Episode 74: The Data Safety Net

Why Securing And Managing Data Is A Shared Responsibility

Historically, recovery processes have been things you execute as a matter of last resort, when you've really lost something bad. We're trying to change that and say, “look, it's actually about keeping your data healthy and accurate, and doing what it needs to be doing for the business”. And that means it should be easy to recover 100 records.

Adrian Kunzle, Head of Product and Strategy at OwnBackup joins Nick White on The Power of Data Podcast to discuss the importance of having a data safety net in business to ensure better data protection and recovery practices. They also explore managing data health and why securing and handling data is a shared responsibility.

Listen or click on 'subscribe' below for links to subscribe directly via your favourite podcast platform, including Apple, Google and Spotify.

(Please note that this podcast was recorded remotely.)



If you’d like to join us on the Power of Data podcast or have suggestions for potential guests, please get in touch from the button below.

Get in Touch

Read full transcript

The Power of Data Podcast

Episode 74: The Data Safety Net

Guest: Adrian Kunzle, Head of Product and Strategy, OwnBackup
Interviewer: Nick White, Head of D&B Accelerate, Dun & Bradstreet

Nick 00:00
Welcome to The Power of Data Podcast. My name is Nick White and I head up D&B Accelerate. Today I'm thrilled to be joined by Adrian Kunzle, Head of Product and Strategy at OwnBackup. How you doing today Adrian?

Adrian 00:10
I'm great, Nick, great to be with you.

Nick 00:12
Good, welcome. You've spent 20 years developing software and shaping technology strategies for complex global corporations. Can you provide our listeners with a little bit of your history and career to date, and a bit of background to OwnBackup for those who might not be familiar?

Adrian 00:26
Absolutely. If you don't mind, I'll do that in reverse order: I'll start with OwnBackup, and then give a little bit of my history. So OwnBackup was founded about six years ago by some very smart guys in Tel Aviv, really off the back of a set of requests, they were getting to help these people get the software-as-a-service data back. Ariel, our CTO and his team were running a traditional data recovery service, you could ship them hard drives and SSD cards and things like that and they'd help you get corrupted data off of them. And because they offer that service, people started saying, “hey, look, I've lost a bunch of data at Salesforce or Microsoft or whatever. Can you help me get that back?” And of course, his answer had to be no, because you can't give me the hard drive, this is a piece of SaaS software. But it got him thinking. And he ended up building the first version of our recover product, and then hooked up with Sam Gutmann and Ori Yankelev; formed OwnBackup, as I say, about six years ago. And we've grown it from there, we now have three products, we have our recover product, which is the traditional backup and recovery solution, we have an archiving product, and then we have a sandbox seeding product, all for Salesforce at this point in time. I joined the company a little over 18 months ago, as head of product and strategy, I've been able to build out a product team, Ariel and crew have built an incredible product without any product management, which I think is outstanding. But I've had the privilege of being able to build a proper product team as we grow the company. I also run product marketing, corporate marketing, and also our business development function. So yeah, having an absolute blast. Prior to OwnBackup I spent seven and a half years at Salesforce, I joined back in 2011, really with this idea that Salesforce at the time was a great divisional play, software-as-a-service play, but not really enterprise grade. We'd been trying to use it at my former employer, JP Morgan Chase, and it missed some things and I spent some time talking to Salesforce about what those things were and I very fortunate to have the opportunity to then spend seven years trying to fix a lot of that. So introduced the Shield suite, which is a really enterprise grade encryption and business activity monitoring. Built a bunch of data integration capabilities, reengineered the developer experience, and then at the end of it, we launched a kind of real-time eventing system. I think we've seen the adoption of Salesforce in many more mission-critical situations and larger organizations, because of a lot of what me and my team built. Prior to that I spent almost 15 years at various incarnations of JPMorgan Chase, building technology solutions for the bank. My last role there was as CTO and we actually built a bunch of shared services that the goal of which was to make development in a relatively federal organization more efficient, easier and cheaper by solving some of the core underlying problems once and having different divisions we're using. So that's me.

Nick 03:29
Great. What was it that attracted you most to OwnBackup in the first instance?

