The growing reliance on public cloud services as both a source and repository of mission-critical information means data owners are under pressure to deliver effective protection for cloud-resident applications and data. Indeed, cloud is now front of mind for many IT organisations. According to recent research by Enterprise Strategy Group (ESG) cloud is “very well-perceived by data protection decision makers”, with 87% of saying it has made a positive impact on their data protection strategies.
However, many organisations are unclear about what levels of data protection are provided by public cloud infrastructure and SaaS solutions, increasing the risk of potential data loss and compliance breach. At the same time, on-premises backup and disaster recovery strategies are increasingly leveraging cloud infrastructure, resulting in hybrid data protection strategies that deliver inconsistent service levels.
Despite these challenges, there are a significant number of organisations that still don’t use a third-party data protection solution or service. This should be cause for concern considering that everything an organisation stores in the cloud, from emails and files to chat history and sales data (among many other datasets) is its responsibility and is subject to the same recoverability challenges and requirements as traditional data. In fact, only 13% of survey respondents see themselves as solely responsible for protecting all their SaaS-resident application data.
The SaaS Disconnect
Part of the problem is that many organisations incorrectly assume that SaaS applications already offer backup as a standard and are unaware they remain at risk from accidental deletions, compliance errors, limited recoverability, and ransomware. This SaaS data protection ‘disconnect’ is an ongoing challenge, with 35% of IT teams still relying solely on their SaaS vendors as being responsible for protecting their SaaS-resident application data.
Even though, at its core, SaaS is an outsourced model, organisations are wise to retain responsibility for their data and its recovery because relying solely on SaaS vendors creates a major gap in protection for many of today’s cloud-centric organisations. For instance, most SaaS providers do not offer data protection capabilities, instead promoting third-party solutions, and those that offer data protection tools tend to fall short of the scale and service levels needed by many organisations.
In addition to not applying any data protection technologies, there are many ways to lose data in SaaS applications, with nearly half (45%) of data loss risk attributed to data deletion. Of major concern is that malicious deletion represents one-quarter of the causes of SaaS data loss, whether external (19%) or internal (6%) in nature. These risk levels are incompatible with supporting a mission-critical environment and mitigating them should be a priority.
Organisations that are focused on delivering effective data protection should also be aware that SaaS providers themselves are often the top cause of data destruction or corruption. This is particularly challenging because while data corruption has always been a risk for IT, when SaaS becomes a primary infrastructure stakeholder, the control of the data and the application transfers to a mutually shared environment. From a data protection and recovery perspective it immediately becomes much harder to control recovery efforts unless an effective third party solution is in place.
Data Protection in the cloud
Momentum is also building among organisations who want to extend on-premises data protection environments with cloud backup target solutions. For instance, thirty-eight percent of research respondents want to extend their existing backup solution to the cloud (up from 33% in 2019), and as a result, the adoption and use of backup as a service (BaaS) has continued to increase to the point where it is the most widely used approach. More than two-thirds of organisations now use these services, with more than one in five expecting them to provide continuous data protection-like capabilities as they seek to improve their Recovery Point Objectives (RPOs).
Security and cost are both common considerations for organisations considering cloud-based data protection technologies. Scalability, restore, and cloud-based recoverability are the other common objectives users have for these services, while the ability to implement intelligent data management processes through data reuse is also growing in importance and is consistent with trends seen across the wider backup market.
Ultimately, incorporating cloud services into a sound data protection and disaster recovery strategy is now firmly established for IT leaders that are tasked with ensuring 24/7/365 availability. Many organisations have found to their cost that legacy technologies are simply inadequate for ensuring quick recovery with minimal data loss. In contrast, cloud-based data protection services are growing in importance, with organisations relying on it to deliver against RPOs and RTOs, reduced costs, and improved compliance. By adopting effective third data protection tools, organisations can ensure SaaS-resident data is not left on the sidelines with the mistaken belief that protection is inherently part of the service.