There’s a common misconception among Software as a Service (SaaS) users that backup isn’t necessary for their data because it exists in the cloud – and that provider will backup and secure your data, right? Unfortunately, this is untrue. SaaS applications such as Microsoft 365 unfortunately are just as vulnerable to data loss as on-premise apps.

Why? Because the number 1 cause of data loss is human error. Staff members accidentally deleting files, opening phishing emails, accidentally downloading malware and more. 
Some scenarios where customers could lose data include:

  • Malicious deletion by a disgruntled employee or outside entity
  • Malware damage or ransomware attacks
  • Operational errors such as accidental data overwrites
  • Lost data due to cancelled app licenses

SaaS providers like Office 365 offer a convenient service to provide access to e-mail services, data storage, and collaboration tools. These features were traditionally offered from an on-premises infrastructure with services like Exchange server and SharePoint server, where the data processor and data owners tend to be the same thing.

Now let’s think about what this means in a SaaS environment, the data processing task has moved to a cloud service where you don’t need to worry about it anymore, however you are still the data owner. This means that you are still responsible for how the data is protected.

In this example, Microsoft’s responsibility as a data processor is bound by the Service Level Agreement, they operate to which guarantees that the service they offer will be available. As of Q1 2020, O365 has a 99.98% up time, or to put that into perspective, an average of 17 seconds downtime per day. Microsoft operates a resilient infrastructure, which meets stringent security qualifications such as Cyber Essentials PLUS and hardware-level resilience by operating its services from multiple data centres in dedicated regions around the world.

All of this is great for providing a service, but it doesn’t protect the data within those services that you as the data owner are responsible for. Let’s assume you have a business requirement to maintain 7 years’ worth of email data when that data lived on-premises, that requirement doesn’t suddenly go away when you move the data to the cloud. Equally, if e-mails were deleted or were subject to some kind of ransomware attack, you would rely on a backup to recover the data. The same thing still applies when the data is running in a SaaS service like O365.

This is where products like Datto SaaS Protection comes into play. For more information on how we can help or a free demo, send us an email on [email protected] or call us on 0191 2503000