The move to the cloud is in progress, however there aren’t enough organisations looking at a critical area of this growth: the considerable increase in data created by SaaS that is not sufficiently protected. This puts businesses at increased risk for ransomware attacks, breaches, compliance woes, and far more.
Enterprise SaaS is growing at a rapid rate. Gartner predicts end-user expenditure on SaaS will increase more than 18%, from $145.5 billion in 2021 to $171.9 billion in 2022, it’s clear to see why. SaaS offers considerable value to service providers and customers, spanning from lower costs to simplified management and maintenance. The advantages of SaaS are clear to see; it removes the requirement to install and configure software, it provides the customer with better financial flexibility by diverting from licensing fees to software subscription, there is not a requirement to acquire and maintain hardware, and new releases and upgrades are automatically deployed.
However, whilst it’s rapidly growing and has countless benefits, there are notable challenges connected with managing and protecting SaaS data. And this is a problem that can only get worse, as for many companies, SaaS is the fastest-growing piece of their data.
Every cloud service provider (CSP) and SaaS provider has its own data retention policy and as soon as that policy reaches its expiration date, the customer is accountable for backing up, protecting and, if necessary, reinstating the data in the occurrence of a cyber attack such as ransomware. In the current climate of widespread ransomware attacks and increasingly stringent privacy and compliance regulations, leaving data unmanaged and unprotected is a risk few businesses can take.
Take Microsoft 365 as an example. Microsoft 365 adoption has been exponential, with close to 300 million users and over 50% in subscriber growth across the past couple of years alone. It’s one of the most popular enterprise SaaS applications, and despite this backup options are narrow in terms of data stored on Azure. The options for the product suite are retention policies with little thought for recovery SLAs — meaning data management and protection largely becomes the exclusive responsibility of the customer.
There are however a number of ways to protect your SaaS data from the effects of cyber attacks that can hamper business, solicit ransom payments, reveal customer data, and harm your brand and reputation. A few best practices include: [Text Wrapping Break]
- Gain ownership of your data, data is a businesses most considerable competitive asset, and it’s optimal to have your own data backup, protection and recovery service in place.
- Make data management simpler and bring your SaaS data into your central data management system, with one set of policies for all your data.
- Include SaaS data protection alongside your existing backup and recovery system if possible. If not, think about a next-gen data management platform that is expandable to address current and future data management needs.
- Set out to try a proof of concept with a Data Management as a Service (DMaaS) solution that enables you to add SaaS data backup and protection without adding infrastructure, helping you spend more time taking care of other business-critical tasks.
- Safeguard your data as you move to the cloud — on-premises, in the cloud, as a service, or a mix of these options — as you navigate and leverage a hybrid, multicloud world.
- Prepare, given all the SaaS apps you use today and how that will increase, you need to get ahead of the curve and plan for a data management strategy that will serve your needs for the next five years and beyond.
Whichever route you take, ensure you back your SaaS up. The quantity of information and data created via SaaS is only going to grow in the coming months and years, and possessing a plan to backup and protect all your data is a vital part of any company’s data and risk management strategy. It’s the only solution when it comes to answering those difficult questions when a ransomware attack strikes, operations cease to a halt, and the board is asking why you weren’t prepared.
About the Author
Brian Spanswick is CISO and Head of IT at Cohesity. We believe that simplicity is the foundation of modern data management. Our mission is to radically simplify howorganizations manage their data and unlock limitless value.
Featured image: ©Metamorworks