Embracing Data Protection-as-a-Service Without Sacrificing Cyber-Resiliency

Embracing Data Protection-as-a-Service Without Sacrificing Cyber-Resiliency

Previously, in the second blog of our four-part series discussing key tradeoffs for IT Operations to consider when comparing options for on-premises and cloud-based data protection operations, we covered ease of use and IT simplicity, which is arguably the biggest driver to the cloud. In this blog, we will cover the overarching topics of security and cyber-resiliency – arguably the biggest barriers to the cloud.

The first item relating to this topic that needs to be addressed is the issue of data placement and localization. That is, giving up, or at least limiting, control over where data is stored, and on what infrastructure it is stored (e.g., a dedicated or multi-tenant system) when moving off-premises. Especially when it comes to sensitive data, organizations have concerns – and, in many cases, have legislation they must comply with – about data privacy and sovereignty. Simply put, data might need to remain on premises for compliance purposes. That being said, service providers are working to address these challenges, with many certifying their solutions per compliance standards such as the Federal Risk and Authorization Management Program (FedRAMP) and the Health Insurance Portability and Accountability Act (HIPAA). In addition to looking for any pertinent compliance certifications, IT Operations should look for the ability to dictate where their data is stored (e.g., specific region) and for tenant isolation.

Alongside issues pertaining to lack of control over the data environment, we see concerns around lack of visibility and potentially insecure methods of data access, when moving off-premises. Especially as environments become multi- and hybrid-cloud by default, the threat landscape broadens greatly when moving off-premises. On-premises, IT teams have full autonomy to customize their security implementations to their specific needs, and this includes access control measures. Carrying best practices of providing “least privileged access” through to the cloud or other off-premises implementations with the same diligence and expertise is important.

On the flip side, as previously alluded to, cloud service providers have been building security-related technical capabilities and security teams that are robust. Especially given the staffing and expertise limitations touched upon in the previous blog, this is potentially a significant value-add for IT Operations teams. It can help to avoid potential misconfigurations, and it can help to implement, maintain, and update best-practice security measures such as encryption, firewalls, intrusion detection, and monitoring of the environment. As threats continue to evolve, this is not a small feat.

A cyber-resiliency-focused consideration for public cloud-hosted data protection infrastructure is the cross-region replication that providers use, which effectively builds in high levels of service availability. Additionally, replication, failover and failback for disaster recovery become easier; while people and expertise are both still required to make decisions regarding the environment’s architecture, the need to purchase, deploy and manage infrastructure is eliminated.

Along a similar vein, cloud-hosted “data vault’ solutions are coming in vogue – meaning they are being actively developed and pushed by vendors, and that they are increasingly in evaluation and in use by enterprises. They offer a potential alternative to traditional tape-based solutions for physical air gapping, but naturally, warrant close consideration by IT Operations for true isolation and cyber-resiliency. I personally audited two solutions – Cohesity FortKnox, and Dell PowerProtect Cyber Recovery (which has the option to be deployed on- or off-premises) – and my resulting reports offer key criteria for IT Operations to consider when evaluating these types of solutions specifically.

Security and cyber-resiliency are top-of-mind considerations across the board for IT Operations teams, especially given the onslaught of ransomware and data extortion. In addition to considering these tradeoffs between on- and off-premises solutions, data immutability, scanning for anomalous activity that could indicate nefarious activity, and the ability to monitor and audit data usage for suspicious behavior are table-stakes capabilities to consider regardless of the specific implementation.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

How to Migrate Data Protection to the Cloud and Not Regret It

Streamlining Operations with Cloud Data Protection

Spectrum Enterprise and Cisco Give Business Cybersecurity Protection Ease and SASE Appeal

Related Insights
SaaS ERP Is Reshaping Data Access, But Can It Deliver on the Promise of Real-Time Insight?
July 11, 2026

SaaS ERP Is Reshaping Data Access, But Can It Deliver on the Promise of Real-Time Insight?

IT Convergence's SaaS ERP strategy capitalizes on enterprise modernization trends, with 84.5% of channel partners expecting AI-driven growth and the Channel Ecosystems market forecast to reach $41.8B by 2029....
SAP's Flexible Support Overhaul Raises the Stakes for Enterprise Software Loyalty
July 10, 2026

SAP’s Flexible Support Overhaul Raises the Stakes for Enterprise Software Loyalty

Keith Kirkpatrick, Vice President & Research Director, Enterprise Software & Di at Futurum, SAP's flexible support model and customer-centric approach help compete for enterprise loyalty as 74% of enterprises consider...
Can Anthropic's GRAM 'Off Switch' Make Dual-Use AI Safer Without Killing Utility?
July 10, 2026

Can Anthropic’s GRAM ‘Off Switch’ Make Dual-Use AI Safer Without Killing Utility?

Anthropic and AE Studio introduced GRAM, enabling selective removal of sensitive AI capabilities without retraining, potentially addressing privacy and security concerns for organizations adopting generative AI....
Zoom's Platform-Agnostic AI Receptionist Reshapes Telephony Competition
July 10, 2026

Zoom’s Platform-Agnostic AI Receptionist Reshapes Telephony Competition

Keith Kirkpatrick, Vice President & Research Director, Enterprise Software & Di at Futurum, Zoom's Virtual Agent Receptionist disrupts legacy phone systems and accelerates enterprise adoption of GenAI-powered customer service solutions....
NetApp StorageGRID 12.1 Scales Object Storage for AI Factories
July 10, 2026

NetApp StorageGRID 12.1 Scales Object Storage for AI Factories

Alastair Cooke, Research Director, Cloud and Data Center at Futurum, shares his insights on NetApp's StorageGRID 12.1 launch and what its federated namespace and throughput gains mean for AI-scale object...
Is Migrating from Synapse to Databricks the Shortcut to Unified AI-Ready Data?
July 10, 2026

Is Migrating from Synapse to Databricks the Shortcut to Unified AI-Ready Data?

Organizations are consolidating data infrastructure around unified platforms, with 73.6% planning to increase spending—signaling a shift toward AI-ready, simplified architectures that eliminate costly silos....

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.