Why You Must Back Up Your SaaS Application Data

Woman typing on a laptop

Microsoft Office 365 reached 180 million monthly active users last year and more than 5 million paying businesses are currently using Google G Suite. The volume of SaaS application data has been on the rise for several years. However, only 29 percent of small and midsize enterprises back up their SaaS data via a third party application. 

When it comes to SaaS applications, most organizations operate under a common misconception. They believe that they have backup and recovery with their SaaS provider, but there are significant limitations on what is typically provided.

SaaS providers practice a “shared responsibility” model when it comes to data protection. They will protect their customers from failures of their network, storage, servers, and application, but the customer is responsible for protecting their data from user and admin failures as well as from cybersecurity attacks. 

For example, here’s the breakdown of responsibilities for Microsoft Office 365:

Office 365 Data Protection Responsibilities

Common causes of SaaS data loss 

Admin mistakes:

Admins may inadvertently delete data that should have been kept. Once it’s gone, it’s gone in these cases, unless there’s a third-party backup solution in place.

Malicious insiders:

In Ponemon’s “Cost of Cybercrime Study,” malware and malicious-insider cyberattacks accounted for one-third of the cybercrime costs in 2018 amounting to $13 million. Disgruntled employees can delete data to spite their employers or for personal gain. 

Malware and cyberattacks:

According to the 2019 Ponemon Institute’s Cost of Data Breach Report, 51% of breaches were caused by malicious attacks. Of course, a data breach may be different from a data loss involving your SaaS application data. But the statistic illustrates the relative frequency of malicious attacks that could impact you SaaS data.

Let’s take a closer look at Office 365 data retention

When a retention policy is assigned to an Office 365 mailbox or public folder, content can follow one of two paths (per this document on Microsoft’s website):

Office 365 Data Retention Policy

As stated in the Microsoft article:

  1. If the item is modified or permanently deleted by the user (either SHIFT+DELETE or deleted from Deleted Items) during the retention period, the item is moved (or copied, in the case of edit) to the Recoverable Items folder. There, a process runs periodically and identifies items whose retention period has expired, and these items are permanently deleted within 14 days of the end of the retention period. Note that 14 days is the default setting, but it can be configured up to 30 days.
  2. If the item is not modified or deleted during the retention period, the same process runs periodically on all folders in the mailbox and identifies items whose retention period has expired, and these items are permanently deleted within 14 days of the end of the retention period. Note that 14 days is the default setting, but it can be configured up to 30 days.

However, Microsoft’s policies are not designed so that customers have direct access to backed up data with the ability to easily restore it. In fact, the Office 365 service-level agreement addresses availability, not recoverability of your data.

For these reasons, it’s important for businesses to take the responsibility for their SaaS data backups and recovery to prevent data loss.

Enhanced protection for SaaS data

Data loss by human error, malicious insider action, or cyberattack can be extremely detrimental to an organization’s business continuity.  

Having a cost-effective backup and recovery solution that enables you to back up all your SaaS data is an important consideration for your business.

Kaseya Office 365 Backup allows users to back up and restore Office 365 and SharePoint data directly and easily from the Kaseya VSA endpoint management solution.

It uses the OAuth 2.0 protocol rather than less secure service accounts and passwords to access Office 365 and ensures protection of data in transit with 128-bit SSL and at rest with 256-bit AES encryption, one of the strongest block ciphers available.

To learn more about Kaseya Office 365 Backup, download the product brief here.

IT Risk Assessment: Is Your Plan Up to Scratch?

A risk assessment is a process by which businesses identify risks and threats that may disrupt their continuity and haltRead More

Zero Day Attack!!!

Zero-Day: Vulnerabilities, Exploits, Attacks and How to Manage Them

A hacker’s goal is to identify weaknesses or vulnerabilities in an organization’s IT infrastructure that they can then exploit forRead More

Person using their mobile phone

Enterprise Mobility Management (EMM): The Essential Guide

Enterprise Mobility Management (EMM) is an IT framework for managing and securing mobile devices and business applications employees use inRead More

Business process management

Workflow Integration: What Is It and Why Is It Important?

Silicon Valley is the number one ecosystem for startups, churning out many new applications every day. However, none of themRead More

Download the 2022 IT Operations Survey Report - Click Here
2022 Benchmark Survery Results