For many business owners, and even for those whose main computer usage is strictly personal, the decision to utilize Software as a Service (SaaS) cloud-based products such as Salesforce, Google Apps, or Office365 is made generally as a productivity enhancing and cost-saving measure. However, many users – especially those in the SMB space – neglect to invest in proper backup and recovery tools. They assume that products built on the backs of tech giants like Google and Microsoft must be inherently secure and resilient. Unfortunately, they’re wrong.

Word Cloud "Big Data"

One of the key factors that is most often overlooked when deploying a SaaS solution is the need for backup and recovery. Many users assume that the cloud vendor provides these services or that they are included in the base service, but that isn’t the case. SaaS provider’s backup their systems for the purpose of ensuring their business resiliency and disaster recovery efficiencies, not for end-user data recovery purposes. In fact, the majority of SaaS providers do not offer an easy, integrated backup solution at all which has opened the market for third party vendors like Datto, EMC, and others to provide this service, as well as additional services like archiving and eDiscovery, all for a monthly fee per user.

Infrastructure as a Service providers (IaaS) operate similarly to SaaS providers and only backup their infrastructure for their own disaster recovery and system resiliency purposes. However, unlike SaaS providers, IaaS providers like Microsoft, Google, and Amazon offer a tool set that can backup not only data but VM as well. Depending on the level of service offered, these backups may be located in the same data center as the primary server, or they may be geographically dispersed for additional security and resiliency. That said, a surprising amount of deployments fail to configure backup and recovery options properly, and simply rely on the platform’s overall stability. This is, of course, a disaster waiting to happen.

At this point, it should be evident that although the cloud isn’t as secure as the average consumer may be lead to believe, there are certainly a number of ways to ensure that your data is not only safe, but recoverable should a disaster occur.

Following these simple steps will help to ensure that your data is protected and let you get a great night’s sleep:

  • All cloud deployments (SaaS, IaaS, PaaS) should have a Disaster Recovery plan
  • Data should be independently backed up to a third party vendor or an alternate location, such as a second data center
  • Backups should meet the firm’s data retention policy, for example 30 days, 6 months, 1 year, etc.
  • Testing is key
    • Test restores
    • Test your organization’s Disaster Recovery plan
    • Audit backups frequently to ensure functionality
  • Document the process

Most importantly, remember this rule of thumb: Data protection is the responsibility of the end-user, not the vendor.