Retailers Must Use SaaS Safely to Protect their Bottom Line

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise tech. In this feature, Zerto‘s Global Director of Technical Product Marketing Kevin Cole offers commentary on why retailers must use SaaS safely to protect the bottom line.

The growth of the global Software as a Service (SaaS) market has been explosive, making it one of the technology industry’s most impressive success stories in recent years. According to McKinsey, the global SaaS market is now valued at $3 trillion, and their estimations show it could increase to a whopping $10 trillion by 2030. The retail industry is one of the largest users of business-to-business technologies like SaaS. A plethora of critical retail software, including order and management fulfillment systems and communication tools, live in SaaS apps in the cloud.

However, there is a key limitation to the SaaS model that companies are not always aware of. Adopting Software as a Service can put retailers at risk of significant data loss, as most SaaS providers only offer basic data protection functionality and operate on a shared responsibility basis. Many companies assume SaaS providers will completely handle data protection, but this is not the case as SaaS providers can usually provide basic data security but lack comprehensive plans and strategies. Retailers using SaaS often find that their data, which they assumed to be safeguarded and recoverable, was not kept as secure as they thought.

SaaS Data Protection

Shared Responsibility in SaaS

The disconnect in expectations here is reasonable, given that one of the core aspects of the SaaS model is that the provider takes on the customer’s technological responsibility and provides it to them as a service. But just because a cloud-based service is adopted, the responsibility for data protection is not automatically taken on by the provider.

This is why it is so important to closely consider the parameters of the shared responsibility model. While signing up with a SaaS provider usually means a range of key technology priorities will be addressed (such as physical security, the operating system, and other factors which should be listed in each Service Level Agreement), protection of users and data is rarely included and remains the responsibility of the customer. Unless specifically built into the contract upfront, viruses and malware, insider threats, and issues caused by human or configuration error are usually not covered by the SaaS provider. If this is not accounted for, a disaster recovery situation can lead to data loss for the company.

For retailers in particular, a data breach can be extremely costly. The 2022 IBM Cost of a Data Breach Report revealed that the average data breach cost for retailers in 2022 was $3.28 million. Additionally, in the retail industry, the impact of a data breach goes far beyond just the financial cost. Loss of consumer confidence can severely damage a company’s bottom line and brand name for years.

Data Protection in a Multi-SaaS Environment

Organizations can take action to make sure they are not leaving themselves vulnerable to data loss. One of the most crucial factors to consider when creating a data protection strategy is SaaS complexity. Data protection becomes significantly more complex the more SaaS applications are used, particularly when extracting data requires proprietary tools.

Industry data shows that in 2022, organizations used an average of 130 SaaS applications each. Many retailers use different iterations of the same SaaS application to manage multiple regions within their supply chain and various product lines across the chain. This means that data is split across a diverse range of SaaS providers, who all store that data on their own data center infrastructure or in the cloud, using different vendors and technology stacks. If a retailer has 50 separate instances of their Customer Relationship Management or their ticketing system, each iteration of the application is vulnerable.

How Vendor-Agnostic Solutions Can Help

The key objective in handling data protection needs to be creating an isolated, tamperproof copy of the data and data objects contained in each SaaS application and workload. Implementing one vendor-agnostic backup solution is easier than trying to use multiple different backup solutions across SaaS platforms, each with its own user interface and architecture.

A unified platform will remove layers of administrative complexity and users will benefit from a streamlined data protection solution that provides one view of all the data sets across the organization’s SaaS portfolio. This platform should also provide automated backup and recovery capabilities, especially for key enterprise SaaS apps like Google Workspace, Microsoft 365, Salesforce, and others.

With all these capabilities, users can protect their application data against risks such as ransomware attacks and accidental data deletion, using a scalable and secure protection method with granular data recovery. When an issue arises, data can either be moved or restored to the same SaaS vendors. Organizations can also create additional immutable copies of backups stored in an independent cloud dedicated to data protection and not rely on large hyperscalers. This ends up being hugely beneficial to data protection and issues such as compliance.

As SaaS adoption continues to accelerate rapidly, data protection strategies need to evolve with them and address new challenges. Retailers benefit from creating a vendor-agnostic SaaS data protection strategy which provides all the benefits of a SaaS and the confidence that their data is safe and recoverable, no matter what happens.