Probably not. If you think using a SaaS application such as Office 365 alleviates the need for backup, you’re wrong, and you’re not alone. A recent survey (PDF) of 1,000 IT professionals and business executives found that while cloud backup is on the rise, only 16% of companies back up data in their SaaS applications. Specifically, nearly 40% of the respondents who use Microsoft Office 365 said they don’t have third-party SaaS backup for that data.
Isn’t the cloud provider backing that up for me? Nope. And only a few people backup their cloud-based applications because they are confused about who is responsible for that data. Protecting on-premises data is a no-brainer. But why do so many organizations overlook protecting cloud data? Microsoft provides powerful services within Office 365 – but a comprehensive backup of your Office 365 data is not one of them. Aside from the standard precautions Office 365 has in place, you may need to re-assess the level of control you have of your data and how much access you truly have to it.
There’s a common misconception that by putting anything in the cloud, you get 100% data protection. But SaaS vendors usually only provide for availability and reliability of the vendors’ services. They do not take on the responsibility for customers’ data.
If a customer loses data due to malicious or accidental deletion, it’s not up to Salesforce — or Office 365, Slack or Box — to restore that data. SaaS providers’ responsibility only extends as far as their software and not the data on it, said Vinny Choinski, senior lab analyst at ESG. “They’ll guarantee the uptime of the application itself and the supporting infrastructure, but they can’t guarantee the integrity of the data you put in there,” Choinski said.
Office 365 keeps deleted email messages live in the Recycle Bin for 93 days before permanently deleting them. Microsoft OneDrive and SharePoint retain deleted files for 14 days, but users must open a support ticket to restore them. Additionally, neither can restore individual files – the entire instance must be restored. You or your boss might be thinking, “The recycle bin is probably good enough.” This is where many people get it wrong. The average length of time from data compromise to discovery is over 140 days. A shockingly large gap. The likelihood is high that you won’t notice something is missing or one until it’s too late for the recycle bin.
These are the six vulnerabilities in data protection for SaaS-based applications. Please let ASG help fix these vulnerabilities for you. With partners like Veeam we are saving IT organizations from a very costly misunderstanding.