Why your data might no longer be protected

Why your data might no longer be protected
(Image credit: Shutterstock)

The backup and disaster recovery market isn’t as simple as many of us are led to believe. Why? Well, when working with a SaaS vendor, it is easy to fall into the trap of assuming that security and data protection come as part of the package. Don’t be fooled. This is quite simply no longer the case and for many companies, has not been for a while. In fact, some of your company’s most critical data could currently be hosted on a platform that leaves all of the data protection responsibilities up to you.

Take Salesforce as an example. Recently, the company announced that it is planning to retire its data recovery services as of the 31st of July, putting the onus on customers to protect themselves, and quickly. A robust data recovery program is all about good planning, a robust system, and preparation. This means it’s important to take the time to read the small print, check you’re covered if the day ever does come that a disaster should strike, and know where your data is stored, securely.

Don’t be fooled: One package no longer solves all

Whilst we may have used Salesforce as an example of a company that is no longer going to provide data protection with its other services, they are not the only ones to do this. The reality is that very few SaaS vendors actually offer anything against data protection vulnerabilities or attacks.

If you’re wondering what they do offer, let’s think of the basics. Microsoft365 (formerly Office365) and G Suite are used by many companies as data backup and storage locations. But, what many people don’t realize is that these tools are not as safe as we’d at first think. The best type of protection these tools actually provide you with is a recycle bin to recover a file that you might have accidentally deleted, making it easy to recover pretty quickly. Alongside this, you can also restore an older version of a document if needed. 

However, what you can’t do is restore an account that might have been maliciously tampered with or accidentally deleted. A California company found this out when their admin accidentally deleted their account from G Suite; their entire company’s intellectual property disappeared in a moment. Google had no backup of it whatsoever.

Microsoft 365 arguably contains some of the most significant data protection gaps that IT professionals are tasked with handling. A robust backup solution should get the basics right; it should automate backups that support simple, fast restores, offer capabilities to safeguard business continuity and support processes to meet compliance requirements.

There have been many examples of cyber-attacks over the past couple of months. For attack victims, files often end up corrupted or deleted. In applications like Microsoft 365, if your files get deleted, your IT team is forced to manually recover each individual file, a laborious task that by no means enhances workplace productivity

While the suite provides tools that can support in protecting against these types of attacks, it’s actually more focused on stopping the attacks in the first place as opposed to assisting in recovering from the damage caused. Remember, by migrating your workforce to the cloud and relying on Microsoft 365, it opens up the risk of exposing your data to vulnerabilities.

Providing a robust backup service

Salesforce has historically offered what they called “Data Recovery,” which cost $10,000 and took 6 to 8 weeks to give you a download link for a zip file that would contain CSVs of each of your Salesforce objects. Once downloaded, it would be your responsibility to upload these CSV files in a particular order so that you could reestablish referential integrity between the various documents. 

Meanwhile, you could have a Salesforce instance that was completely nonfunctional. In their announcement, Salesforce mentioned that this was not in keeping with the level of quality customers expect from Salesforce – so they discontinued it. They realized that their data recovery solution was sub-par, and that businesses are better protected if they implement an external solution.

Salesforce is finally confirming that you must backup your own data. (Microsoft and Google should hopefully be just as forthcoming at some point soon.) This means businesses have two choices: a manual, error-prone process that you will most likely forget or make mistakes with, or an automated backup software solution provided by a third party. We’re operating in unprecedented times, and the last thing businesses want to worry about is the safety and protection of their data. 

Costs need to be managed, time is precious, and businesses are looking for more support from their IT management teams. SaaS data protection is vital to enabling IT to support the business, as well as ensuring all data is secure and fully backed-up. Now is the time to examine your options, before Salesforce leaves you with none.

  • W. Curtis Preston, Technical Evangelist at Druva
W. Curtis Preston

W. Curtis Preston is Chief Technologist at Druva.

He is an expert in backup & recovery systems; a space he has been working in since 1993. He has written three books on the subject, Backup & Recovery, Using SANs and NAS, and Unix Backup & Recovery. Mr. Preston is also an independent consultant and writer and has spoken at over 300 seminars and conferences around the world.