One of the biggest selling points of Software as a Service (SaaS) platforms is security.
After all, having your data stored offsite on a remote server means it’ll be safe from prying eyes, right? Not only that, but SaaS platforms like Microsoft 365 promise ease-of-use and built-in security measures – so what could go wrong?
Sadly, for a host of reasons which we’ll explore shortly, cloud service data is no safer sitting on a remote server than it would be on your own. In fact, trusting your data to SaaS platforms without backing up actually opens you up to a number of new risks.
If you’ve been using cloud services like Microsoft 365, Google Drive, GSuite, Dropbox, and so on without any additional backup protection, don’t worry. In this guide, we’ll explain what the risks are, why they matter to your business, and – perhaps more importantly – how to mitigate them.
Understanding the true role of SaaS platforms
It feels like almost every application is now destined for the cloud – and for good reason.
Cloud-based SaaS platforms offer great benefits to businesses, including anywhere-access, cross-device support, and seamless updates. But this level of convenience has perhaps given some of us a false sense of security.
Here’s a simple question: how much responsibility do providers like Google and Microsoft have to protect your data? Because most of us simply skip past those r agreements when we first sign up for these services, (it’s okay, you can admit it), it’s easy to think your data is automatically backed up or protected by these third-parties. In reality? They’re not required to provide anything other than the service you signed up for. That is to say, so long as you can access Microsoft Word or Gmail and their technical infrastructure is up, they’re covered.
If something goes wrong, such as an attacker gaining access to the cloud services – or even an accidental deletion on your side – there’s no protection for you as a business other than the basic features of the SaaS platforms. Unless a service specifically states that it’s offering a SaaS backup service, you have to assume it’s not happening.
So, if your data really isn’t being backed up, what can go wrong?
As it turns out – plenty.
The hidden risks of not backing up your SaaS data
We mentioned earlier that relying on cloud-based data actually presents different risks than local data. In reality, it presents very similar risks plus an array of totally new ones.
Put simply – it just makes sense to have a backup solution in place when your business relies on a third-party cloud service.
Here are just a few of the risks your business might be unwittingly running:
Accidental deletion and human error
A platform like Microsoft 365 does have a couple of safeguards built in – such as a data retention period and georedundancy. While these may protect your data in case of disasters, they won’t protect against user error – such as a team member deleting a critical file by mistake.
Apps like OneDrive and SharePoint can be set up with data retention periods (a form of ‘soft’ deletion) which are usually around 90 days. But if nobody notices during that time, it’s curtains for your data.
External threats to your cloud-based apps
Just because your applications are hosted on a remote server and spread across datacentres doesn’t mean it’s 100% secure.
In fact, with phishing attacks getting more sophisticated, the risk to cloud-based apps is just as great as native ones. Take ransomware attacks, for example. A cyber-attacker could use a false login page to steal credentials, then log in to a user’s Microsoft Exchange email account and encrypt every email until a financial “ransom” is paid. There are no tools in Microsoft 365 which can resolve this problem – only a third-party cloud backup of the inbox will do that.
Internal threats to your cloud data
In a perfect world, we’d all have 100% trust in all of our employees and nothing would ever go wrong. Sadly, we live in the real world – and internal breaches are a very real possibility.
Imagine if a disgruntled employee, or even just a recently departed user, decides to make a few changes to your files in the cloud from home. They may even download malware or ransomware directly to the cloud server and compromise your entire operation. Without backup, this can be a terminal situation.
But if you’re covered by a third-party cloud backup, it’s a simple matter of disabling the internal user’s account and restoring the data from backup. Crisis averted!
Physical storage failure in the cloud
While the term ‘cloud’ might sound like something ethereal, your data is still stored on a physical server somewhere in the world. And while it’s true that Microsoft uses georedundancy to reduce the risk of physical server failure, this really only mitigates risk, because you can still lose some data, if not all.
As we’ll see in the next section, Microsoft (and all other cloud service providers) have disclaimers in place to cover them for the loss of your data. Put simply, if something goes wrong, it’s not their fault… even if it is.
So, while it’s quite rare, if a physical disruption did occur to a cloud server hosting your data, you’d have no way of getting that data back – unless you’ve got third-party SaaS backup.
Legal compliance issues
Depending on your industry, you may occasionally be subject to legal requests for data or emails stored by your business.
While Microsoft 365 offers a feature called “Litigation Hold”, which preserves emails – even deleted ones – this is not effective for any user you might have deleted in the past. Deleting a user will remove their mailbox, OneDrive and SharePoint site, meaning you won’t be able to retrieve it in order to comply with a legal request. Unless, of course, you have a backup of all of that cloud data. And that’s one great way to stay out of legal hot water.
Are you as protected as you think? Probably not.
As we’ve seen, apps like Microsoft 365 do come with some built-in protection against data breaches – but most of these are infrastructural.
In fact, even Microsoft themselves recommend that your backup your cloud data. Here’s a direct quote taken from the Microsoft service agreement all 365 users must agree to:
“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”
As you can see, even the service providers are transparent about the fact that any data they host on your behalf isn’t guaranteed protection from data loss or security breaches. In fact, they even go one step further by recommending the use of a third-party backup solution.
We touched on emails a little earlier, so, surely they’re backed up by default… right?
Well, the answer is sort of.
Out of the box, Microsoft 365 supports a feature known as “email journaling” which is sometimes required for legal compliance in certain industries. It’s also just good practice in business – because you never know when you might need to retrieve an old email.
While email journaling can be enabled on any Microsoft 365 Business plans, you’ll actually need to pair it with a third-party storage or backup solution, which can be hosted either in the cloud or on a local server. This will essentially become a storage location for your journaled emails.
Journaling will save a copy of every email that either comes in or goes out of a mailbox, and will generally be enough for most small businesses. That said, if you want to preserve the structure of the mailbox folders, the read/unread status, calendar and task data, and so on, you might want to look into a dedicated email backup service.
Toughen up your cloud security today with Get Support
Here at Get Support, we know exactly how devastating cyberattacks can be. Even losing just one or two critical files can have serious repercussions – which is why our team is so serious about SaaS backup.
We work with leading cloud and SaaS data backup companies like Veeam and Datto to offer full backup and restore services for all cloud platforms. If you’re concerned that your cloud service data isn’t quite as protected as you thought, we can help.
Call the team today on 01865 59 4000 and we’ll explain exactly how we can help – all in Plain English, naturally.