Why organisations need SaaS Protection when moving to cloud services

As the Coronavirus pandemic continues to unfold, organisations across all industries have been forced to adapt and adjust their digital transformation projects to meet the needs of a fast-changing world. Covid-19 has not slowed digitalisation down; on the contrary, it has been a key factor in accelerating such initiatives. Partly driven by the need for flexible and remote working, more and more businesses are migrating their data and business operations to the cloud. By Radhesh Menon, Chief Product Officer, Datto.

  • 2 years ago Posted in

According to Datto’s 2020 State of the MSP report, more than 70 per cent of respondents, including managed service providers (MSPs), are now projected to use Microsoft 365 cloud services within the next two years. In addition, respondents anticipated cloud migrations to be the top business driver in 2020.


However, when there is a shortened timeline to introduce new technologies – as was the case with the sudden move to working from home – security and business continuity flaws can quickly arise. It is therefore imperative that organisations carefully review their IT infrastructure to ensure that both new and existing technologies can reliably perform critical data security and backup functions, and guarantee business continuity.


Relying on the cloud provider is not enough


As organisations continue to shift their infrastructure to the cloud, some may not realise that they also have to put in place a third-party backup solution. All too often, businesses using Software-as-a-Service (SaaS) solutions assume that the cloud platform they choose – such as Google G Suite or Microsoft 365 – already provides the required level of security and business continuity to protect their sensitive data, but the truth is, that’s not always the case.


Just like data stored on an organisation’s own in-house servers, data stored in the cloud is still susceptible to incidents like cyberattacks, human error and malicious action. Gartner predicts by 2022, 70% of organisations will have suffered a business disruption due to unrecoverable data loss in a SaaS application*. SaaS providers do bear some of the responsibility for data protection, such as protecting against hardware and software failure, but when information is lost due to accidental deletion or malware, it’s often up to the end user to recover their own data.


Indeed, many SaaS application user agreements state that data protection, data-level security and long-term retention are ultimately the responsibility of the customer. This is why services agreements with cloud vendors like Microsoft typically recommend a “shared responsibility model” – and why it is necessary that organisations implement a proven third-party backup solution to protect the data in their SaaS applications.


Protection against cyber and other risks


An independent backup separated from the SaaS application itself helps avoid the most common data loss pitfalls. Aside from providing a safety net against user error, regularly creating, storing, and testing automatic backups is the only way to ensure ongoing data security and business continuity in the face of a rapidly expanding cyber threat landscape.


Ransomware continues to be a particular threat. Recent research by Datto amongst European managed service providers (MSPs) highlighted the extent to which ransomware affects businesses, and the crippling impact it can have. Almost two thirds (61%) of MSPs reported ransomware campaigns against their clients. Roughly two in five SMEs were affected; some of them even suffered several attacks in a single day.


What’s more, one in five MSPs saw ransomware attacks in SaaS applications such as Office 365 and Dropbox. Ransomware is designed to spread across networks and applications, so it is not surprising that attackers are turning their attention to the cloud. Focusing on securing the on-premises infrastructure is no longer enough; SaaS backup solutions for fast restores in the cloud are now equally critical.

*Source: Gartner research note: Assuming SaaS Applications Don’t Require Backup Is Dangerous. Published on 8th May 2019.


Covid-19 related fear and uncertainty adds to the problem, with malicious hackers employing techniques related to the pandemic to gain access to user accounts and company networks. In April, the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) issued a warning that the Coronavirus situation was being exploited by hackers – for example, by tricking users into clicking on interactive virus maps in order to install malicious code.


Dealing with outages


Alongside evolving cyber threats, the possibility of cloud service outages is another important consideration, as the worldwide Google G Suite service disruptions in August highlighted. At the time, file uploads were failing across Google’s services, including attachments to both personal and G Suite Gmail accounts.


In late September, users of cloud-based Microsoft applications were also hit by an outage and were left unable to access Teams, Microsoft 365, Outlook, Exchange, Sharepoint, OneDrive and Azure for up to five hours. This was followed by a second Outlook outage two days later. Whatever the cause of these interruptions, they are a clear indicator of the imperative need to protect cloud-based business data for businesses large and small.


Despite providers’ best efforts to maximise availability, service interruptions, loss of service due to natural disaster and power outages can happen. And while a third-party SaaS backup solution cannot solve email send/receive issues, it does ensure that users have access to their documents during an outage so businesses can remain productive and minimise any costly downtime.


An opportunity to adapt


While moving to the cloud is an important and necessary step to meet the demands of the digital age, organisations need to be aware of the possible implications. SaaS data is not immune to permanent data loss, and with the recent surge in remote working, cloud data is now more at risk than ever. In order for IT security teams to minimise the risk of data loss, boost their overall security posture and protect critical business data, they must take a proactive approach to data security by installing an effective SaaS protection solution.

The pandemic is a very real business threat, but it is also a trigger for positive change. Those organisations that can learn and adapt quickly will emerge stronger than before. Businesses need to be equipped to meet the growing demand for cloud-based offerings, and to securely meet those expectations.

Adopting a cloud-based solution is a vital first step in a successful digital transformation strategy, but without the right security measures in place progress stalls, and flaws will become apparent. Organisations must act before it’s too late to address weaknesses and sensitive data is lost for good, or worse, stolen and exploited.

By investing in a solid SaaS protection solution, organisations can put their worries aside when it comes to data storage and security vulnerabilities and focus on providing the best possible experience to their customers and employees.

By Michael Cantor, CIO, Park Place Technologies.
By Christoph Dietzel, Global Head of Products & Research, DE-CIX.
By Paul Gampe, Chief Technology Officer, Console Connect.
By Paul Baird, Chief Technical Security Officer at Qualys.
By Suhaib Zaheer, SVP, Managed Hosting at DigitalOcean & GM, Cloudways.
By Drazen Kerzan, Senior Manager, Solutions Engineering EMEA at Edgio.