
There are services customers can purchase to prevent a ransomware attack, but they should also consider options such as guarantees if these services fail, according to John Hodges, senior vice president of product strategy at AvePoint.
“This comes from ransomware where encryption takes place, not all of a sudden and having one big attack, but something that takes time,” he said.
To be eligible for Rubrik’s data protection warranty, customers must purchase a subscription to Rubrik’s Enterprise Edition, the company’s ransomware remediation offering, or be using Rubrik Cloud Vault, its fully managed cloud service. Customers also need a subscription to Rubrik’s Customer Experience Manager (CEM) service. The CEM provides a monthly check to confirm proper configuration and adherence to security best practices, according to the company.
Rubrik Enterprise Edition tiers start at 250 TB for $250,000. Rubrik Cloud Vault customers start at the same minimum data requirement and need subscriptions to both the Enterprise Edition and CEM service to quality.
For Druva, the guarantee is available to those customers that purchase the Security Posture and Observability license, a SaaS offering. Existing customers are eligible if they satisfy the program criteria.
Stephen Manley, CTO at Druva, said the company’s guarantee was a way to compete with its larger competitors. It offers coverage up to $10 million and covers against cybercrime as well as human, application, operational and environmental risks. Long-term data retention is also part of the deal.
“We’re also going to guarantee that that data can’t be leaked, compromised, exfiltrated — anything to that effect from the cloud,” Manley said.
Marc Staimer, president of Dragon Slayer Consulting, said the guarantees are an attempt to create a level of assurance for customers. If customers take the time to review the guarantee, he said, they’ll learn under what circumstances it applies and what the vendor will do if it fails. He added that payouts aren’t likely to be more than what the customer pays for the overall security service, and that to receive a payout, documentation showing the software or system didn’t meet the terms of the guarantee would be needed.
“There’s nothing wrong with the guarantee — it makes it seem like the vendor has more skin in the game and faith in the product,” Staimer said. “It’s a good thing, but you need to read the fine print.”
For example, he said, many guarantees don’t cover data loss from phishing, a form of fraud in which the attacker pretends to be someone else in an email or other form of communication.
Cohesity, another disaster recovery vendor, echoed the point in a blog post last month. The vendor, which does not offer a guarantee, urged customers to “read the fine print,” noting that many guarantees don’t cover data loss due to malware introduced by a third party or personnel through a breach in system security, and that customers have to meet conditions and requirements to qualify for a payout.
According to Rubrik’s agreement, data loss due to malware introduced by customer employees, vendors and contractors is not covered. AvePoint’s agreement requires that the customer comply with security measures to receive a payout, such as maintaining up-to-date endpoint security, including antivirus protection, and implementing security measures and AvePoint-approved best practices.
IDC’s Goodwin added that it’s important to understand a data resiliency guarantee is more like a warranty than cyber insurance, which helps reduce financial risks associated with doing business online. He said both are a good idea, and it’s important to understand the details.
“There’s certainly opportunity for misunderstanding on what is covered and not covered,” Goodwin said.
Dell adds a new appliance, expanded cloud support and backup target as a service to its data protection portfolio. Soon it will …
Cohesity has formed a Data Security Alliance of 12 companies and will launch its DataHawk security service in early 2023. Both …
Calamu and Wasabi have partnered to combine Calamu Protect with Wasabi Hot Cloud Storage, which is now available.
Scality Ring introduces its ninth major update, bringing an all-NVMe tier for better performance and new APIs for tighter …
Dell brings its software-defined storage PowerFlex to AWS. The new offering is part of its Project Alpine initiative to connect …
Seagate has added to its multi-actuator line of Exos 2X HDDs, now offering up to 18 TB in capacity in its attempt to start paving…
Threat actors with the Black Basta ransomware-as-a-service group are compromising networks in as little as one hour and stealing …
Google’s YARA rules detect cracked versions of Cobalt Strike’s older releases so that legitimate instances of the red teaming …
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them.
The potential for metaverse projects exist across a range use cases. Here are enterprise-focused and consumer-focused examples …
Bayer global head of compliance and data privacy Thomas Pfennig discusses LPC Express, an automation project for law, patents and…
It’s early days for metaverse platforms, especially those geared for the enterprise. Here’s what to know and which platforms to …
All Rights Reserved, Copyright 2008 – 2022, TechTarget