Adrian 03:33
I'd actually known Sam and Ori and Ariel for a while. Salesforce was an early investor, because I was the platform product lead, I was kind of the executive sponsor for that investment and worked closely with Ariel, particularly on kind of helping them think about the product in the context of Salesforce and where Salesforce was going with its platform. And so when I started looking for more what was next for me, career wise, there's a number of things that fit just from the a size of company and a phase of growth that I hadn't experienced in my career before, which was exciting. But the thing that really tipped it over the edge is that when you think about what OwnBackup has in the recover product, we are custodians of really the full history of how an organization has evolved from a sales or service perspective over time. You don't actually have all that historical data in Salesforce, and that we they really think of as a unique opportunity to not just help people protect their data, but actually to derive significant amounts of value from it, because they can go back in time and see how things have changed and understand that change and start to run. Whether it's just straight algorithms or artificial intelligence or other things on that information, to hopefully become a smarter company. And that opportunity I think is huge.

Nick 04:58
Yeah, and relatively unique as well. Thanks, Adrian. During your time at Salesforce, and now OwnBackup, you've witnessed firsthand the incredible growth of the software-as-a-service sector, in your mind, what makes these platforms so valuable and appealing to companies? And do you expect this growth to continue for the foreseeable future?

Adrian 05:17
I think the last 18 months has been particularly interesting in this space. Software-as-a-service brings incredible capability that's very easy to acquire quickly to the table. I think we all thought initially that it was going to be really, really easy in the long term. And I think we've started to learn as people have leveraged software-as-a-service, that it does take a lot of curation and a lot of thought and care to keep them running well, and to keep them solving business problems. But, you don't have that initial huge expense outlay of building a piece of software yourself, or installing and acquiring and installing a piece of on-premise software, it's really quick to get going. So the bulk of your investment becomes how do you make that software-as-a-service product, do what you want for business, which, you know, I think a lot of CIOs have realized is a much more efficient way to invest. It’s a much closer relationship between the spend and the value you're getting compared to traditional software. But I think in the last 18 months, what we've seen is just how scalable and available these things are, as people have had to completely rethink how they're running their businesses, and whether that's forced them to make a transition towards a digitized business, or whether they are already there, and they’re now just having to think about where their workforce actually works from. I think we've seen a strength that was always lurking under the hood, but as is now really become critical is this just availability of software-as-a-service products. The uptime, the availability via mobile devices, the availability from outside your corporate network is really I think, enabled - and we've seen this with a lot of our customers - has enabled people to turn on a dime with this horrible situation of a global pandemic, and really enable their businesses to continue functioning when people are working in all sorts of different places now. I really don't think that when you look at on-premise software and other things, there's been a lot of scrambling to make that available to employees, and just the efficiency without sacrificing the customizability of software-as-a-service has really come to the fore. And we think that it's going to change the thought processes of CIOs from software-as-a-service be one of the things I think about as I rebuild my customer engagement system. Two, which is the best software as a service, customer engagement system, should I pick? I think the idea of building a lot of the stuff on-prem now is probably in the past.

Nick 07:52
I would agree with you there. It brings me nicely onto the next question, which is you have the opportunity to speak to a lot of CIOs each day, how have you seen their priorities change over the course of your career?

Adrian 08:03
Greatly. You know, I think back early on in my career, where the CIO was the guy worrying about data centers and machines, and in certain forward-looking companies, they get consulted by the business, but they were really a service provider and I think the last 15 years, we've seen that completely change. The CIO is now often in both sitting around the executive table, often spending time in the boardroom as well. Many, many businesses have been fundamentally transformed to be driven by digital and that has brought the CIO front and center into the equation. But that's come with some risk. With that enhanced attention where the business is really relying on these systems to deliver. We've also seen this ever-increasing regulatory environment, both regulatory and need to secure a lot of the data as well as the cyber threats increase. Now, you've got a CIO who is incredibly busy trying to balance the need to look after the data appropriately, comply with data privacy, to protect the data and make sure that cybersecurity stuff is up to speed, as well as dealing with the insatiable demand or the business for enhancements and change and new capabilities. And then ultimately, now, unfortunately, technology likes to go through marketing themes, this whole idea of AI and analytics, now you've got the business, calling on the CIO to give them all this insight about how the business is running, which is a lot to have to think about and is putting a lot of, I think increased strain on the CIOs these days. And SaaS I think is helping take some of that off as this idea of the shared responsibility model and that there is some stuff you can share with the SaaS provider and let them worry about which means you have to worry about a little less as a CIO. It's been an incredible transformation to see them come out of the data center and really move into the end of the boardroom, in many regards.

