In the realm of data protection, backup and recovery hold a significant place. The question often arises: should we prioritize convenience or security in our backup and recovery strategies? Let's explore this topic.
The Convenience Factor in Backup and Recovery
Convenience in backup and recovery often translates to simplicity and speed. Users want to quickly back up their data and recover it with minimal effort. This has led to the popularity of automatic backup solutions and cloud-based recovery systems.
However, the convenience of these systems can sometimes compromise their security. For instance, automatic backups can be vulnerable to ransomware attacks, and cloud-based systems can be susceptible to breaches if not properly secured.
And with the deployment and usage of SaaS solutions comes a certain attitude that implies that all the backup and recovery services lie in the hands of the SaaS provider. Which is untrue in most cases opening a big hole in the ability to recover from data loss. For example, the Service Level Agreement (SLA) of Microsoft 365 states that backup and recovery is a customer’s responsibility: "We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services" (Microsoft Service Agreement).
What is the rationale for not backing up SaaS applications?
The potential for data loss does not justify the expense of a backup service.
After conducting a risk assessment—including potential threats such as malicious deletion, programming errors, and accidental mistakes—the probability of data loss is found to be so minimal that the expense of a backup service seems disproportionate. You have a high level of confidence in your top-tier cyber defenses, which you believe will effectively protect your SaaS applications from malicious intrusions. You trust in the robust change processes of your SaaS providers and are assured that your employees are well-trained and cautious, minimizing the chance of errors. Therefore, the perceived risk of data loss does not justify the cost of a backup service.
What are the risks of this approach?
- Most cyber-attacks are being executed by employees. They know exactly what data loss will hurt the most. All your cyber-security technologies will likely be easy to circumvent by an employee. Without backup and recovery, you might go out of business.
- Sophisticated phishing-based ransomware attacks can force you to pay high ransoms to restore your data.
- Natural disasters pose another risk for your data. Without backup and recovery, you are at risk of losing all data contained in the SaaS solution.
It's improbable that hyperscale SaaS cloud providers will experience a major data loss incident.
Given the significant resources at the disposal of SaaS cloud providers—including substantial financial investments, the capacity to recruit elite cybersecurity and IT professionals, and the implementation of comprehensive security infrastructures—the probability of encountering issues is generally considered to be low. In other words, it is your expectation that your cloud provider will maintain a level of service that precludes any security incidents or outages that could adversely impact your business and its data.
What are the risks of this approach?
Gartner:
"Assuming SaaS applications don't require backup is dangerous"
Top analysts like Gartner advise, "Organizations that assume SaaS applications don't require backup, or that the SaaS vendor's data protection is good enough, may place critical data at risk". Gartner adds, "Organizations cannot assume that SaaS providers will offer backup as part of the service or provide interfaces that backup vendors can use to access data."
You choose to hold the belief that cloud providers are accountable for your data, despite their clear statements to the contrary.
Despite the clear stipulation in the shared responsibility model for cloud services that organizations bear the responsibility for the data they store and process, a certain percentage of organizations choose to disregard this fact. According to a study, 25% of organizations hold this view.
Forrester:
"Back up your SaaS data - because most SaaS providers don't"
Forrester concurs, "While almost all SaaS vendors explicitly state that protecting data is
the customer's responsibility, infrastructure and operations (I&O) leaders usually send critical data to those providers without any plan for ensuring data resiliency". They further put it in blunt terms, "Back up SaaS data or risk losing customers and partners. Stop leaving the door open to data loss and start proactively protecting cloud data before it's too late".
Your team operates flawlessly, with no room for errors.
In your organization, the concept of human error, a common cause of data loss in SaaS applications, is virtually non-existent. It's always an issue for others, never for you. As such, given your absolute trust in the infallibility of your employees and executives, there's no perceived need for backups to mitigate human error. After all, your organization operates under the premise that mistakes are an anomaly, not the norm.
What are the risks of this approach?
There are no perfect teams, Murphys law will hit you sooner or later. Here are some recent statistics on cyber-attacks:
- In 2022, around 480,000 incidents of cyberattacks were reported in the United States.
- A total of 5,258 confirmed data breaches occurred in 16 different industries and four world regions in 2021.
- The Internet Crime Complaint Center (IC3) saw a 69% increase in complaints from 2019, receiving 791,790 complaints total, with losses exceeding $4.1 billion.
- By September 2020, the average ransom payment peaked at $233,817.
- In 2020, 6.95 million new phishing and scam pages were created.
- There were 2,365 cyberattacks in 2023 with 343,338,964 victims.
- 2023 saw a 72% increase in data breaches since 2021.
- A data breach costs $4.45 million on average.
- Email is the most common vector for malware, with around 35% of malware delivered via email in 2023.
- Business email compromises accounted for $2.7 billion in losses in 2022.
- Nearly 1 billion emails were exposed in a single year, affecting 1 in 5 internet users.
- Around 236.1 million ransomware attacks occurred globally in the first half of 2022.
These statistics highlight the growing threat of cyber-attacks and the importance of robust cybersecurity measures like backup and restore. Read about how OpenText Data Protector backup and restore software can protect you from insider threats.
How OpenText Data Protector can help you protect your SaaS environments and other cloud workloads
OpenText Data Protector standardizes and consolidates backups across multiple platforms. It provides secure, comprehensive backup protection for business-critical data and applications whether virtual, physical, or online in the cloud.
- Comprehensive Backup: It standardizes and consolidates backups across various platforms, ensuring secure protection for business-critical data and applications, whether they're virtual, physical, or in the cloud.
- Disaster Recovery: Offers backup and disaster recovery for diverse environments including physical, virtual, cloud, and container setups.
- Application Integration: Features native integrations for easy, application-aware backup and recovery, with a self-service option for single item recovery.
- Cyber Attack Protection: Provides robust defense against ransomware attacks and includes performance improvement with advanced deduplication and detailed reporting capabilities. Read more about how OpenText Data Protector backup and restore software uses AI to protect from cyber threats.
- Microsoft 365 Backup: Offers comprehensive backup protection for the entire Microsoft 365 suite, including email, files, Teams chats, and more.
- Hypervisor Support: Provides backup protection for a wide selection of hypervisors, ensuring flexibility in operations management.
- Cloud Flexibility: Supports multiple cloud platforms and storage options, allowing for backups that meet operational needs and cost control.
- Consulting Services: Includes end-to-end solution implementation and comprehensive technology services to enhance system efficiency.
These features ensure robust disaster recovery and fast ransomware restore capabilities for modern hybrid IT environments.
Sources:
Explore how OpenText Data Protector can help your organization to ensure data integrity and data protection.
Learn more about Cloud data backup and restore
Already a Data Protector customer? Learn what is new in the latest version.
Read about data backup and resiliency
Read what analysts say about Data Protector
Read what a customer is saying about Data Protector
Request a free trial of OpenText Data Protector
Learn more about Cloud data backup and restore
Already a Data Protector customer? Learn what is new in the latest version.
Read about data backup and resiliency
Read what analysts say about Data Protector
Read what a customer is saying about Data Protector
Watch the Data Protector videos on YouTube
Follow OpenText Portfolio on LinkedIn to remain up-to-date on Data Protector.