SaaS (software-as-a-service) applications have exploded in popularity in the last few years. For IT professionals, these cloud-based apps have made our work significantly easier in some ways – but more challenging in others.
Last week, our team was reminded of a very real risk that most business owners (and even savvy IT professionals) often overlook. Fortunately, this didn’t happen to our client, but it could have. And while little can be done after the fact, the good news is that this problem can be prevented.
I’m talking about the importance of doing SaaS backups – or at least getting a good backup of SaaS data.
Small businesses have become increasingly reliant on SaaS applications
Experts estimate that most small businesses are using about 100 cloud-based applications to run daily operations. Examples include:
- Microsoft 365 and Google Workspace for productivity
- QuickBooks Online or Xero for accounting
- Shopify, Weebly, or Big Commerce for website orders
- Jira, Clickup, AirTable, or Asana for project management
Technology companies love the recurring revenue model. Small business owners appreciate the convenience and low startup costs. With a laptop and wifi, employees can work from anywhere. So what can go wrong?
Let’s go back to our client.
This client called in a panic because her friend had apparently lost her entire online business overnight. She and her friend were both using the same eCommerce website application. Could this happen to her? Why wasn’t the vendor being held responsible?
In this case, someone had gained access to her friend’s eCommerce site and either changed or deleted everything, including:
- Customer contact information
- Website content
- Current and past orders
- The entire product catalog
- Hundreds, even thousands, of hours of work
Their vendor was sympathetic, but unhelpful. Because they had chosen a highly reputable, well-established SaaS application, they both assumed the vendor had complete SaaS backups. They expected the SaaS provider could just restore the eCommerce website to the state it was in the day before.
They didn’t. Many SaaS vendors don’t. Or can’t. They tout 99.9% uptime and rock-solid security measures. But all that protection goes out the window if a cybercriminal cracks an employee password. Or if a disgruntled employee acts with malice. Or if the vendor goes out of business. Poof. The entire account can be destroyed in an instant.
The risk is higher when you buy from SaaS startups, like those featured on Product Hunt or AppSumo. We’ve seen scenarios where a SaaS application update broke key features, lost data, or went out of business without much warning. No matter what software you choose to run your business, it pays to do your homework and have a plan in place to protect your data. Know your risk and decide how to manage it.
The problem is that there’s a misunderstanding about the risk and responsibilities when it comes to managing and maintaining SaaS apps. Because the technology landscape changed so quickly (and in the midst of a pandemic) even IT professionals have been slow to react to this emerging threat.
Who’s responsible for what when it comes to managing software applications?
In general, the SaaS provider is responsible for getting the application to a secure website browser. The business owner is responsible from there.
The gray area comes down to the data. The business owns the data, but who’s backing it up? How is it recoverable? This is where it pays to read the fine print. Yes, you should be reading those “terms of service” most users skip right past.
Protecting SaaS data is a shared responsibility
Many SaaS applications make no promises to recover account data. Their promise is to keep the application up and running, and they have failsafe measures in place to protect their data centers. But your data is stored on a shared server with hundreds of other accounts. They often can’t restore your account without impacting all the other accounts. Even if they can recover your data, it might not be provided to you in a usable format.
How do you protect your SaaS data?
1. Restrict user access
Don’t share passwords. Don’t automatically give admin rights to employees. We advise business owners to keep their user account and admin account separate whenever possible. Human beings will always be the weakest link when it comes to data security.
2. Enforce strong passwords and multi-factor authentication
Yes, it’s an extra step to login, but convenience can come with a cost.
3. Read the terms of service
Know the risks and responsibilities for every software application you use. Ask questions. Some vendors may have a native backup service built-in or available for a additional fee.
4. Pick reliable, reputable SaaS software vendors
Make backup and recovery part of your upfront software selection process.
5. Backup your SaaS data
Your SaaS data backup plan can be as simple as exporting key data to a CSV file on a regular basis.
6. Consider a Saas backup service
We offer several tools that we use to backup popular SaaS applications like QuickBooks Online, Shopify and Trello.
Backup and Recovery Services
Our goal is to present you with information so you can make informed technology decisions. By understanding both the risks and costs, you can better protect your business and your budget. If you are interested in learning more about our backup and recovery services, please reach out.
Frequently Asked Questions
What are SaaS backups?
Saas backups are stored backups of your software data incase something happens – this makes the recovery process a lot easier.
Why do we need SaaS backups?
Backups are always important to have. If you get hacked, a disgruntled employee chooses malice, or something just goes wrong… backups of your data are going to make the recovery process possible.
How do I secure my Saas?
Your SaaS provider is not responsible for your data protection. If you don’t know how to do this yourself, find an IT partner to provide SaaS backup and recovery services for you.