With SaaS becoming an indispensable part of the business landscape, a rapidly emerging crisis is on the verge of shaking its users to the core. There’s a looming data apocalypse that’s set to become one of the biggest IT challenges of our lifetime.
For all the benefits that SaaS provides, data protection and security is most often found wanting. Put bluntly, SaaS usage wasn’t designed with data protection in mind to start. As companies entrust more of their critical data to third-party cloud applications, they are realizing that ensuring that this data remains protected from malware, breaches, loss and unauthorized access needs separate attention.
Beyond just the obvious security threats, there’s the challenge of data sovereignty, compliance with an ever-evolving set of global data protection regulations, and the complexity of managing access across diverse user groups. The conundrum isn’t just about leveraging the power of SaaS but doing so in a manner that prioritizes the sanctity and security of business-critical data.
The devil is very much in the details. We’ve ceded control of our data to third-party SaaS vendors. ‘Hidden’ in the fine print or with ambiguous language, these vendors state very clearly in their terms of service that they won’t protect our data. It’s part of the shared responsibility model and we need to understand that SaaS vendors ensure the service is functional, and users are responsible for backing up and protecting their data.
Of course, data protection and security goes beyond good business practice. The U.S. Federal Government has mandated that publicly traded companies must verify that their data is protected. The fines are not insignificant if they cannot assure with proof that they can. This highlights the urgency of safeguarding data against very real threats. The need to protect SaaS data has never been more urgent.
Traditional backup mechanisms are often overwhelmed by the sheer volume of data being generated daily. Research has found that nearly 32% of an organization’s unstructured data is business-critical, while 15% of these files are at risk from oversharing, erroneous access permissions and inappropriate classification. In 2020, the total amount of data created, captured, copied and consumed globally reached more than 64 zettabytes. Leading up to 2025, global data creation is projected to grow to more than 180 zettabytes. This is resulting in a treacherous landscape of SaaS data sprawl of which the vast majority is not protected.
When we consider the scale of these data protection, security, and recovery challenges, the statistics are staggering. Today, more than 30,000 SaaS applications are in use globally, and the average midsize company uses 217 SaaS apps. More than 52% of successful ransomware attacks occur through SaaS implementations, and industry predictions state that a successful ransomware attack will occur every two seconds by 2031, up from every 11 seconds today.
Adding further fuel to the fire, only five of the leading SaaS app vendors named to a leading industry analyst annual report have enterprise-class backup and recovery available to protect them. That’s right—of the 30,000 SaaS applications available, less than 10 have any sort of data protection to cover them. We’re fast approaching a data apocalypse, and the lack of awareness and fear mean that more education is in desperate need.
Fundamentally, the exponentially growing volume of data is a significant issue. A far greater issue is the number of places that data is residing.
As we’ve noted, SaaS providers are not responsible for users’ data backup and recovery. Again, it’s part of the shared responsibility model. To have granular access to specific files or workloads if disaster strikes due to malicious or accidental acts requires solutions that are designed to accommodate just that use case.
For far too long, customers believed that SaaS vendors were also taking care of their data and were responsible for both backup and recovery. Sadly, that isn’t the case, and it is still surprising when I hear senior-level IT executives say, “Our SaaS vendor handles data protection.” Companies need to acknowledge that the shared responsibility model in SaaS data protection and security refers to the distribution of security obligations between the service provider, who is responsible for securing the infrastructure, platforms and applications, and the customer, who must secure their data, identities and access management does not work.
There has to be a better way to ensure data protection without bolting on additional products or point solutions. No organization has all its data in one place. It’s sitting on-premises, in the cloud, multi-cloud, hybrid cloud, and on and on. This is where the likes of a single pane of glass management become critical if data protection is to be managed across so many locations. More than that, using a low-code platform to rapidly release backup and recovery services for SaaS applications becomes mission-critical to surviving the data apocalypse.
Another element to this is having greater data visualization to provide complete visibility to divide and categorize SaaS services by what’s protected and what’s not. IT must therefore visualize where all its data is, protect all that data, and manage it in real-time in a manner that is as frictionless as possible.
SaaS makes organizations vulnerable. When data gets compromised, those businesses that are unable to recover their data are at risk of losing significant amounts of money. Imagine if your business is unable to function for a week, two weeks, or even a month. The average downtime due to ransomware is 22 days.
This begs the question that the organizational mindset must change. Businesses must safeguard their SaaS workloads with the same level of intensity and thoroughness that they do in their on-premises and cloud environments. With SaaS, the business is exposed 24×7. So, whether it is malicious threat actors and ransomware or employees who accidentally mishandle or delete data, intentional backup and recovery are non-negotiable in a SaaS environment.
The answer goes beyond traditional solutions. You will run out of time, money and resources to protect 30,000+ different SaaS vendors. And if you’re miraculously able to achieve this, by that time, there’ll be another 30,000 to protect, especially if you factor in cloud services, microservices and the rise of AI application adoption. Instead, there is a need for an integrated environment that plugs into SaaS vendor platforms for security.
Of course, regardless of where your data is and what you’re protecting, you must be able to quickly recover it when necessary. As the use of SaaS applications continues to skyrocket, it’s imperative to adopt a new way of thinking when it comes to data protection and recovery strategies.
Businesses must pivot from traditional security and backup methods to embrace comprehensive, real-time data protection that spans the diverse and expansive SaaS landscape. By doing so, they safeguard their operations, strengthen their defenses against ransomware and data loss, and ensure the continuity and resilience of their enterprises in the face of an ever-evolving cyberthreat landscape.
The looming data apocalypse isn’t a distant threat; it’s a present-day challenge that demands immediate attention and action.
Recent Articles By Author