- Paul Crocetti, Senior Site Editor
"The cloud is just someone else's computer."
That's how Darryl Polk, chief innovation officer for the City of Rancho Cucamonga, Calif., put it when describing the need for SaaS data protection.
Polk was speaking at the May VeeamON user conference, but those words and sentiment have been echoed across conferences and by data protection experts for many months. While SaaS providers -- such as Microsoft with its 365 line, Google with Workspace (formerly G Suite) and Salesforce with its CRM -- are responsible for their platforms, users are responsible for their data.
Still, the issue remains: Not enough organizations back up their cloud-based SaaS data.
A case study in point
Now is as good a time as any to add or enhance SaaS data protection. Many organizations moved to the cloud or increased use of cloud-based platforms as a result of the pandemic and the ensuing work-from-home surge. When on-premises offices and data centers were not open for business, the cloud offered access and reliability, and it continues to do so.
While SaaS data protection can present challenges for vendors and users, it should be a priority for both groups.
Barracuda recently redesigned its Cloud-to-Cloud Backup product -- co-developed with Microsoft-- from the ground up. One change that was made is that Barracuda now backs up data in Microsoft Azure, rather than its own cloud, said Tim Jefferson, senior vice president for Barracuda's data, networking and application product division.
Microsoft also helped with backup for Teams, which is very complex, Jefferson said. In May, Microsoft claimed 145 million daily active Teams users, an increase of 100 million since March 2020 when the pandemic hit. That user base highlights how important it is for companies to protect that data, and for vendors to offer the protection.
Andrew Schulz is director of IT infrastructure at full-service underground power company Novinium Inc., based in Kent, Wash. The company has about 250 to 300 employees and a small IT shop, and it migrated to Teams in February 2020.
"Luckily, [Teams] was in place and people were familiar with using it before we all went remote," Schulz said.
The Teams data includes chat instances and files. Novinium needs long-term retention for its Teams, SharePoint and OneDrive data.
The company started using Barracuda Cloud-to-Cloud Backup in January for Teams protection, among other Office 365 data protection needs.
Schulz said he looked at several SaaS data protection products, but some of them offered more than what Novinium needed and the company would end up paying for features it wouldn't use. Schulz said he's been using Barracuda products for 15 years, which helped sway his decision.
He added that he likes that the backup product is simple to use and not so big that it's overwhelming.
SaaS backup market features strengths, opportunities
Office 365 backup is a major piece of the SaaS data protection market, thanks in part to the ubiquitous nature of the platform. Acronis, Arcserve, Carbonite, CloudAlly, Cohesity, Commvault's Metallic, Datto's Backupify, Druva, HYCU, Rubrik, Spanning Cloud Apps, Unitrends, Veeam and Zerto are among the data protection vendors that offer 365 backup.
Google Workspace and Salesforce users also have several options for third-party backup. Google Workspace backup providers include Acronis, Backupify, CloudAlly, Spanning and Zerto. Vendors specializing in Salesforce backup include Backupify, CloudAlly, Metallic, Odaseva, OwnBackup, Spanning Cloud Apps and Zerto.
It's surprising there aren't even more options for SaaS platforms not named Office 365. One would think that vendors are working on such offerings, especially given the surge in use of so many of these platforms. And there are many more beyond the Big 3 already mentioned, such as Box, Dropbox, GitHub, Shopify, Slack and Zendesk.
Danny Allan, CTO at Veeam Software, said it's frustrating that every SaaS platform is distinctive.
"It does mean that you need to tackle them uniquely," Allan said. "In other words, many of the platforms don't have the APIs to get the data out -- first of all -- and to get it out efficiently.
"But even more importantly, almost none of them have the ability to get the data back in," he added. "So, while some of them have the ability to take an API and dump the data out, if you say 'I want to recover just this particular element, just this particular chat or email or sales record or IT workflow,' most of them don't have those APIs."
That means a company like Veeam needs to collaborate closely with a given provider on APIs to offer specific SaaS data protection.
"So it's an early market, both in terms of education, but also in terms of API and technical ability on the part of those providers," Allan said.
Deal with the 'disconnect'
Users should take advantage of the third-party SaaS data protection services that are available, but statistics show they're not doing it enough.
There's a SaaS "disconnect," said Christophe Bertrand, senior analyst at Enterprise Strategy Group (ESG), a division of TechTarget.
"You are always responsible for your data," Bertrand said at the April ZertoCON user conference. "Just because it's in a SaaS environment doesn't mean this responsibility goes away."
According to a May ESG report, "The Evolution of Data Protection Cloud Strategies," one-third of users surveyed do not believe backup is needed.
"Wrong answer," Bertrand said.
There are many ways to lose data, including accidental or malicious deletion and service failures.
IDC research indicates that more than 80% of new applications will be deployed in the cloud or at the edge, according to an April white paper, "The State of Data Protection and Disaster Recovery Readiness: 2021," sponsored by Zerto.
"SaaS application data, in particular, can create a data management gap," wrote Phil Goodwin, IDC research director, in the report. "This is because the data is managed by the SaaS provider and not the IT group and thus does not have the governance or data protection policies of the IT organization."
Now is the time to close the gaps and end the disconnects in SaaS data protection. Enterprises will need a third-party provider, but it's worth it for the peace of mind during this challenging time.
- Multi cloud backup and recovery best practices –ComputerWeekly.com
- How It Works: Cloud-Native Protection for AWS –Rubrik
- Optimizing Cloud –OffSiteDataSync and Veeam
- The Role of Cloud Backup and Recovery in Protecting Against Ransomware Attacks –Rubrik