Backing up SaaS Apps: Native, SaaS or DRaaS?

Data is big business. With more and more data being created by people around the world every day, there is a growing market, and need, for data protection. This, compounded with the rising rates of malware, ransomware, and data loss due to everyday human error, make backup for your SaaS applications like G Suite, Office 365 and Salesforce, a must-have.

SaaS providers are only responsible for backup in instances of power failure, infrastructure failure or a natural disaster. Otherwise, you are responsible for the risks at your end — recovery of data lost due to accidental deletion or security attacks. Traditional approaches to data recovery are evolving as more organizations adopt cloud-based services like Office 365 or G Suite, so that data recovery targets can be met. In this post we outline and weigh-in on the differences between Native backup, DRaaS backup, and SaaS data backup for your SaaS applications.

Diagram of SaaS backup options including DRaaS, native and SaaS

Native Backup

A SaaS data backup may seem like overkill when using a secure SaaS platform like G Suite, Office 365 or Salesforce, but think again. In the Forrester report, Back Up Your SaaS Data — Because Most SaaS Providers Don’t, analyst Naveen Chhabra states that backing up SaaS application data is your responsibility and cloud-to-cloud is the only practical option for SaaS Data Protection.

Relying on the Service Level Agreements (SLAs) from your SaaS providers is putting your data in danger. In fact, in nearly every SaaS providers’ SLA it clearly states that customers are responsible for protecting their own data. For example, Google allows you to only restore data that was deleted within the past 25 days – “You have a limited time from when the data was permanently deleted to restore files and messages. After that, the data is gone forever.”

SaaS platforms also offer built-in tools that can be confused with backup and recovery solutions. Some built-in tools include the the Trash or recycle bin. However data is only stored in them for a limited amount of time, after which it is purged. Moreover, admin assistance is required to restore data. For example, Salesforce’s Recycle Bin holds data for only 15 days, only holds the latest version, does not restore metadata and requires admin assistance to recover data. A backup solution is only as good as its restore capabilities, such that you can easily get your information directly back into your SaaS applications exactly the way it was before. Any compromise on that is not worth the time, effort and stress that will ensue in the event of data loss.

In addition to the recycle bins offered by SaaS applications, some offer archiving and eDiscovery tools that are included with certain plans or are offered as an add-on. For instance Google Vault is a useful business tool for archiving and eDiscovery, but, it is not a backup plan as it does not allow you to restore your data directly into the user’s account  in the event of a loss. Similarly, Salesforce’s native data backup option is a manual, weekly export, and it doesn’t include metadata and customizations. In fact, Salesforce recommends that customers develop their own reliable data backup and recovery strategy. Office 365 provides a native option using litigation hold. However, recovery with the native options can be time-consuming and is not an exact restore.


DRaaS Backup

Tech advances and the increase in cloud computing has made Disaster Recovery as a Service (DRaaS) a booming business. DRaaS is defined as “the replication and hosting of physical or virtual servers by a third party to provide failover in the event of a man-made or natural catastrophe.”

DRaaS provides the capability to move to failover live servers in an alternative cloud environment. However, the extent of the replication, level of restoration and time taken to restore is based on the DRaaS SLAs, which have to be carefully detailed.

DRaaS also requires significant internal capabilities such as the infrastructure and expertise to use and manage a virtualized server environment, and reliable connectivity between your customers and that environment. When used to backup SaaS applications in particular, DRaaS may not be the best choice, as the SaaS vendor is responsible for managing the app’s infrastructure and if the SaaS app fails, DRaaS solutions cannot put back the environment.


SaaS Data Backup

Third-party SaaS data backup is an automated or on-demand snapshot of your data. The data is stored in a multi-tenant cloud computing environment that can be easily recovered in case of data loss.

SaaS cloud-to-cloud backup, like Spanning Backup, makes backup and restore automated, so you can set it and forget it. Since your data is securely held off-site on the cloud, it gives you a safe second place to house your data.

If you suffer a data loss event, SaaS backup improves the reliability and speed with which you or the end use can easily recover an exact copy of your data from any point-in-time backup…which is great for business continuity.

SaaS backup offers multiple benefits to organizations, not only when it comes to quickly restoring data faster than a vendor can, but it also provides regular data quality checks and helps meet audit and compliance requirements.  Additionally with provisions to restore files granularly from a point-in-time backup, it is a much better solution than “dumpster diving” through thousands of deleted files.

For more information, read Simplifying the 3-2-1 Rule for Data Protection in the Age of the Cloud.


Choosing the Backup that Fits

Applications like G Suite and Office 365 don’t guarantee full restoration of lost data if an issue occurs on the user’s end. Can you risk losing data older than 25-30 days and deal with a patchy restore as offered by native backup options? Therefore, an organization’s IT department needs to fill in the data protection gaps by selecting a backup and recovery solution themselves.

When deciding on an optimal backup and recovery solutio, consider your business priorities. Review your Recovery Time Objective (RTO) – system downtime acceptable to your business, and your Recovery Point Objective (RPO) — the acceptable amount of data loss and the level of in-house disaster recovery skill.

While DRaaS, with its promise of high availability, may seem like an added security blanket, when applied particularly to backup of cloud applications, it may be unnecessary and not worth the extra price and legal wrangling for the SLAs. For instance, SaaS application vendors ensure in their SLAs that availability is extremely high, making DRaaS a non-option. DRaaS solutions also cannot provide failover if the SaaS application itself is down — if Gmail is down, a DRaaS solution cannot help, as it will only hold the emails but cannot restore them or host Gmail until Google fixes the issue on their end.

SaaS backup with its automated backup, support to restore data on a granular basis from any point-in-time backups and ease-of-use where end users can self-service restores make data protection reliable and recovery quick and easy. Cloud backup also simplifies audit compliance with its assured recoverability and options to store data in specific regions to meet compliance needs. Free up  your IT teams so they can focus on what they do best, without worrying about maintenance, updates or data loss.

Learn more about Spanning Backup

*** This is a Security Bloggers Network syndicated blog from Spanning authored by Daivat Dholakia. Read the original post at: