Data Protection is critical for enterprise SaaS applications

Evaluating the right solutions is an important step towards minimizing risk on the cloud.

Saurabh Singh Nov 30th 2017

With data becoming the lifeblood of organizations, data protection and the cost associated with it is often top of mind.  Creating conditions that ensure business continuity and maximize system uptime are two good parameters to define this trade off in terms of cost effective data protection.

The new gen enterprises are evolving their cloud-first/ cloud-only strategy by turning to software-as-a-service (SaaS) usually for a subscription fee, instead of hosting and maintaining their own software. It is cost-efficient and highly agile and is supported by a robust infrastructure.

Let’s consider this analogy: Cab service versus owned car. For owning a car, we first need to buy one. We need to fuel it, maintain it, protect it, have a parking for the car (real estate) and to top it all, we must take the driving stress. What we get in return is a vehicle always available at our behest which we can use as and when required. We can customise it the way we want to. We can control who has access to it.  On the other hand, when we use a cab service, there’s no need to buy a car, no need to pay for fuel, no maintenance, no real estate for parking, no driving stress. In a nutshell, it follows a perfect "Pay As You Go" model.  Similarly, SaaS providers offer centrally hosted software and customers can avail them over the internet.

However, with growing adoption of "Software-as-a-Service" wherein the complete solution is managed by the cloud provider, data security has risen as a paramount concern for organizations that are moving their enterprise applications to the cloud. As the risk and exposure factors multiply, organizations need a consistent way to monitor and manage the data stored in SaaS applications.

Rise of SaaS—Need for Data Protection

Organizations are turning towards SaaS to efficiently manage their data centre functions over the cloud. A recent report published by Google and Accel partners in March last year stated that a $50Bn market awaits Indian SaaS products and companies. The last decade has seen software buyers express an ever-increasing preference for purchasing SaaS.  Thousands of existing vendors are transitioning from a traditional licensing model to SaaS.

This is primarily because SaaS can be consumed in a variety of ways to meet the needs of various sectors. Companies are now capable of managing their businesses over mobile devices using a few taps on the app. Whether it is productivity software like Offfice365, Google apps for messaging and collaboration, Salesforce, Dynamic CRM or Oracle for customer relationship management, or other varied services like capital management or business process management, the hottest routes of businesses are digital and data flows and transactions between customers, vendors. Therefore, protection of valuable data becomes crucial to any business.

Gartner analysts pointed out at the recent Gartner Symposium, a great chunk of the market still needs to upgrade from ‘using technology for digital processes’ to ‘being digital businesses’. This year’s array of ransomware and data breach news cycles strongly indicate that backups and protection are very important steps to cover all the bases. The government should lead the way by putting up strong compliance and regulatory frameworks in place.

Does dependency mean insecurity?

The major factors causing data loss in SaaS world are not very different from the ones in on-premise world. While the onus of data corruption and infrastructure failures are on the provider, application usage from the end of businesses can often result in issues like accidental data loss due to unplanned outages, data sync errors, insider threats, or external threats like hacker breach, ransomware, and virus attacks.

SaaS application providers strongly advocate its end-users to take backups. But one might ask, don’t the SaaS application providers backup customer data? Yes, they do. Some of the out-of-box solutions that they provide are for keeping multiple copies of customer data, weekly full backups and daily incremental backups of the data. They also provide backup retention for a limited time with a longer time period involving additional costs.

Should SaaS customers backup their data?

In that case, why do SaaS providers advocate taking backups? Usual Backup Recovery Point Objective (RPO) (the point in time to which you will recover data) is 24 hours, far too wide a window to cause more failures. Restoration of critical data can take many weeks and sometimes there is a cost associated with recovery.

Since SaaS applications providers backup data at per tenancy level they are not able to provide granular recovery which is essential for organizations. There is no option for an on-demand backup for a scenario wherein an organization is loading data to the application and would like to roll back in case of an issue. For these reasons, SaaS application providers admit that although they have data protection measures in place, customers should also backup their data in case there is a loss of data due to various factors outside their control.

Things to consider when evaluating solutions for your SaaS applications

Any business that has decided to adopt a third-party backup solution must aim to minimize risk on the cloud.  It should carefully consider the concerns to understand its needs and metrics and evaluate the available options.

To begin with one needs to ask oneself if a third-party backup is really needed?  Is the data in the SaaS application mission critical such as financial data, sales pipelines and opportunities, customer data etc? Is the RPO of 24 hours sufficient for the type of data hosted on the SaaS application?

Secondly, what would be the cost associated with the backup? How flexible are the backup cycles to cater to the organizational needs? Can the backup solution restore data granularly at various levels? Does the backup application meet the data security and compliance standards? Does the backup infrastructure retain the data for the duration it needs to be retained? Does the solution offer support to multiple SaaS applications being used in an organization? What is the deployment model for the backup application? Is it installed on-premise or is it a SaaS just like the application it is backing up?


Below are the pointers to help you choose a backup solution for your SaaS Application

  1. A Subscription based licensing (for example, per user license) which is flexible and accommodative.
  2. Flexible recovery point objectives (RPO) and recovery time objectives (RTO) which help organizations align to their organizational policies.
  3. Granular restores so that one can recover data at various levels to cater to partial data losses and accidental deletions.
  4. Meet security and compliance standards like PCI-DSS, HIPPA etc by providing capabilities such as audit trails, activity histories, long-term retention for data.
  5. Support for multiple SaaS applications so that one can manage multiple application from a single pane of glass.

In a distributed and a highly mobile workforce, employees predominantly work outside their corporate headquarters, heavily reliant on decentralized data systems. Providing them round-the-clock access to reliable and secure data, without adding capital expenditure or increased burden is a huge challenge for the IT guys. Regardless of that, service providers must address the unique requirements with layers and system processes that characterize data protection in a distributed and highly dynamic data environment.

The author is Technical Marketing Engineer, NetApp

Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s).