It’s clear that, when it comes to applications, organizations both large and small are rapidly moving towards software-as-a-service (SaaS). According to recent research from Okta, from 2017 to 2018, large organizations increased the number of SaaS applications they use by 68 percent for an average of 129 SaaS apps. The number that smaller organizations are using grew by 38 percent for an average of 79 apps.

There’s certainly a lot to be said for SaaS. There’s no on-premises equipment or software to manage, and subscription pricing is much more palatable than expensive perpetual licenses. But what about the data stored in these applications? A recent study from 451 Research shows that 49 percent of organizations depend on their SaaS vendor to protect their data, while another 25 percent don’t protect their SaaS data at all.

That’s a very precarious situation because while SaaS vendors by and large do invest a lot of resources into ensuring the data in their services is protected, there are significant limits. Nearly all SaaS vendors, from Google’s G Suite to Microsoft Office 365, operate under a shared responsibility model in which the provider and the customer are required to take ownership for different aspects of data protection. Specifically, in most cases, the vendor ensures their infrastructure is secure and that their service and associated data is always available. 

But the data itself? That belongs to the customer, and they’re ultimately responsible for it.

The risks of not protecting SaaS data

For example, let’s say someone in marketing accidentally deletes key documents that are used every three months to create a quarterly report. If these files are accidentally moved to the recycle bin at the beginning of the quarter, and their deletion isn’t noticed until two months later, when people start to work on the report they’re in for a nasty surprise.

After 30 days, Microsoft automatically deletes all data in the recycle bin. And unless the customer has backed them up, those files are gone forever.

In another, potentially more serious example, let’s say an employee deletes emails or documents in order to destroy evidence of illegal activity. If the authorities launch an investigation, by the time a subpoena is issued to conduct e-discovery of emails, they will likely be unrecoverable and the organization could find itself in serious legal trouble.

In almost all cases, backups done by the vendor are meant to recover the entire platform in case of a catastrophic data loss — a fire in their facilities, a natural disaster or a serious security breach that destroys their data. It’s not designed to recover that email your CEO deleted or a specific record in NetSuite. Their data protection infrastructure is architected at a service level and isn’t suited for granular recovery.

But even if the vendor does offer backup services, is it really a smart move to have all your eggs in one basket? What if you have a disagreement with the vendor and your service shuts down? What if the vendor didn’t properly prepare for catastrophic loss or if it suddenly goes out of business? In any of these scenarios, you’d be very glad you invested in outside backup.

Protecting Microsoft Office 365 data

One of the most common SaaS apps in business is Microsoft Office 365, which encompasses data ranging from emails and presentations to SharePoint and team project details. 

If you have a lot of Office 365 data, you may want to begin classifying it so that you’re protecting the highest priority data, complying with relevant regulations and retaining what is legally required. So ask yourself whether the data contains:

Once you have a firm grip on your backup needs for Office 365, you need to determine what kind of system you’ll use to protect it. And if, like most companies, your larger strategy is to move as much as possible to a SaaS model, then it makes sense to protect this data via another SaaS offering.

As a Veeam Platinum Partner, we can deliver as-a-service the unparalleled protection provided by Veeam Backup for Office 365. Concerned about security and compliance? No problem. We can store data based on long-term retention policies, recover exactly what you need as granularly as you need it, and secure access to sensitive backups with multi-factor authentication. 

Got a hybrid environment? We’ve got that covered, too. Veeam can protect hybrid email and SharePoint deployments, and, if you want to migrate mailbox data between on-premises and SaaS, that’s easily done.

In fact, it’s so easy to protect Microsoft Office 365 data with OffsiteDataSync and Veeam, there’s really no good reason not to do it. The fact is, SaaS data deserves the same level of protection you’d give to on-premises data.

Want to learn more about how we can help you protect your SaaS data? Get in touch!