One of the biggest selling points of Software as a Service (SaaS) platforms is security.
After all, having your data stored offsite on a remote server means itâll be safe from prying eyes, right? Not only that, but SaaS platforms like Microsoft 365 promise ease-of-use and built-in security measures â so what could go wrong?
Sadly, for a host of reasons which weâll explore shortly, cloud service data is no safer sitting on a remote server than it would be on your own. In fact, trusting your data to SaaS platforms without backing up actually opens you up to a number of new risks.
If youâve been using cloud services like Microsoft 365, Google Drive, GSuite, Dropbox, and so on without any additional backup protection, donât worry. In this guide, weâll explain what the risks are, why they matter to your business, and â perhaps more importantly â how to mitigate them.
Understanding the true role of SaaS platforms
It feels like almost every application is now destined for the cloud â and for good reason.
Cloud-based SaaS platforms offer great benefits to businesses, including anywhere-access, cross-device support, and seamless updates. But this level of convenience has perhaps given some of us a false sense of security.
Hereâs a simple question: how much responsibility do providers like Google and Microsoft have to protect your data? Because most of us simply skip past those r agreements when we first sign up for these services, (itâs okay, you can admit it), itâs easy to think your data is automatically backed up or protected by these third-parties. In reality? Theyâre not required to provide anything other than the service you signed up for. That is to say, so long as you can access Microsoft Word or Gmail and their technical infrastructure is up, theyâre covered.
If something goes wrong, such as an attacker gaining access to the cloud services â or even an accidental deletion on your side â thereâs no protection for you as a business other than the basic features of the SaaS platforms. Unless a service specifically states that itâs offering a SaaS backup service, you have to assume itâs not happening.
So, if your data really isnât being backed up, what can go wrong?
As it turns out â plenty.
The hidden risks of not backing up your SaaS data
We mentioned earlier that relying on cloud-based data actually presents different risks than local data. In reality, it presents very similar risks plus an array of totally new ones.
Put simply â it just makes sense to have a backup solution in place when your business relies on a third-party cloud service.
Here are just a few of the risks your business might be unwittingly running:
Accidental deletion and human error
A platform like Microsoft 365 does have a couple of safeguards built in â such as a data retention period and georedundancy. While these may protect your data in case of disasters, they wonât protect against user error â such as a team member deleting a critical file by mistake.
Apps like OneDrive and SharePoint can be set up with data retention periods (a form of âsoftâ deletion) which are usually around 90 days. But if nobody notices during that time, itâs curtains for your data.
External threats to your cloud-based apps
Just because your applications are hosted on a remote server and spread across datacentres doesnât mean itâs 100% secure.
In fact, with phishing attacks getting more sophisticated, the risk to cloud-based apps is just as great as native ones. Take ransomware attacks, for example. A cyber-attacker could use a false login page to steal credentials, then log in to a userâs Microsoft Exchange email account and encrypt every email until a financial âransomâ is paid. There are no tools in Microsoft 365 which can resolve this problem â only a third-party cloud backup of the inbox will do that.
Internal threats to your cloud data
In a perfect world, weâd all have 100% trust in all of our employees and nothing would ever go wrong. Sadly, we live in the real world â and internal breaches are a very real possibility.
Imagine if a disgruntled employee, or even just a recently departed user, decides to make a few changes to your files in the cloud from home. They may even download malware or ransomware directly to the cloud server and compromise your entire operation. Without backup, this can be a terminal situation.
But if youâre covered by a third-party cloud backup, itâs a simple matter of disabling the internal userâs account and restoring the data from backup. Crisis averted!
Physical storage failure in the cloud
While the term âcloudâ might sound like something ethereal, your data is still stored on a physical server somewhere in the world. And while itâs true that Microsoft uses georedundancy to reduce the risk of physical server failure, this really only mitigates risk, because you can still lose some data, if not all.
As weâll see in the next section, Microsoft (and all other cloud service providers) have disclaimers in place to cover them for the loss of your data. Put simply, if something goes wrong, itâs not their fault⌠even if it is.
So, while itâs quite rare, if a physical disruption did occur to a cloud server hosting your data, youâd have no way of getting that data back â unless youâve got third-party SaaS backup.
Legal compliance issues
Depending on your industry, you may occasionally be subject to legal requests for data or emails stored by your business.
While Microsoft 365 offers a feature called âLitigation Holdâ, which preserves emails â even deleted ones â this is not effective for any user you might have deleted in the past. Deleting a user will remove their mailbox, OneDrive and SharePoint site, meaning you wonât be able to retrieve it in order to comply with a legal request. Unless, of course, you have a backup of all of that cloud data. And thatâs one great way to stay out of legal hot water.
Are you as protected as you think? Probably not.
As weâve seen, apps like Microsoft 365 do come with some built-in protection against data breaches â but most of these are infrastructural.
In fact, even Microsoft themselves recommend that your backup your cloud data. Hereâs a direct quote taken from the Microsoft service agreement all 365 users must agree to:
âWe strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that youâve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.â
As you can see, even the service providers are transparent about the fact that any data they host on your behalf isnât guaranteed protection from data loss or security breaches. In fact, they even go one step further by recommending the use of a third-party backup solution.
We touched on emails a little earlier, so, surely theyâre backed up by default⌠right?
Well, the answer is sort of.
Out of the box, Microsoft 365 supports a feature known as âemail journalingâ which is sometimes required for legal compliance in certain industries. Itâs also just good practice in business â because you never know when you might need to retrieve an old email.
While email journaling can be enabled on any Microsoft 365 Business plans, youâll actually need to pair it with a third-party storage or backup solution, which can be hosted either in the cloud or on a local server. This will essentially become a storage location for your journaled emails.
Journaling will save a copy of every email that either comes in or goes out of a mailbox, and will generally be enough for most small businesses. That said, if you want to preserve the structure of the mailbox folders, the read/unread status, calendar and task data, and so on, you might want to look into a dedicated email backup service.
Toughen up your cloud security today with Get Support
Here at Get Support, we know exactly how devastating cyberattacks can be. Even losing just one or two critical files can have serious repercussions â which is why our team is so serious about SaaS backup.
We work with leading cloud and SaaS data backup companies like Veeam and Datto to offer full backup and restore services for all cloud platforms. If youâre concerned that your cloud service data isnât quite as protected as you thought, we can help.
Call the team today on 01865 59 4000 and weâll explain exactly how we can help â all in Plain English, naturally.