Establish ownership over SaaS data protection

By Rick Vanover, Senior Director of Product Strategy, Veeam

Rick Vanover, Senior Director of Product Strategy, Veeam
Data protection and data compliance issues need clear ownership within an organization. Ultimately, the responsibility rests with the chief information officer (CIO), but as the IT and data management needs of companies become increasingly complex, the responsibility of the teams that report to the CIO can become fragmented and confused. Given the enormous growth of software as a service (SaaS), which has taken place in the last decade and accelerated significantly during the Covid-19 pandemic, it has become a great example of how these lines of ownership can be blurred.

SaaS, the largest subset of public cloud services according to Gartner, is a key element in an organization’s ability to execute its digital strategy. But Digital Transformation (DX), of which SaaS is a vital component, relies on Modern Data Protection – the ability to backup, secure and restore data in physical, virtual, cloud, SaaS and Kubernetes. Veeam’s 2021 Data Protection Report found that data protection challenges were hampering DX in the eyes of CXOs – with 58% of global organization data potentially unprotected. Therefore, it is crucial that organizations establish clear ownership over who is backing up SaaS data, who is planning and testing disaster recovery, and who is enforcing regulation.

The big job: whose is it?

Protecting SaaS data is a big job. Imagine the magnitude of data produced by a large organization’s Microsoft 365 provisioning. Many of them are likely to be confidential, sensitive, and contain information vital to business operations. This is mission-critical data that must be backed up and fully recoverable in the event of an unplanned outage or cyber attack. Microsoft 365 is a good example of how you can make wrong assumptions about which data is protected and which is not. The data protection capabilities built into Microsoft 365 can give businesses some assurance that most of them are backed up and protected. However, the only way to really have peace of mind that your Microsoft 365 data is fully protected and recoverable is by using a third-party backup solution. Both SaaS and Backup administrators are catching on to this fact, according to Veeam’s 2021 Cloud Protection Trends Report, citing reasons such as accidental data erasure, preparedness against cybersecurity attacks, and insider threats. to protect Microsoft 365 data.

However, while SaaS and Backup administrators are more or less aligned on the importance of backing up data from applications such as Microsoft 365, there are tensions that point to the need for a clearer definition of roles and responsibilities. when it comes to data protection. Veeam’s research has revealed confusion over issues like backing up SaaS data in containers and using third-party tools, for example. SaaS administrators are more likely than Backup administrators to store state data for applications running in containers separately and back up there, and they are more likely to back up container data using a third party tool. While a higher proportion of Backup administrators mistakenly believed that their containerized applications did not contain stateful data that needed to be backed up or that their container architecture was natively durable.

While further education is needed from both SaaS and Backup administrators when it comes to best practices for protecting Kubernetes data, it is encouraging to see that the 14% of Backup administrators who currently do not back up Container data security are already looking for a solution. This will only increase as IT teams become more aware of the unique challenges of protecting containerized application data, which will in part be driven by continued growth in SaaS application deployment. What is clear is that companies must establish clear ownership over their data protection strategy.

Modern data protection

The first part of this process is to clearly define the roles and responsibilities of the SaaS and Backup administrators to ensure that each stage of data protection has a responsible person. As the roles of SaaS administrators will continue to expand at a rapid pace due to the emphasis organizations are placing on DX, their ability to dedicate resources to data protection is likely to diminish. Therefore, there will always be a clear role for backup administrators with the sole purpose of ensuring that physical, virtual, cloud, SaaS, and Kubernetes data are always protected. With the acceleration of the growth of SaaS and the momentum of the deployment of K8s, companies must not only establish clear lines of responsibility, but also work with a third-party backup specialist.

This will ensure that organizations take full advantage of the expertise and automation available to them, putting them at the forefront when it comes to their Modern Data Protection strategy. In turn, it means that organizations’ DX is not held back by their data protection challenges and that they can continue to deploy SaaS with the confidence of knowing that their data is fully protected in the event of a disruption or cyber attack.