Backup And Recovery

SaaS Backup and Recovery Buyers’ Guide

How to choose the right Software As A Service (SaaS) Backup and Recovery software.

SaaS Backup and Recovery Buyers Guide

SaaS Backup solutions are specifically designed to secure data used by SaaS applications such as Salesforce, Microsoft 365, Google Workspace, etc., While you may think your data is safe in these platforms, the vendors are under no obligation to protect your data.

This article will cover:

  • Our Recommendations
  • Why SaaS Backup matters
  • How SaaS Backup works
  • Best Providers
  • Benefits of implementing SaaS backup
  • Challenges associated with it
  • Features Checklist
  • Future Trends

Our Recommendations: Looking for the right key features is an important thing to factor in, however, it is not everything. When selecting the ideal solution for your organization, Expert Insights recommends considering the following factors:

  1. Use a reputable vendor – this will reduce the chance of events like vendors going out of business leaving you in the lurch.
  2. Ensure the solution provides advanced encryption, customizable retention policies, and compliance reporting features – cross reference these with the compliance regulations governing your industry.
  3. Select tools with user-friendly interfaces and easy setup, allowing you to easily find the data you need to restore.
  4. Automation will reduce your staff workload, whilst improving security compliance and consistency.
  5. Veeam’s Kirsten Stoner explained that ‘if your backup infrastructure doesn’t need to be connected to the internet, then don’t have it connected to the internet, because then it’s just one last way an attacker can get in.’
    • While the internet is used to transfer the data from device to storage, most SaaS backup providers use ‘air-gapped’ backups. This means that there is no way to access the data during this process thanks to this gap.

Why SaaS Backup Matters: The key to understanding the importance of SaaS Backup is understanding the Shared Responsibility Model.

  • Currently, SaaS tools will store your data, without accepting actual responsibility for it
  • Microsoft, for instance, only accepts responsibility for its applications and servers, you are responsible for the data within the cloud
  • This shared responsibility makes it all too easy to overlook important data, meaning that it is unprotected during a cyber event
  • In many cases, the default data backups are not comprehensive enough for regulatory approval
  • This is where the need for customers to adopt their own SaaS Backup solution arises

How SaaS Backup Works: SaaS backup solutions are typically cloud-based platforms that connect via API to SaaS applications in order to back up your data. They typically store your data in cloud storage services, such as Amazon S3 secure storage.

These backups can be automated to ensure that they occur consistently and regularly. It is worth scheduling these to happen overnight, at times when fewer users will be impacted. Most SaaS cloud backup solutions will offer granular backup options, e.g. once per day.

Whilst in storage, the data will be encrypted to ensure that it cannot be accessed by malicious actors. 

  • The 3-2-1 rule is recommended for all backup data; this suggests three total backups, using two different media types, with one copy stored offsite
  • This is achieved with SaaS Backup solutions as they store data copies offsite (with stores like Amazon S3 Glacier), allowing you to ensure data security, without taking any additional steps

If a data loss event occurs, be it accidental or malicious, data can be restored from a specific point in time. This effectively returns your account to a point prior to the event taking place.  The best SaaS backup solutions will be non-destructive, so that they don’t overwrite your existing data when restored.

Best SaaS Backup Providers: Our team of backup analysts has put together several shortlists of the best SaaS providers by category and use case:

Benefits of SaaS Backup: There are several reasons organizations should consider implementing a third-party cloud-based solution to manage cloud backups.

  1. Regulatory Compliance: Ensures that organizations can meet legal and regulatory requirements for data retention and protection.
  2. Data Loss Prevention (DLP): Means that data is protected against loss, corruption, and accidental deletion – the SaaS backup can recover any lost data.
  3. Automation: SaaS backup solutions are typically fully automated and so save time on manual data retention processes.
  4. Business Continuity: Reduces downtime and ensures that business operations can continue seamlessly after data loss – this can address the threats posed by ransomware, where you are locked out of your data until you pay a fee.
  5. Scalability: These solutions will scale to accommodate growing data volumes and new SaaS applications, meaning that you do not have to upgrade your backup plans regularly.

Challenges: There are clearly some very strong reasons for implementing SaaS Backup and Recovery solutions within your organization. To make this process as hassle-free as possible, we’ve outlined some key challenges associated with this process.