Nick 10:05
Yeah, absolutely. And one thing we didn't touch on there was the implications of moving to the cloud, which is obviously keeping a lot of CIOs awake at night. The key thing here that I wanted to talk about was that software-as-a-service is helping organizations to generate a huge amount of data. And as the volume and velocity of data continues to grow, how do you see companies like Salesforce, Microsoft and other SaaS providers approaching simple things like data governance?

Adrian 10:32
That's a great question I touched a little bit on it around this idea of the shared responsibility model, I think that what these large SaaS companies provide you with is absolutely incredible. That you've got certainly in the case of Salesforce, you've got a full redundant copy of your system running in another data center that they can fail over to, really quickly. I think four copies of the data swirling around in various different forms are incredible levels of resiliency, and some pretty significant functions they built into the application these days around governance. Take, for example, data privacy, within Salesforce, you can tag fields as ones that contain PII, and then the system can reason about those and recently launched a privacy center from Salesforce that helps people manage consents and other things with their customers. So I think what we're seeing is one of the great benefits of SaaS is when a company like Salesforce is selling to a bank, for example, it has to have an enterprise grade product, but the small little business up the street gets all the same capabilities essentially, if they buy Salesforce as well. So it's kind of the way SaaS is delivered, as this uniform piece of software is helping to raise all boats, not just in the functional capabilities of the software, but also in the governance space.

I think the big thing that we talk a lot about at OwnBackup with our customers is this idea, though this shared responsibility. You've definitely handed over certain pieces of governance to the SaaS provider, right? They're responsible for the network, they're responsible for the storage subsystems, they're responsible for the applications running the OS that it all runs on. And that's all great because that’s things CIOs don't have to worry about, but they're not really responsible for the data that you put in, and that has been a huge asset out of the gate and has helped CIOs adopt because one of their concerns is always “okay, but if I'm putting my SaaS data in with other people's SaaS data, how do you keep them separate?” So that story of “it's your data, we can't see it” has resonated very well with CIOs. What wasn't really followed up on though was, you're responsible for putting it in that you're also responsible for keeping it in that. And you're also responsible for setting the locks on the front doors appropriately. We’ll give you the locks, but you've got to make sure it doesn't have the 1234 combo code on it still. So there's all this, there's all this stuff in the SaaS applications itself, that is that is configuration, that is ensuring you've got the right people they have that they can access it, they can access the right data. And that the data you put in there stays in there, and its appropriate form. And this this shared responsibility model is something that CIOs are really only now in the last five years or so are starting to get to grips with. And for it to be expressed in their policies, right part of this is a lot of policy evolution. These large companies have all these information security policies that have been forged in an on-premises time, and it's hard to change those, it takes a lot of thought. And that's really the process we're in right now, people are re-forging those policies around “well, what are we actually trying to achieve with them?” And what does that now look like in a shared responsibility model? So there's a lot of evolution going on, as people learn to adopt SaaS software properly and appropriately.

Nick 13:51
Amazing. And one of the things I'd like to get your perspective on now his data still manages to get lost or corrupted in SaaS. And I just wanted to really see what your what are the common causes you're seeing from own backup customers, and other vulnerabilities and threats on the horizon that companies should be starting to think about?

