By Dave Packer, vice president corporate and product marketing at Druva
Cloud-based applications have become critical to businesses and operations around the globe. But do leading SaaS solutions such as Office 365, Box, G Suite and Salesforce protect their customers' data with equally critical backup options?
Here are six myths about SaaS apps that might lead you to believe your company’s cloud data is secure — when in fact it is at serious risk of being permanently lost without a data protection solution.
1. Myth: You Can Always Recover Your Cloud Data
Cloud providers do indeed offer different levels of recovery, but there’s a catch: such backups are not intended to make all data available to customers. In fact, cloud solutions are not natively designed for data restoration, and the providers that do have backup capabilities may charge customers a sizable fee for retrieval. With most online services, the only backup you have for your organization’s data is via the recycle bin, which is automatically purged after a fixed period of time. After that, your data is gone forever.
2. Myth: File Sharing Is the Same as Data Protection
Many companies have said, “We already have cloud file sharing, can’t you just store your files there and call it a day?” Here’s the uncomfortable truth: File sharing is NOT data protection. While the two technologies do have some overlapping features, they are fundamentally different in their approach:
- File sync and sharing is built for real-time collaboration with user content, but it is not designed for data recovery in the case of user error, data corruption or ransomware. Nor does it address archiving or compliance and eDiscovery challenges.
- Unlike file sharing, enterprise backup software automatically makes a copy of every user’s data available for recovery. Data is protected in its entirety, including files stored by SaaS applications, and if a device is lost or stolen, additional features help organizations trace the device and/or remotely delete corporate data.
3. Myth: Your People Don’t Make Mistakes
Let’s face it: even the smartest people at your company are only human; mistakes can (and will) happen. It is not uncommon an employee to delete data, only to realize later that it is still needed. A collaborator might accidentally delete a shared project, or you might remove a scrapped project only to discover afterwards it is starting up again. If you don’t identify the issue within a very short period of time (anywhere from 30 days to as little as two hours), your critical data may be lost for good.
4. Myth: You Can Stop Malicious Employees Before They Do Damage
Organizations are responsible for making sure that they are meeting all compliance requirements, but many have found out the hard way the damage that one bad employee can do. To help manage this risk, coordinate and monitor all your server backup and DR policies globally, removing the burden of complex storage, compute or networking management. Choose data protection products with auto-tiering to ensure VMs are always stored cost efficiently for long-term archival to address your retention policy requirements without the need for manual processes. In addition, cloud-native content analysis capabilities can give you a greater understanding of potential data and compliance risks across multiple data sources.
5. Myth: Ransomware Isn’t That Big a Deal
Downtime from ransomware costs small businesses around $8,500 an hour. In the U.S., this adds up to a loss of $75B+ per year. Today, ransomware is not only commonplace, but it’s on the rise. Many organizations fail to understand that the cloud is just an extension of a user’s operating environment — data is just as susceptible to loss, theft or malicious attack in the cloud as it is anywhere else. Enterprises are still responsible for managing sensitive, cloud-based data, and failure to comply with rules and regulations can result in hefty fines and, worse yet, loss of reputation.
6. Myth: A Legal Hold Just Means “Don’t Delete Anything”
Businesses risk very serious consequences if they fail to produce SaaS data during litigation following a discovery request made by the courts. In many cases, this data — residing in cloud services like Office 365 or Box — may not be recoverable or is susceptible to deletion or mishandling by the users. By ignoring the data retention gaps within these products, you are relinquishing control of your organization’s business-critical information and putting it entirely in the hands of the end users. This places the burden of compliance solely on the shoulders of those who may have no understanding of how to manage company data correctly.
While the rapid adoption of SaaS-based applications has been fueled by the unique advantages of the cloud, the core capabilities of Office 365, G Suite, Box, and Salesforce are not necessarily built to be comprehensive solutions for companies’ data availability and governance needs. In fact, they do little to address concerns around backup and archival of critical data. This is why it is imperative that businesses supplement the native capabilities of these applications with third-party backup tools to establish a strong data protection solution in the cloud.
Photo courtesy of Shutterstock.