Software-as-a-Service (SaaS) has been a primary driver of the transition to the cloud. According to the Blissfully SaaS Trends 2020 report, spending on cloud-based applications increased 50 percent from 2018 to 2019. The number of unique applications in use also increased 30 percent year over year, to an average of 137.
This was, of course, before the COVID-19 pandemic. The need to transition to work-from-home strategies has only accelerated the adoption of SaaS.
The SaaS model allows organizations to utilize advanced applications and services without implementing and managing on-premises equipment. It also enables users to access the resources they need when working remotely. However, organizations need an effective data protection strategy to maximize the benefits of SaaS and reduce the risks.
The Shared Responsibility Model
It’s easy to take an “out of sight, out of mind” approach to SaaS adoption. SaaS solutions can be implemented with a few mouse clicks and a credit card number, making it easy to try new applications. Before long, however, applications become ingrained in business processes, with large amounts of sensitive data stored in the service provider’s cloud.
Many people mistakenly believe that the data becomes the service provider’s responsibility. However, the cloud operates on a shared responsibility model, in which some aspects of data protection are handled by the service provider and others are left to the customer. With SaaS, the cloud provider shoulders most of the burden, but the customer is responsible for backing up data.
This model creates a huge blind spot for many organizations. In a recent global survey conducted by Enterprise Strategy Group, nearly 90 percent of IT and cybersecurity professionals said their organizations are using SaaS, and 50 percent expect to move all their data to the cloud in the next two years. However, only 8 percent said that they fully understand the shared responsibility model.
Closing the Gaps
This lack of clarity creates enormous risk. It’s estimated that a third of all users have lost data stored in cloud applications — with the vast majority of those incidents falling under the customer’s responsibilities. Organizations that suffer data loss due to accidental or malicious deletion, overwriting, or other errors are usually shocked to learn that the service provider can’t restore their data. What’s more, SaaS solutions aren’t immune to ransomware attacks, creating a huge potential risk.
To minimize this risk, organizations should implement robust data protection capabilities for their SaaS portfolios. These measures should provide all of the features and capabilities as their on-premises backup and recovery solutions, including highly scalable storage, flexible data retention policies, and complete visibility into the backup environment. The backup solution should enable point-in-time recovery for all data, with the ability to quickly locate and restore data needed to comply with privacy laws and other regulatory mandates.
SaaS applications offer enormous business benefits, including no capital investments, easy implementation, advanced capabilities and rapid time-to-value. It also provides users with anywhere, anytime access to the applications and services they need — a key consideration with today’s work-from-home strategies.
It’s important to recognize, however, that the SaaS subscription does not include data protection services. Technologent can help you select and implement a backup and recovery solution that protects your business-critical information in the cloud.