Brian Rutledge is the principal security engineer of the cloud-to-cloud backup provider, Spanning. The company offers Software as a Service (SaaS) data protection in addition to backup. SaaS is a viable option for many organizations, but like any approach to data protection, it is not without its risks. With 20 years in the security field, Rutledge was able to provide us with expertise on SaaS backup and the risk of data loss, as well as the benefits of using this service.
Why do businesses that use SaaS applications have a higher risk of data loss?
There are many ways that businesses who utilize SaaS applications put themselves at a high risk of data loss. Some companies fail to do their due diligence to secure cloud resources, such as we recently saw in the news of AWS S3 bucket breaches where public access was not removed. Other contributing factors include when connections to SaaS applications may not be encrypted, when internal access controls around a SaaS production environment are lax or when corporate users don’t use safe behaviors online, thus opening their endpoints up for compromise. Malicious threat actors will take any avenue they can to access data – they aren’t picky, which is why it’s important to be vigilant.
How does the season or time of year affect that data loss?
The worst times of the year are bar none holidays. Most social engineering attempts occur when companies are experiencing downtimes. This includes summer vacation season, which we are about to enter, when people leave their homes and are consistently using personal information to purchase goods outside of their typical routine. Another time of year that we see spikes in data loss is tax season, when social security numbers become a target to file false tax returns.
One year later, the public anxiety over GDPR seems to have reduced a bit, but how does that regulation affect SaaS data? Does SaaS provide any assistance with compliance?
SaaS providers are really no different than a brick and mortar establishment — they must comply to all controller and processor statues in the regulation, where applicable. SaaS data is still in the spotlight, even as anxieties about GDPR have lessened because there’s still a lack of understanding about the tools needed for compliance. This could be because SaaS providers haven’t communicated this effectively to customers or just a general confusion about where compliance lives in SaaS applications.
Though there are risks of data loss, what are the benefits of SaaS and SaaS Backup?
Cloud technology has forever changed how we work and will continue to have a broad impact. An IDC report predicted that SaaS “will be the largest cloud computing category, capturing nearly two-thirds of all public cloud spending in 2018,” and I would wager we might see an increase in that prediction by year’s end. Cloud technology, and especially SaaS applications, have improved mobility and collaboration, as well as access to enterprise-grade solutions, without having to develop or maintain software in-house. Even though using SaaS applications won’t make companies immune to data loss, these solutions can actually be a benefit when it comes to compliance because many already maintain the certifications a customer might need for an audit or assessment. SaaS backup offers multiple benefits to organizations, not only when it comes to quickly restoring data faster than a vendor can, but also in how it can help new employees onboard more safely, without the worry of data loss from newbie mistakes. Additionally, it provides organizations with regular data quality checks, granular restoration (which is an enormous time-saver) and, in general, is a much better solution than “dumpster diving” through thousands of deleted files that may or may not yield the missing item.
What does SaaS Backup offer that traditional backup doesn’t?
Since applications like G Suite and Office 365 don’t guarantee full restoration of lost data if an issue occurs on the user’s end, an organization’s IT department needs to fill in the data protection gaps by selecting a backup and recovery solution themselves. Choosing a cloud-to-cloud backup provider instead of a traditional on-prem or hybrid solution allows organizations to continue enjoying the cost-saving benefits that drew them to adopt SaaS applications, instead of managing backups on-premises; an extremely time-consuming and error-prone activity. On top of quick installation and configuration, numerous options to store data in specific regions without data centers, and unlimited storage, cloud backup frees up IT teams to focus on what they do best, without worrying about maintenance or updates. Another important benefit is the ease of migration SaaS backup provides, in case an organization decides to switch vendors or services. In this age of rapid digital transformation, that alone is a huge cost and time saver.