Adrian 14:10
Yeah, great question, we run a survey to keep our hand in where these issues are coming from and by far and away the most prevalent one is simply human error. You know, you've got Sales Cloud, it's kind of running on a platform which is what allows for the configurability. These platforms are incredibly powerful. And you have users in there that have a lot of power, the administrators and other developers and things, occasionally they make mistakes. So we definitely see people who will, you know, run a query that has got an error in it. We had one customer that was going through a relatively regular process of reallocating all the opportunities from an account executive who’d just left to a new account executive, and they accidentally allocated every single one of their opportunities to that new account executive. And that's something that's really hard to recover from. You've taken 100 things that were assigned to 10 people, and now all 100 things were assigned to one person, you don't really know, you can't remember who had what, but you'd have to go around to the AE's and say, “hey, which were your accounts”, and try and recover them all. And that was relatively easy for the customer fortunately, they’re an OwnBackup customer to recover from by using our compare and recovery tools. So human error happens a lot, integrations - automatic jobs running in the background, schemas change, data changes, suddenly 10,000 records get deleted by mistake or you know, have a unique identifier put into the name code so now, you don't actually know what the record is, who the company is, things like that happen. Insider threats is definitely up there on the list, that we definitely see, you know, customers recovering from employees that are angry, and do some malicious damage. And then increasingly, we're starting to think about ransomware threats and obviously, that's another area of shared responsibility. I certainly know for a fact that Salesforce spends a lot of time worrying about that stuff. But the fact that you have a clear copy in a completely different environment behind a completely different front door is very important from recovery from ransomware. So, you know, we also think about that, as our customers think about that more and more. One of the things we've tried to focus on as a business is to make a recovery system that is suitable for today's digitally focused always-on world, you know, if you think about traditional databases, you kind of have to roll back in time and with that, you get some collateral damage. Historically, recovery processes have been things you really execute as a matter of last resort, when you've really lost something bad. We're trying to change that and we're trying to say, “look, it's actually about keeping your data healthy, and accurate, and doing what it needs to be doing for the business”. And that means, you know, it should be easy to recover 100 records, right, you shouldn't have to go oh I’ve lost 100 records. But if I roll back that everybody's worked for the last day is gonna get blown up, you don't want people to have to make that decision. And the way we do recovery with this ability to compare two points in time in the past and build this precise set of data that fixes your problem, or without taking your system down, or without having any collateral damage, we think that is becoming an imperative for the days digital always on world.

Nick 17:32
It absolutely is Adrian and I think both Dun & Bradstreet and Own Backup see the value of data and what it holds for an organization. But can you believe there are still companies out there that just don't see this as a priority? I guess what I'm interested to know is what are OwnBackup doing in in the market to change the perception of some organizations where governance and protection just isn't on their agenda today.

Adrian 17:55
That's a really, really tough one. And you're right, it's, it's crazy that some people are happy to run without this sort of a safety net. A bit of what we do is do try and talk about this shared responsibility model a bit of the decision about not doing anything in the spaces is because they do think the SaaS provider has their back inappropriately. And that's predominantly not because of anything bad, but because of a lack of conversation about it over the last few years. So we do spend a lot of time talking about this shared responsibility model, as we've talked about in this podcast, trying to help people understand that no, actually, this is your responsibility, you do need to worry about it.

Nick 18:32
Why do you think that conversation doesn't happen? Do you think it's on the SaaS provider or the customer, and it's this lack of understanding or knowledge around?

Adrian 18:40
It was definitely a conversation that was generally avoided, really stemming from this idea that, “hey, it's your data, and we don't get to see it as a SaaS provider, we don't, the SaaS providers or saying it's your data so secure, there are operators can't see any of it, it's yours. And for whatever reason, nobody ever really, and still doesn't, to some degree, talk about the other half of that statement, which is, “and it's yours, and therefore, you need to look after it. And we can't help you because it's yours when you have an issue”. And some other SaaS providers have architectures that have made using traditional backup technology easier. ServiceNow is a good example, there's a daily backup that everybody's got, and people can roll back to that. But again, it's this roll back problem, so you've got to be willing to take the collateral hit. Microsoft Dynamics has a similar architecture under the hood. I think a bit of it is that people still think of it as a crisis, a solution for a crisis, when something really bad has happened. And for the most part, those really bad things like loss of a datacenter or loss of connectivity or cataclysmic system outage, the SaaS providers have you covered for. They have the disaster recovery, instance running and a lot of people - and we get this out of our survey - just the sheer number of people who don't think they're having corruptions of their data, partially because they don't look at it. They don't actually watch it. There aren't really tools for looking at even a database, but a SaaS data set and going, does this look roughly like what it should look like? Or did something happen overnight that’s bad. And you don't really get notified until a user comes along and says, “hey, I had 25 cases, I was working yesterday, and today, I've got none what happened”. And part of what our product allows customers to do is actually put on smart alerts and watch the changes of data over time and get alerted when statistical anomalies appear. Which comes back to that whole idea really, that I think customers, they've got to think of this as not as crisis protection, but as ongoing managing the health of your data. Which has always been a tough thing to think about, I think we're getting better at it now. The data privacy stuff has introduced a much stronger idea in organizations around data owners and people who are responsible for thinking about the data. It's kind of crazy when we think about how much data is the lifeblood of a lot of businesses now, how much we actually don't spend time thinking about its quality, its consistency, its completeness, and whether you've got roughly the same set of data today that you thought you had yesterday. And that's all conversations that we have as well, trying to help people understand that really, this is about giving your business the best information to make the best decisions that they can. And you should be worrying about these small errors, because there's now tools that allow you to fix them easily.