API Limitations / Recovery Time: SaaS Backup uses APIs to ingest and output data. This can be an intensive process, leading providers to limit or restrict the amount of data that can be used in a set time.

  • The process of recovering large amounts of data can be slowed down, and lead to inaccurate RTO (Recovery Time Objectives) which may be a deciding factor when selecting a platform.
  • Some providers offer ‘limitless’ API which can help you overcome this issue

Data Storage Location and Security: Where and how your data is stored is an essential part of the backup process. It is worth considering what will happen if this storage location is breached.

  • M365 data, for instance, is backed up in Microsoftowned Azure. While there will be significant security measures in place to protect this data, it also presents a big target
  • It’s important to select reliable and secure data centers for storage, with a clear demarcation of responsibilities and processes

High Data Storage Costs: the larger the organization, the more data you’ll have to store. If you want access to historical data, your data storage needs increase even more.

  • It is worth calculating how much your data storage costs are likely to be as different providers offer different pricing models
  • Some providers, for instance, offer Terabyte storage at ~$25 – this can quickly add up across a whole organization
  • Some providers offer ‘per user’ pricing, allowing you to manage this on a monthly/annual basis. This tends to be more cost-effective, but what happens if a user leaves the company? Can their data plan be switched to a different user?

Features Checklist: When looking for a SaaS Backup Solution, Expert Insights recommends looking for the following features:

  • Encryption: Data should be encrypted while in transit and at rest – this assures the integrity of your data, ensuring that it is safe to restore
  • Automated Backups: Regular, automated backups can reduce manual workload, while ensuring security is maintained consistently
  • Notifications: This will provide notifications if a backup session has failed, or any other status-related notifications that admins need to know
  • Granular Recovery: This gives the ability to restore specific files, rather than having to restore a system in its entirety
  • Data Retention: It is important that your platform has data retention periods that align with regulatory expectations. 
    • Some industries require data to be stored for 5 or 7 years, your backup solution should be optimized to facilitate this
  • Scalability: Easily scales to accommodate growing data volumes as your organization grows
  • Compliance Reporting: Tools to help meet regulatory requirements for data protection and retention
    • GDPR, HIPAA, and FedRAMP are all common frameworks that you may have to comply with
  • Point-In-Time Recovery: Your platform should provide a timeline of backups, allowing you to restore data to a specific point in time

Future Trends: As organizations rely more heavily on SaaS services, we expect the market to grow, with SaaS backup having a centralized place within a security setup. Some other trends we expect to see within the SaaS Backup market include:

  • Malware Scanning / Immutability:
    • Traditionally, SaaS backup providers use immutable backups – these have then benefit of ensuring that stored data cannot be tampered with
    • To ensure this data does not contain any hidden malware, vendor security team have had to search all the data to check it is safe
    • We expect vendors to integrate more malware scanning features to ensure that their stored backups do not reintroduce threats into the environment
  • API Limitations:
    • One of the biggest factors in determining speed of recovery is the number of API calls that are carried out
    • Limits on API calls are important as they prevent surges in usage which can crash servers (maliciously or inadvertently)
    • We are hearing of vendors like Microsoft releasing solutions that remove API limits – there will need to be additional security measures in place to prevent server outages
  • SaaS tools with in-built backup
    • As consumers become more aware of the need to backup SaaS data, SaaS vendors themselves will step into this market, offering backup service
    • This will ensure that the backup service is optimized for that platform, ensuring that you do not have to ‘make it fit’
    • This does, however, also raise questions about security, data ownership, and responsibilities – until these areas are addressed convincingly, in-house SaaS backup will not break through
  • Regulatory and best practice alignment
    • Immutable backups are often hailed as the best, most comprehensive form of backup
    • This method, however, contravenes the ‘Right to be forgotten’ as part of GDPR, as this would require organizations to delete entries within stored data
    • We expect to see organizations and regulatory bodies clarify expectations and data retention policies
  • Broader coverage
    • The market is currently focused on MS365 and Google Workspace as these are some of the most used services
    • We expect vendors will offer broader coverage across other SaaS services like Salesforce, HubSpot, and Dynamics

Further Reading: