If you told your Chief Information Officer a decade ago that your company was about to adopt a policy of giving its mission-critical data to an outside third party to manage, you would have been met with an expression of horror.
Data protection is the number one priority of IT organizations, but in the age of the cloud and Software-as-a-Service, that function is increasingly out of its hands.
SaaS providers make it extremely easy to sign up for their services, and most bury data protection policies in the service agreement terms that nobody reads[i]. In most cases, those provisions are intended protect the service provider rather than the customer. On the other side of the agreement, organizations are adopting a self-service approach to SaaS applications, typically leaving it to business end-users to choose and contract with their preferred cloud providers. Data protection is rarely top of mind in that scenario.
But data protection in the cloud is going to become an increasingly important issue, given the quickening pace of consolidation in the market. Data loss isn’t just an issue of bankruptcy or acquisition. Even Google routinely shuts down services that no longer make business sense. Service outages, equipment failures and user error can result in critical data being lost or unavailable when the business needs it. IDG Research reported that nearly 6 in 10 organizations have experienced a SaaS data loss event in the past 12 months, most often as a consequence of human error.
Data in the cloud is out of your direct control so protecting it requires special considerations. Most SaaS providers permit customers to access and download their data upon demand, but unfortunately that’s only a partial solution. Manual backups are easily forgotten or shoved to the side by more pressing issues, and large data downloads can take hours or even days. Some cloud providers either can’t or won’t recover some types of data, such as contact files or calendar appointments. Others may charge hefty backup fees and allow themselves long lead times. Any reputable cloud provider makes frequent backups, but getting access to those archives is a different story. SaaS is a volume business, so relying upon services to respond to one-off requests for backups is tempting fate. Automated solutions are a must.
If you’re thinking of putting mission-critical data in the cloud, consider how you will get access to your data and get it out if you need to. Make sure you understand the format of the data and how frequently its backed up. Having a data backup is one thing; having a data backup you can actually restore and use is another.
In the cloud, you not only need to think about the code base that runs the product, but also the data. Because one without the other, won’t get you too far.
SaaS is clearly the future of software. Gartner estimates that more than half of new applications adopted by large enterprises this year will be based in the cloud. Giving your data to someone else to manage isn’t a bad business strategy, but failing to protect it is courting disaster.
[i] One recent study found that 98% of volunteers who signed up for a fictitious social networking site failed to notice that the terms of service required them to give up their first-born child is a condition of membership.