ao link
Business Reporter
Business Reporter
Business Reporter
Search Business Report
My Account
Remember Login
My Account
Remember Login

The hidden risks of Software-as-a-Service

Linked InTwitterFacebook

Kevin Cole at Zerto, a Hewlett Packard Enterprise company, explores the contributions that SaaS makes to security, and the risks that are attached to SaaS expansion

 

The global Software-as-a-Service (SaaS) market has become one of the technology industry’s most impressive growth stories of recent years.

 

Looking at the numbers immediately underlines the point, with McKinsey estimating that “The global SaaS market is currently worth about $3 trillion, and . . . . could surge to $10 trillion by 2030.” In practical terms, this translates to a situation where by 2025, 85% of the software used by organisations will be SaaS-based.

 

Away from the headlines, however, one of the common limitations of the SaaS model means a large number of organisations are unknowingly risking significant data loss. This risk exists because they are expecting their SaaS providers to fully handle their data protection needs, whereas most operate on a shared responsibility basis, which usually only provides basic data protection functionality.

 

While these capabilities might be enough for certain situations, they are not usually comprehensive, and organisations often learn that their data, which they thought was safeguarded and could be recovered, is actually not as secure as they assumed.

 

Balancing user convenience and data protection

This disconnect is perhaps understandable, given a core foundation of the SaaS model is that providers are there to take technology responsibility away from their customers and provide it as a service. The reality is, however, that adopting cloud-based services does not automatically divest responsibility for data protection.

 

Looking more closely at the parameters of the shared responsibility model, therefore, is important. On the one hand, signing up with a SaaS provider means they will protect a range of different key technology priorities. This can be everything from the operating system, hardware and network infrastructure and virtualisation to power management, physical security and a mixture of other points which should be detailed within each Service Level Agreement (SLA).

 

What is rarely included, however, are any detailed provisions for protecting users and data, which remain the responsibility of the SaaS customer. In this context, issues caused by human or configuration errors, malicious insider threats, viruses and malware are not within their remit unless specifically built into a SaaS contract upfront.

 

From a data protection standpoint, this could quite easily mean that if a disaster recovery situation arises, data loss becomes a very real possibility.

 

Data protection in a multi-SaaS environment

So where does that leave organisations out there who need much more certainty about the data protection status of their SaaS strategy?

 

A key point to build into any SaaS data protection strategy relates to complexity. In 2022, for example, organisations worldwide were using an average of 130 SaaS applications, according to industry data.

 

Inevitably, this means data will be fragmented across a diverse set of SaaS providers, each of whom will store it on either their own data centre infrastructure or as a cloud-based tenant using different vendors and technology stacks.

 

It stands to reason that the more SaaS applications an organisation uses, the more complex data protection becomes, especially when getting data out may require the use of proprietary tools. For enterprise organisations, this is a particular concern given the average number of SaaS applications in use jumps to nearly 180.

 

In this context, the core objective should be to create an isolated and tamperproof copy of data and data objects contained in each SaaS application and workload. Instead of using multiple different SaaS backup solutions, each with its own architecture and user interfaces, protecting data across a multitude of disparate SaaS services is more effectively achieved by implementing a vendor-agnostic backup solution.

 

By removing the layers of administration complexity, for instance, users benefit from a streamlined approach to data protection that gives a single view of all the various data sets that reside across their SaaS portfolio.

 

Ideally, this will deliver fully automated backup and recovery capabilities, particularly for key enterprise SaaS apps, including Microsoft 365, Dynamics 365, Google Workspace and Salesforce, among many others.

In doing so, users can combine scalable and secure protection with granular data recovery to protect application data against today’s risks and vulnerabilities – from ransomware attacks to accidental data deletions.

 

When a data protection issue arises, data can be restored to the same SaaS vendor or moved elsewhere, while organisations can also create multiple immutable copies of backups that are stored in an independent cloud that is dedicated to data protection and not dependent on large hyperscalers.

 

Collectively, this can prove hugely beneficial not just to data protection in general but to specific issues, such as compliance.

 

With Saas adoption continuing to accelerate at a rapid rate, data protection strategies also need to evolve to meet the new challenges created by innovation and progress.

 

Those organisations that focus on building a vendor-agnostic SaaS data protection strategy can create a win-win whereby they enjoy all the benefits SaaS has to offer with the confidence that their data remains safe and recoverable in any circumstance.

 


 

Kevin Cole is global director, technical product marketing, Zerto, a Hewlett Packard Enterprise company

 

Main image courtesy of iStockPhoto.com

Linked InTwitterFacebook
Business Reporter

Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF

23-29 Hendon Lane, London, N3 1RT

020 8349 4363

© 2025, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543