Nick 21:39
Great, thank you Adrian that's really interesting insights. Bringing the podcast to a close and since you're the Head of Products and Strategy, I'm hoping this final question will be an easy one. What's next for OwnBackup around innovation? And can you share some insight into the future of the business?

Adrian 21:56
Yes, you know, we've been very focused on Salesforce for the start of our life. And we are in the process of changing that. As other SaaS platforms that are developing and growing, I've mentioned a couple of them along the way, things like Microsoft Dynamics, things like ServiceNow, and workday, we're seeing all the same issues appear with them, as people are putting more and more business critical data into them. And we think they warrant the same kind of quality of data protection that we can provide Salesforce. So our first step moving forward is to expand beyond just the Salesforce ecosystem, as great as the Salesforce ecosystem is, there are other people out there that we think can leverage what we offer. So we'll be doing that. We do have two other products in addition to our cover product Archiver and our Sandbox Seeding products. Archiver is pretty straightforward, it copies data out of your SaaS instance, and lets you keep it for appropriate periods of time for regulation or other purposes and relieves the SaaS product of having to have that data knocking around and clogging it up. And then Sandbox Seeding helps you build useful anonymized data sets that you can develop against, which is, as we touched upon earlier, one of the challenges CIOs have, is satisfying this insatiable desire for new capabilities that businesses are putting on them. And Sandbox Seeding helps developers build data sets that are good for testing for development for even for training neatly and concisely offer production data whilst complying with data privacy rules. So those are applicable to other ecosystems as well, that's a problem that is there with in the Microsoft space as well. So lots of excitement. There are a couple of other things we want to do. First one is, is obviously, when we think of ourselves as data protection, we think about it in from the perspective of just keeping a copy so that you can recover if you lose it, or it gets corrupted. But there are other aspects of data protection as well around who has access to the data? Is it the right set of people who's looking at it, etc. So the more what we call the security side of things, we're looking to kind of round out the idea of data protection for the CIO to include those areas as well. And then ultimately, going back to the kind of what we touched upon, right at the start of the podcast, how do we turn this data around and give it back to the customer in a way that they can actually improve their business based on it? So how do we help them use it to analyze what's working, what isn't working, and there's a lot of companies out there trying to bring artificial intelligence to this data. One of the problems they have is a cold start problem. When you first buy the AI tool, it has to sit there and amass data for a few months before it can start making good predictions. If a customer is already a customer of OwnBackup, we're hoping that they will be able to feed the AI training set with historical data right out of the gate. So we will shorten time to value for AI solutions as well. So we're thinking a lot about how do we help the customer move this backup data from an insurance policy to something of value that they can leverage and improve based off of.

Nick 25:01
That sounds very interesting indeed Adrian, and I can see some potential collaboration opportunities for our two organizations in that space, certainly in your assembled set of application and helping to turn data into a valuable asset. Thank you so much for your time today Adrian, it's been a fascinating opportunity for me to speak to you today.

Adrian 25:19
Thanks, Nick. been a lot of fun.

Nick 25:20
And thank you for listening to The Power of Data Podcast.

Adrian 25:23