Why SaaS explosion won’t last without resilient backup

image of office

Investing in Software-as-a-Service (SaaS) has become fairly standard practice within the business world. The subscription format of SaaS naturally appeals to enterprise customers due to its affordability and flexibility. And being based in the cloud has also made it ideal for the multitudes of businesses that pivoted their operations away from being office-only.

Plus, the convenience of SaaS – the vendor’s responsibility to provide software updates and bug fixes and maintain system availability has given IT leaders one less thing to think about. These tools have been critical to supporting organizations’ wider digital transformation efforts by making applications and data accessible from anywhere.

However, IT leaders can’t rest on their laurels become complacent and assume that just because they’re using SaaS tools, their data will always remain available and protected. While SaaS providers may have service level agreements in place around maintaining availability and uptime, the responsibilities around data protection, backup and what happens if a breach happens can be less clear. Administrators are not always aware of the need to take responsibility for their own third-party backup, or even simply ensuring that their data is adequately protected.

Build-in backup is proving a false sense of security

Today, many businesses are operating under the misconception that built-in backup is enough to sustain long-term data security. This view has been formed from the perception that backup systems don’t go down – and even if they did, it would be the vendor’s responsibility not the businesses.

For example, users of Microsoft 365 rightly assume that any outages involving applications, network controls, operating systems and physical networks will be managed by the SaaS provider. But the largest number of outages don’t come from SaaS providers themselves – instead accidental deletions, misconfigurations or bad actors gaining access can all deliver the same unfortunate end result – data goes missing.

Without a robust backup, your data could be gone. In some ways, SaaS tools are like using a rental car – the provider makes sure the car is fueled, clean and ready to go, but once driven off the forecourt, it is the customer’s responsibility.

Have a clear plan in place with your vendor

There’s sometimes a feeling of passing the reigns of responsibility to a vendor once business leaders have signed on the dotted line of a SaaS subscription deal. It’s true, the vendor will probably have a greater ongoing input into your SaaS solution’s performance. However, you need to view this relationship as a collaboration rather than purely outsourcing.

While IT decision-makers understand the benefits of shifting responsibility for deployment, upgrades and shifts incapacity, many don’t realize the actual responsibility of the data usually remains with the tenant. SaaS vendors typically leverage a shared responsibility model that spells this out clearly.As a business begins to invest in

SaaS tools, it needs to keep the channels of communication wide open with their vendor. Roles
and responsibilities need to be clearly defined by providers, so nothing falls through the gaps
due to misunderstandings or miscommunication.

These conversations should also cover disaster planning – not because of a need to assign blame – but to have a well-honed system to respond to a data protection incident. Regardless of how good your security is, falling victim to an outage, data breach or other cybersecurity incident is usually a case of when, not if. This risk extends to the backup data an organization might keep themselves. Veeam’s 2022 Ransomware Trends Report, for example, has found 72% of organizations surveyed globally had partial or complete attacks on their backup repositories.

Formulate a backup strategy

Here are the considerations all organizations must consider in developing best practice data protection strategies:

  1. Prepare your systems for
    a data breach. This will entail strategizing with your vendor and disaster planning by assessing where the weak points lie, and bringing those up to standard wherever possible.
  2. Keep in mind that businesses are only able to recover 64% of their data on average following a ransomware attack, according to Veeam’s 2022 Data Protection Trends report. So, assume the worst, and plan accordingly.
  3. Check your storage and backup measures against any relevant compliance regulations because some SaaS tools may not automatically comply with what’s required within your region. For instance, SaaS tools usually back up data for 120 days which is insufficient in areas where regulatory boards require businesses to hold onto data for several years. If you haven’t backed it up, it’s too late to restore it once it is deleted.
  4. Be clear on who is doing what. What’s your vendor’s shared responsibility model? You must be able to know where your data is always, and who is actively overseeing it.
  5. Before you begin integrating a SaaS backup solution, first determine how you would leave that vendor by negotiating exit strategies upfront. You don’t want to end up in a scenario where your data is being held hostage at a price point they suddenly determine after you inform them you want to leave. SaaS’ continued growth means that it is likely to remain a significant way organizations of all kinds manage and run their IT, and
    by extension, their critical day-to-day operations. As such, it’s worth businesses dedicating time to understanding how to keep their data protected – as well as adjust processes accordingly. Thankfully it does seem this is starting to happen in the UK, with the 82% of UK businesses who say they’re planning to increase data protection budgets over the next 12 months, according to Veeam’s Data Protection Trends Report 2022.
  6. The ongoing support of vendors is probably one of the biggest benefits of SaaS. However, don’t get caught up in the positives of SaaS by forgetting that accountability for data security will always lie with your business. So, relying on built-in backup is not enough – back up your built-in solutions and save yourself a headache further down the line. Your business-critical information deserves no less than Modern Data Protection to keep it backed up, recoverable and secure – regardless of the environment, it lives in.

By: Dan Middleton, Regional VP UK&I, Veeam Software

Why low-code is the best code

TBT Newsroom • 12th June 2022

According to Gartner, over 50 percent of medium-to-large enterprises will adopt low or no-code platforms as part of their overall IT strategy by 2023. Low-code platforms are increasingly popular because they help organizations to deliver capabilities faster, reduce reliance and pressure on the workforce and are simpler to understand.

Classroom management software supporting teachers through flexibility

TBT Newsroom • 11th June 2022

Despite educators’ best efforts, the digital transformation from in-person to online and hybrid learning certainly didn’t go off without a hitch. The sudden onset of the coronavirus pandemic forced schools to scramble to change their systems overnight. While many schools rushed to purchase online education technology tools, few had the foresight to invest in reliable...

The Four Key Steps On Purchasing Cloud Software

TBT Newsroom • 10th June 2022

Following the COVID-19 pandemic, digital transformation efforts have accelerated across the majority of industries with businesses being forced to make alterations to their usual working routines in next to no time. What’s more, remote working made it apparent that legacy systems were no longer up to the task for businesses to operate in an effective...

APIs: What are they and how can we embrace them?

TBT Newsroom • 07th June 2022

Gravitee.io is a leading open-source API platform, enabling worldwide developers and business users to build, manage and monitor their APIs. As a team, we are driven by the purpose of giving customers the ability to manage synchronous and asynchronous APIs securely. We started out as an open-source product and still follow an open-source first ethos...

N-able Introduces Cove Data Protection

Chris Groot • 05th May 2022

N-able, the solutions partner helping IT services providers deliver security, data protection, and remote monitoring and management services, today announced the launch of Cove Data Protectionℱ, the cloud-first data protection-as-a-service (DPaaS) solution that modernizes data protection for business-class backup and disaster recovery.