How to establish accountability for SaaS data protection?

Gray Scale Photography of Knight

Data protection and matters relating to compliance with data legislation require clear rights and responsibilities within the organization. Responsibility ultimately rests with the CHIEF Information officer (CIO), but as an enterprise's IT and data management needs become more complex, accountability can become fragmented and confusing in the teams reporting to the CIO. Given the tremendous growth of software-as-a-service (SaaS) over the past decade, and its significant acceleration during the COVID-19 pandemic, SaaS has become a good example of how these lines of responsibility are blurring.

Gartner data shows that SaaS is the largest subset of the broader public cloud and a key component of an organization's ability to execute its digital strategy. However, the Digital Transformation (DX) of which SaaS is an important part is based on modern data protection, namely the ability to back up, protect, and restore data across physical, virtual, cloud, SaaS, and Kubernetes environments. The Veeam2021 data protection report found that, in the view of many executives, data protection challenges are hindering the digital transition -- with 58% of organizations around the world potentially having unprotected data. Therefore, it is critical for organizations to establish clear accountability for who is backing up SaaS data, who is planning and stress-testing disaster recovery, and who is performing oversight.

Heavy responsibilities: Who is in charge?
Protecting SaaS data is a daunting task. Consider the size of the data generated by a Microsoft 365 configuration for a large organization, and it is highly likely that much of this data will be confidential, sensitive, and contain information critical to business operations. This data is mission-critical data that needs to be backed up and fully restored in the event of an unexpected outage or network attack. Microsoft 365 is a good example of making assumptions about what data will be protected and what data will not. Microsoft 365's built-in data protection features can provide businesses with a degree of assurance that most of their data is backed up and protected. However, the only way to truly make Microsoft 365 data fully protected and recoverable is through a third-party backup solution. According to the Veeam 2021 Cloud Protection Trends Report, both SaaS and backup administrators are aware of this fact and cite a number of reasons, such as accidental deletion of data, protection against network security attacks, and insider threats to protect Microsoft 365 data.

However, while SaaS and backup administrators more or less agree on the importance of backing up data from applications such as Microsoft 365, there are some contradictions around data protection that suggest a clearer delineation of roles and responsibilities. Veeam's research found some confusion on issues such as backing up SaaS data in containers and using third-party tools. SaaS administrators are more likely than backup administrators to store and back up state data of applications running on containers separately, and are more likely to use third-party tools to back up container data. However, a higher percentage of backup administrators mistakenly believe that their containerized applications do not contain stateful data that needs to be backed up, or that their container architecture is inherently durable.

While there needs to be more education for SaaS and backup administrators on best practices for protecting Kubernetes data, it is encouraging to see that 14% of backup administrators who have not yet backed up data from containers are currently looking for a solution. This will increase as IT teams become more aware of the unique challenges posed by securing containerized application data, driven in part by the continued growth of deployed SaaS applications. Clearly, companies must establish clear accountability for their data protection strategies.

Responsible for modern data protection
The first part of this process is to define clear roles and responsibilities between SaaS and backup administrators to ensure that there is a person responsible for each stage of data protection. Given an organization's emphasis on digital transformation, the role of SaaS administrator will continue to expand rapidly, and the ability to devote resources to data protection may decrease. As a result, backup administrators always have a clear role whose sole purpose is to ensure that data across physical, virtual, cloud, SaaS, and Kubernetes is always protected. As the growth of SaaS accelerates and drives the growth of Kubernetes deployments, businesses must not only establish clear boundaries of responsibility, but also partner with third-party backup specialists.

This will ensure that organizations can take full advantage of the expertise and automation available in the market, putting them at the forefront of modern data protection strategies. This in turn means that organizations' digital transformation will not be hampered by data protection challenges, and they can continue to deploy SaaS, confident that their data will be fully protected in the event of an outage or cyber attack.

No comments

Related recommendation

No related articles!


How to establish accountability for SaaS data protection?