Barracuda uses Azure to develop a cloud-native service for discovering sensitive data

Headquartered in Campbell, California, Barracuda provides email and data protection and application, cloud, and network security to more than 220,000 customers around the world. A Gold competency member of the Microsoft Partner Network and founding member of the Microsoft Intelligent Security Association, the company also provides on-premises and cloud backup solutions. The company recently developed a new cloud-native solution, Barracuda Data Inspector, which provides advanced data protection in Microsoft 365 and makes it easier to maintain compliance.

Data Inspector uses Azure services and AI to find personally identifiable information (PII) in documents, compressed archives, images, and other files that are stored in OneDrive and SharePoint. This helps organizations maintain compliance with policy requirements on how to handle sensitive information. Additionally, Data Inspector flags malware, ransomware, and other cybersecurity threats. 

Visibility into what sensitive data is stored where

Barracuda developed Data Inspector based on customers’ interest in not just backing up data, but also understanding what kind of data they have and where it’s stored. “Backing up data is a little like creating copies of bits and throwing them on a truck to store them somewhere for safekeeping. If you need to get them back, you drive them back over,” says Alon Yaffe, Vice President of Product Management for Data Inspector at Barracuda. “But it’s not just an opaque container carrying bits around—there’s personal and financial data in there. To intelligently protect and secure data, you also need to know what that data represents.”

Customers can use Data Inspector to review redacted documents that contain PII, and the data is listed by type using pre-configured tags, such as names, addresses, phone numbers, Social Security numbers, and credit card information. Data Inspector can be configured to discover data relevant to requirements in specific countries, and the app recognizes varying formats for driver’s licenses and healthcare IDs in different territories.

The interface is simple and intuitive. After signing in with their Microsoft 365 credentials, administrators can quickly view what types of sensitive information are being stored and where it’s located. They can also identify where the sensitive data appears in the documents. While it’s important for a compliance team to know that documents have sensitive information such as PII or credentials stored in plaintext, Data Inspector presents redacted previews to minimize the further spread of this information. Customers can also use Data Inspector to discover custom keywords, such as internal project names that shouldn’t be shared outside of their organizations.

Built on Azure from the start

“Our primary customers and partners are Microsoft users, so when we first started designing the solution, we chose to use Azure as much as we could,” says Andy Blyler, Vice President of Engineering for Data Inspector at Barracuda. “If an Azure service can perform or augment a function that we need, we use it.”

The solution relies on a core set of Azure services, including Azure Cosmos DB, Azure Blob Storage, Azure Functions, Azure App Service, Azure Kubernetes Service (AKS), Azure Pipelines, Azure DevOps, Azure Front Door, and Azure Content Delivery Network. To extract text from images, Data Inspector uses Azure Cognitive Services and its optical character recognition (OCR) capabilities. OCR is also used for redacting sensitive information in the solution’s interface. “OCR determines exactly where in a document the categorized sensitive text is located so that Data Inspector knows what to redact,” says Yaffe.

Using all these Azure services, Barracuda was able to get to market faster and invest engineering resources in building customer value into the solution. “Data Inspector is a great example of a product that from day one was designed and built on Microsoft Azure,” says Yaffe.

An agile approach to launching a security product

Data Inspector was built from the ground up in collaboration with Microsoft, and the initial version was developed in only nine months. The cloud-native app officially launches in the fall of 2021, and Barracuda intends to add features, types of remediations, and increasingly granular rules to automate actions based on the results of the scan.

The road map includes the ability to control which data classifications trigger alerts and to flag alerts that aren’t valid. As the product evolves, organizations will be able to create playbooks for different scenarios where users can be prompted to move certain data to different locations. “The vision is that compliance teams won’t even have to intervene,” says Yaffe. “At the end of the day, the best way to solve the proliferation of sensitive information is to train users.”

For Data Inspector, Barracuda tried a new approach for bringing the product to market. “We released Data Inspector for customers to experiment with almost as soon as we had a minimal viable product,” says Yaffe. “It was really interesting because we got immediate feedback about what else customers wanted to do with it, such as what kind of reports and dashboards they’d like to get. That feedback helped create an organic road map for enhancing the product.”

As Barracuda continues to iterate the product, the company will continue to collaborate with Microsoft as it does on many other products, says Nicole Napiltonia, Vice President of Alliances and OEM Sales at Barracuda. “Having Microsoft support tightly integrated with our engineering team means that we can build bigger, better things for our joint customers.”

Find out more about Barracuda on Facebook, Twitter, YouTube, Instagram, and LinkedIn.