Updated: Jan 12, 2021
More than 82% businesses worldwide are moving their workloads to SaaS solutions on public clouds to take advantage of unprecedented reliability, security and scale.
However, there are some organisations, who are very sensitive to data privacy and would like to maintain FULL rights and control over their data.
These are the organisations who end up choosing in premise solutions vis-a-vis cloud solutions since it gives them full physical control over their data.
The “proximity” and “visibility” of their data gives them the trust and confidence that they own and control their data.
According to Thales 2018 Data Threat Report, many organisations are concerned over shared infrastructure vulnerabilities and also a lack of control over where data is processed and stored in cloud.
However, such organisations tend to lose out on the enormous benefits which come with SaaS solutions delivered via the cloud.
Is there a way to get best of both worlds – Complete Data Privacy while still using a SaaS on public cloud?
Mr. Sunil Uttam, Co-founder and Principal Solution Architect at Mithi, will discuss how you can achieve this balance by bringing your own key.
In this webinar, we will cover:
Recap of the benefits of SaaS on cloud
What is a Dedicated Private SaaS
What is BYOK
How Vaultastic’s Dedicated SaaS works
Questions asked during the webinar
How can confidential mails be stopped from getting stored in Vaultastic?
Vaultastic archives a copy of every mail that is sent and received, it does not understand if a mail is confidential or not. So if you want to stop a confidential mail from getting archived, then you will have to go to your primary mail platform, let’s say Exchange or Office 365 or G Suite, put some rules which tell the system to not journal mail of a certain type. However it is difficult to find mails like this and therefore we suggest that you archive all mails, as Vaultastic has a tamper proof vault making sure that no mail will be deleted and can be accessed on demand.
How is Skyconnect/Clrstream compliant with Dmarc for Spoofing?
This is a standard part of onboarding and we do it for all our customers. Let’s say a customer is hosted with us, so we would do a Dmarc configuration on the inbound path, which means we will tell our mail scrubbing engine, that for repetition checking and for checking the logs of a sender, a Dmarc, Dkim, Spf check should be done, which will flag the sender of the email to our customers either as a spammer or of ill reputation.
On the outbound path what we do is, on our customers Dns, we put the Dkim and Dmarc signatures and inform or configure our outbound routers to attach that to the email which is being sent by your users, or our customers or end users of our customers, and those when they are received by the receiver, the Dmarc check will be done and they will be seen as high reputation authorised email for your domain.
Can you deploy Vaultastic on my in premise infrastructure in my data center?
Unfortunately, this is not possible. Vaultastic is a cloud only app and would need to be deployed on an AWS cloud infrastructure stack. We would urge you look at this: Why In-premise deployments have several drawbacks compared to the cloud.
Is there an intelligent searching option to search specific data at the earliest?
Yes this is one of the key features of the product. Once your mail is into Vaultastic, each user gets an ediscovery console which works at multiple layers, so the user will be able to discover their own mail, the manager will be able to discover team mails and the top management can discover anybody’s mail, so they can do a search across mailboxes. This is highly intelligent, you can search on keywords and various other parameters, a boolean combination. Searches can be saved as well to run them repeatedly, to look for reports for example.
What will the customers role be in this setup?
This solution is a fully managed dedicated service, and your role is to simply administer and consume it. You will be in charge of the encryption keys.
What happens to the data after the subscription period is over?
The data belongs to you, you have full control over it. As a policy, Vaultastic provides an arrangement in the SLA itself, so we will give you tools to convert this data in the format that you need.
Do transactional mails also gets stored in Vaultastic?
We use SES for transactional mails.
We propose that you should archive transactional emails as they are proof of activity performed by your organisation with the customer. So we will archive all the mails given to Vaultastic.
Is journaling mandatory for archiving in Valutastic?
Yes, journaling is the only way by which you can tell a primary mail solution that mails need to be archived to this location. For example, if you are using Exchange, you will need to configure the journaling capability, telling the exchange server that whenever mail is sent or received, one copy must be diverted into Vaultastic.
Is there a way to experience Vaultastic without signing up?
Yes, we have a live demo account, using which you can get access to a pre populated Vaultastic account, play with it and get a complete feel of the admin interface and self service portal which is available to the end user, with the ediscovery and export function there too.
For a dedicated SaaS Solution, who will pay the cloud vendor for the infrastructure?
The bill will be sent directly to the customer who will pay the infrastructure bill directly to Amazon using a pay per use model. As far as Mithi is concerned, there will be a recurring cost to the software as well as to the management and monitoring service, so this is how the Bill of Material will play out.
Can I use a dedicated SaaS service to upload any historical data I have?
Yes of course, once the setup is configured, Vaultastic will provide tools to upload the historical data and these tools will work with your dedicated setup as well, because it is almost as good as a shared setup, except it belongs to you.
What is BYOK?
Byok is an acronym for Bring your own key. So technically it means that, when you configure a storage on your own Amazon account, which will contain all the email and data, you will keep the keys with you. We will lock the data for you and then the keys shall remain with you. This means that nobody but you can have visibility on your data. While the vendor might be managing it for you, they cannot see what is inside that storage.
Is the hardware your own or borrowed from AWS?
The infra you will rent it from AWS, using your own AWS account and pay a monthly bill as you use. We will help you with how many servers to rent, what kind of storage to rent, and do the deployment for you. But it will be in your account and control and you will be the owners of all that infrastructure.