IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Choosing the optimal SaaS backup solution
Mon, 31st May 2021
FYI, this story is more than a year old

COVID-19 has fully accelerated the deployment of SaaS services for businesses as SaaS apps have become the default system of data for many organisations. But the cloud adaptation among enterprises has expanded so significantly in such a short period that enterprises have neglected the appropriate security measures for cloud data. This, in turn, has led to an increase in cloud security incidents, SaaS attacks, and SaaS data exploitation.

Businesses that misconstrue the erasure coding practice of the cloud providers as the safeguard to their cloud data protection severely jeopardise businesses' cloud data safety. Here's why SaaS backup should not be overlooked as it becomes such a crucial practice for enterprises.

External threats have become increasingly problematic for enterprises. According to Palo Alto Network's Unit 42 Cloud Threat Report of H1 2021, organisations globally increased their cloud workloads by more than 20% between December 2019 and June 2020, leading to an explosion of security incidents.

The research further indicates that cloud security incidents increased by an astounding 188% in the second quarter of 2020. This shows that while organisations have quickly moved workloads to the cloud in response to the pandemic, they still struggled many months later to automate cloud security and mitigate cloud risks.

Moreover, Trend Micro's Cloud App Security Threat Report 2020 suggests that over 16.7 million high-risk email threats were detected and blocked by its Cloud App Security solution, a 32% increase from the previous year. Trend Micro even predicts that Microsoft Teams, SharePoint, Office 365, and Exchange will be the most targeted SaaS applications for hackers to explore vulnerabilities in 2021. At this pace, it is imperative that more sophisticated SaaS security measures are introduced.

Besides external threats, human error also is often overlooked. According to Gartner, “up to 95% of cloud breaches occur due to human errors such as configuration mistakes, and the research firm expects this trend to continue.”

To elaborate with an example, KPMG attempted to delete a single user's account from an active account retention policy in 2020. A human error was made, and the policy was applied to the entire KPMG Teams deployment, resulting in the permanent deletion of 145,000 Microsoft Teams users at KPMG. Microsoft later confirmed that the Teams chat data was not recoverable.

Even with the proclaimed retention policies of SaaS vendors like Microsoft 365 or Google Workspace, data that was removed may only be restored within the previous 25-30 days unless additional policies are set in place. Should the businesses decide to retrieve that data or be put on notice of the deletion beyond the grace period, it would be too late. Thus, to ensure businesses have remedies to the above scenarios, enterprise cloud data should also be backed up.

A very common yet often ignored backup practice, ‘The 3-2-1 backup rule', should be evoked. As essential as all enterprise data stored on an on-premise storage environment, SaaS data should be no exception and should follow the 3-2-1 backup rule: every business should have three copies of data (production data and two backup copies) on two different media (cloud, disk, tape, etc.) with at least one copy off-site for disaster recovery.

For businesses that are unsure of what it takes to start out or currently limited on budget, it is especially vital to look for the following three elements regarding SaaS backup strategy: the pricing model, the cost of storage, and the scalability. 

Cost of license and number of accounts supported

Unlike SaaS service providers that charge on a per license or per account basis, some solutions require no license and support an unlimited number of accounts.

The Corin Group, a company that provides reconstructive orthopaedic devices globally, struggled to find a backup and archiving solution to backup up Microsoft 365 deployment. After stumbling upon Synology Active Backup for Microsoft 365, Corin saved more than US$65,000 annually, with 2,400 accounts safely protected without any hidden fees.

Growth of data equates to an increase in cost

Many businesses have experienced a growth in volume of their digital data. For these businesses, it's crucial that they utilise storage space efficiently as duplicate or bad quality data can be expensive.

According to the Data Warehouse Institute, data quality problems cost US businesses more than $600 billion annually. The Neighbourhood Advice-Action Council of Hong Kong, whose initial hurdle was to find a Microsoft Office 365 backup solution to prevent employees' accidental deletion, indirectly benefited from Active Backup for Microsoft 365's de-duplication technology that ultimately saved them 67% of the storage space. As a result, their IT admins were able to allocate budget and focus on tasks and projects that required more resources.

Sustain performance as company scales up 

Polish lender Idea Bank is legally bound to keep backups of all operations, including emails and Microsoft SharePoint data. The bank performed backups of its Microsoft 365 data and user information manually, but its solution was time-consuming and suffered from performance issues. This forced the bank to seek solutions that sustained service availability while ensuring future demands were met along the way.

Idea Bank ultimately deployed two Synology RackStation units to realise more than 160TB of RAID 6 storage. Using Synology Active Backup for Microsoft 365, more than 2,400 Microsoft 365 user accounts and over 1,200 Microsoft SharePoint sites were protected.

To learn more about Synology Active Backup for Saas and Synology's take on SaaS backup strategies for business, sign up for the SaaS backup webinar — which will discuss how to preemptively deploy robust SaaS data security measures in advance.