SOFTWARE-AS-A-SERVICE (SaaS) user companies are responsible for the backup and recovery of their data. If they rely only on the limited possibilities of the providers, they are threatened with risky gaps.

Here, we explain where the greatest dangers lurk and how companies can protect themselves with confidence.

When using software-as-a-service applications, many companies make a fatal mistake: they assume that providers take comprehensive precautions to secure the data. However, the user companies are generally responsible for backup and recovery. You can find the corresponding clauses in every user contract.

As a result, most SaaS applications have very rudimentary options for storing and restoring data. This results in risky backup gaps:

Accidental deletion. Deleted data often ends up in the recycle bin, and the system automatically empties it after a certain time. For example, if an employee deletes an abandoned sales project in Salesforce and wants to resume it later, it may already be too late to restore the data from the trash.

Malicious deletion. When an employee leaves the company, their account, for example, in Microsoft 365, is usually blocked. If they maliciously deleted information before leaving, IT couldn’t easily access the data to assess and undo the damage. The account archiving of departing employees does not contain previously deleted data.

Ransomware attacks. The time windows for data retention are usually tight for SaaS applications. If a company falls victim to a ransomware attack that began outside of this window, it has no chance of restoring the affected data to an unencrypted state. In addition, there is no isolation of the retained data from the primary environment to prevent the ransomware from spreading to this data.

Compliance with guidelines. The short retention periods make it difficult or impossible for companies to comply with internal and legal requirements for data archiving. They thus risk compliance violations, which could lead to severe fines or cause lasting damage to their reputation.

Legal hold and eDiscovery. Capabilities for retaining, identifying and providing data as evidence in litigation are often very limited, or non-existent in SaaS applications. There are also no integrations with dedicated third-party eDiscovery tools. Throttling limits on data transfers, daily limits on data exports, or volume limits on download overviews further complicate eDiscovery processes.

Dedicated backup solution required

If companies want to protect their SaaS data against risks such as accidental and malicious deletion or ransomware and reliably meet compliance requirements, there is no way around the use of a dedicated backup solution. The classic approach would be to build and operate such a solution yourself. As always with onpremises installations, however, this incurs considerable costs and efforts for hardware, software and maintenance. Dedicated backup platforms in the cloud are therefore an attractive alternative.

With a backup in the cloud, companies could back up their SaaS data directly from one cloud to another. They don’t have to spend on infrastructure, avoid so-called egress costs, i.e., fees for transferring data to their own data center, and benefit from other cloud-standard advantages such as great flexibility.

Ronnie Latinazo is the country general manager for the Philippines at Dell Technologies, a tech giant that designs, develops, manufactures, markets, sells and supports information technology infrastructure such as laptops, desktops, mobiles, workstations, storage devices, software and cloud solutions catering to both consumers and the enterprise.