Today’s data protection market is more complex than many of us would at first believe. The reason is closely tied to the fact most businesses opt to work with SaaS-based solutions for productivity and collaboration, and in doing so, automatically assume every vendor will be ensuring user data is copied, protected and secure. It’s time to set the record straight: this is not the case, and this assumption can be incredibly dangerous in the long-term, with no one taking responsibility for some of an organisation's most critical data.
The lack of protection provided by vendors is no new revelation. It’s been a standard practice for quite some time as part of the “shared responsibility model”, but that doesn’t stop some from assuming otherwise. The newest company to openly state they are no longer responsible for user data recovery is Salesforce. As of the 31st of July, Salesforce customers have been required to protect their own data. Salesforce has communicated this well but, as many customers search for ways to protect their data quickly, this serves as an important reminder as to why we all need to take the time to read the small print, check what is (and is now) included and ensure we are prepared for the day that a disaster might strike unexpectedly.
Read the small print
The fact that most vendors do not provide data protection alongside its other services,will come as little surprise to the many who have already faced this hurdle.
But, for those who are less sure about how to tackle this problem, let’s start with the basics. If you’re using SaaS products like Microsoft365, G-Suite, or Salesforce, don’t be fooled; these tools are not as safe as you’re led to believe. The best type of protection these tools actually provide you with is a recycle bin to recover a file, email, or object that you might have accidentally deleted, making it easy to recover pretty quickly. Alongside this, you can also restore an older version of an item if needed. Whilst this sounds great, if you fall victim to a malicious cyber attack, or find some of your files to have been tampered with, there will be no easy way to recover from this. You will not be able to recover data because the “backup” is stored in the same place as the original. That means once your data is gone, it’s gone forever!
Microsoft365 as a platform, arguably contains some of the most significant data protection gaps that IT professionals are tasked with handling. A robust backup solution should get the basics right; it should automate backups regularly, and ensure backups are stored in a different place than the protected system, as well as meeting any compliance requirements.
If we reflect on the last couple of months alone, there have been countless cyber attacks, with hackers taking advantage of the current vulnerabilities surrounding COVID-19. These attack victims will have been left with deleted, or corrupted files and those relying on tools like Microsoft365 will have had a huge headache in trying to get these back. Some IT teams were able to do the recovery process manually, which is not only laborious, but also time consuming. Other companies have found the attacker corrupted or deleted their only copy of data, because they were relying on the internal protection mechanisms their SaaS vendor provides.
Protecting your own data, fast
If we think back to Salesforce as our example here, the company has been known for offering “Data Recovery” at a cost of $10,000 which took around six to eight weeks to provide a downloadable file containing CSVs of each of your objects. Once downloaded, it would be your responsibility to upload these CSV files in a particular order so that you could re-establish referential integrity between the various documents. Meanwhile, you could have a Salesforce instance that was completely non-functional. When announcing their change in policy, Salesforce did openly communicate that this was not in keeping with the level of quality that their customers expect, being one of the reasons they have discontinued it. With a sub-par recovery service, businesses are actually better protected by implementing a separate solution.
The good news is, Salesforce has officially confirmed that you need to back up your own data, and this kind of communication is vital. We can only hope that organisations like Microsoft and Google will follow suit. Your business has two options to protect your SaaS data. Firstly, you could consider a manual backup solution. This will likely be prone to human error; it will be time consuming and far from productive. Alternatively, you could implement an automated backup and recovery system with support of a third party. This will save you time, automatically backup all of your data ensuring you’re protected at all times, and free up your team’s time to focus on more value-add tasks.
With no clear direction as to when we can expect to return to normal right now, it goes without saying that all teams could do without the added pressure and worries when it comes to the protection of their data. Time is precious to all of us, so for businesses looking for a solution to speedy data protection and recovery, SaaS data protection is the answer. Not only will your IT teams have the support that they need, but you’ll have a partner for life. Always read the small print, and make sure you’re protected – or risk paying the price.
Author: W. Curtis Preston, Chief Technical Evangelist at Druva