StorageGuard on-Demand is not a storage product per se, but rather scans storage and backup products as part of a partner’s cybersecurity scanning, something that the storage products do not do themselves.
Today, Continuity which manages security posture for storage devices, is announcing the launch of StorageGuard on-Demand, an as-a-service variant of their StorageGuard offering, which is specifically designed for channel partners. StorageGuard on-Demand provides the availability to scan clients’ storage and backup products – something rarely done by these providers themselves – so that they can add storage and backup security posture to their cybersecurity risk assessment capabilities.
“We manage secure posture around storage arrays,” said Doron Pinhas, Continuity’s CTO, who has been at the company since Day One 17 years ago. “Our belief is that data is the core asset of most modern enterprises, and we make sure that their data is airtight.”
Continuity evolved its Availability Guard platform business seven years ago.
“We have this product that makes sure IT is configured perfectly to prevent downtime,” Pinhas said. “It’s a tough job. You have to pay twice for everything, and constantly have to move stuff, so it became chaotic with lots of downtime. We were surprised to find there was nothing out there. So we started with what is now Availability Guard, which had to be able to collect information in large scale environments with no agents. Five years ago, customers said they wanted to do this around storage security – as well as availability. Traditional vulnerability management doesn’t understand how storage works. It took about a year to commercialize this, and now it has become our main growth area.” That storage -focused platform is StorageGuard. It assesses and remediates vulnerabilities in customers’ storage and backup systems to reduce their exposure to cyberattacks – ransomware in particular.
Both platforms have common engines, and connect easily.
“That’s part of our secret sauce,” Pinhas said. “Now 17 years out, we have a couple hundred customers, typically at the higher end. They fall into two groups. One is organizations that are too big to fail, while the other is larger enterprises. We haven’t been midmarket so far.”
There is little competition in the space in this market.
“There is a significant barrier to entry,” Pinhas said. “We have been scanning complex IT culture for a very long time. Storage companies have many products with different APIs. Modelling that is very tough. The DNA of understanding how data is stored is not that simple. We do understand that, and that it is very different from traditional security.”
StorageGuard as-a-Service came about because channel partners asked for it.
“We had some channels in the past but our Go-to-Market was always a combination of direct and channels,” said Jasmine Hami, Head of Security Channels at Continuity. “Some of the channels we are working with are familiar with StorageGuard they approached us to find a way to take what StorageGuard provides and offer it as a service. This is why we launched this. It was an ask from the channel partners. They can find the security misconfigurations and gaps and come at them with security risk assessment they run on customer environments, then run on-demand scans and remediate issues for them.”
This allows the partners to provide their customers with a valuable service.
“In my old company, we ran assessments,” Pinhas said. “CISOs don’t really understand storage assessments, so the logical step for them is to bring in a trusted advisor. You can lead with a trusted advisor position, and help a partner set up a practice for secure data. A lot of enterprises are required to do regular compliance testing, not one-off scans. The next step is to build their own practice for continual assessment. This is a great opportunity where we can assist partners so that they can lead with scans and turn it into an ongoing type of service. We have made on-demand easy to use.”
“Most customers are not providing this scan on storage and backup,” Hami said. “In many recent attacks, we have seen the hacker will first try and erase backups – which aren’t covered by traditional scanning tools. Bringing this awareness to customers is a great value for the partner.”
It also makes it easier for customers to get cyberinsurance.
“Getting cyberinsurance these days is tough,” Pinhas said. “They are asked to show they have well configured and protected storage and backup environments. Our partners will be able to show this is the case, and that the customers are also able to meet national standards.”