According to Gartner, SaaS revenue is expected to grow 22.2 percent to reach $73.6 billion in 2018 and will reach 45 percent of total application software spending by 2021. Clearly, customers are increasingly adopting SaaS applications to meet their growing needs. 

But are SaaS vendors backing up your data? The short answer is no.

We’ll show you why planning your own data protection for each SaaS app makes good business sense.

SaaS vendors do not back up or protect your data
Most organizations today are migrating some of their on-premises workloads to SaaS offerings, mostly to achieve cloud benefits:  lower costs, easier administration and deployment, automatic scaling of resources, ubiquitous access and resiliency.

Unfortunately, backup and data protection are often not included with SaaS applications. In fact, a recent Forrester report says that “backing up SaaS application data is your responsibility.” The analyst goes on to say that:

“Nearly every SaaS provider explicitly states in its terms and conditions that clients are responsible for protecting their own data. You must plan data protection for every new SaaS service to which you subscribe.”

For example, Microsoft Office 365—which includes Exchange Online, SharePoint Online and OneDrive for Business—is the most commonly deployed and fastest-growing SaaS application. Yet Microsoft believes that data protection in Office 365 is a shared responsibility. They take care of retention and disaster recovery, while you are responsible for protecting and recovering data from loss.

Limited backup and archiving functionality in Office 365
The built-in SaaS backup and archiving functionality in Office 365 is very limited. In Exchange Online, for example, administrators can delete content, making it unrecoverable, and end users can permanently delete data. After 14 days, recovering this data from the second-stage recycle bin is difficult at best. Administrators can change the default setting, but only to a maximum of 30 days.

While there are multiple workarounds for Deleted item recovery, including the soon-to-be phased out litigation hold, Microsoft itself says that “point in time restoration of mailbox items is out of the scope of the Exchange service.”

With SharePoint Online and OneDrive for Business, the default retention time is 93 days in the site recycle bin (first stage) and 93 days in the second-stage site-collection recycle bin. Neither of these retention settings suffice for regulatory compliance, which often requires multiple years of archived data.

Again, there are workarounds, but these measures are often manual or limited in nature. And running additional software within the SaaS infrastructure isn’t an option. These limitations raise concerns about how best to protect data from accidental deletion, hardware failure or a malware attack—and prove compliance.

That’s why I recommend a backup solution that includes strong encryption, intrusion detection and controlled, secure access to data by trusted individuals and addresses the specific data retention requirements of your organization.

Turn to Logicalis for SaaS backup and data protection
Logicalis works with a variety of vendors to scope, develop and deliver a SaaS backup solution that protects data, while helping your organization fulfill regulatory and business compliance requirements.

One example is NetApp’s SaaS Backup for Office 365. This cloud-ready service secures your data by performing automatic full or incremental daily backups with simple search and restore capabilities—and without performing onerous native rollbacks.

To ensure data integrity and safety and reduce the risk of data loss, SaaS Backup employs multiple layers of security, including:

  • Strong encryptionProtects data at rest with 256-bit AES object-level encryption and unique encryption keys and data in transit with Secure Sockets Layer (SSL) encryption. 
  • Intrusion detectionConstantly guards against intrusion with real-time monitoring, detection and alerting.
  • Controlled accessProvides access only to a dedicated operations team, and tracks and audits changes to the production environment.

To increase the flexibility of your data protection process, we offer two deployment options: cloud and on-premises. Backed-up data can be stored through Amazon S3 or Microsoft Azure. You can also bring your own storage subscription through Amazon S3 and Microsoft Azure Blob or on-premise NetApp StorageGRID.

Learn more about NetApp SaaS Backup for Office 365, or contact us to build a backup solution that protects your SaaS data.

Kyle Swanson is a Director of Business Development for the Logicalis Cloud Practice, responsible for providing subject matter expertise on cloud deployment models as well as understanding customer business drivers and developing a portfolio to meet those needs.