Saas does NOT have your back

24th July 2019

Microsoft does not protect you from data loss due to app outages
From their SLA:
We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages. In the event of an outage or disruption to the Service, you may temporarily not be able to retrieve Your Content.
We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.

Microsoft does not protect you from data loss due to deprovisioned user accounts
From their SLA:
If your Microsoft account is closed (whether by you or us), a few things happen. First, your right to use the Microsoft account to access the Services stops immediately. Second, we’ll delete Data or Your Content associated with your Microsoft account or will otherwise disassociate it from you and your Microsoft account (unless we are required by law to keep it, return it or transfer it to you or a third party identified by you). As a result, you may no longer be able to access any of the Services (or Your Content that you’ve stored on those Services) that require a Microsoft account.
You should have a regular backup plan.

Why You need SaaS Backup
There’s a common misconception among SaaS users that backup isn’t necessary for their data because it exists in the cloud. However, this is patently untrue. SaaS applications are just as vulnerable to data loss as on-premise apps. Why? Because the #1 cause of data loss is human error. People delete stuff, open phishing emails, accidentally download malware, and more. SaaS vendors are unable to distinguish if certain user actions are done in error or deliberately.
Other scenarios where customers could lose data include:
• Malicious deletion by a disgruntled employee or outside entity
• Malware damage or ransomware attacks
• Operational errors such as accidental data overwrites
• Lost data due to cancelled app licenses
Aside from recovering from data loss, your techs need an easier way to efficiently manage these applications for clients. This brings us to why your MSP needs to mandate that SaaS backup become one of your main responsibilities.

Why Your MSP Needs SaaS Backup
Customers will blame their MSP for any data loss – even if it isn’t their fault. As your clients’ trusted advisor for all things tech, protecting customer SaaS data should be standard for your business. In addition, you should have an efficient means of managing data and be compensated for the work you put into setup and management of SaaS applications.
SaaS apps provide limited protection against accidental data loss scenarios, and sometimes even less so when it comes to ransomware attacks or malicious end user activity. The reason being that many vendors operate under the “Shared Responsibility Model” – they only claim responsibility for areas that they have complete control over. Microsoft and Google must maintain the availability of their applications and protect their servers from disaster scenarios, but the end user is responsible for the data being created within their applications.
With this in mind, you will need to decide whether you will use a SaaS provider’s native tools (if they exist), or opt for a third-party backup product. The biggest limitation of native tools is that they do not create a secondary copy of your data independent of your SaaS provider—so you have a single point of failure. Many organizations take a “3, 2, 1” approach to backup (3 copies, 2 formats, 1 offsite copy). Third-party tools like Datto SaaS Protection enable this approach by storing data in Datto’s private cloud, purpose-built for backing up and recovering data.
Some native tools might seem suitable to use for backup, but have serious limitations when it comes to restores. For example, Office 365 apps like Exchange or OneDrive allow up to 30 and 93 days respectively to recover deleted user data, which admins may take to mean that data is backed up and easily restorable. Recovering that data from Microsoft is often a cumbersome process and past the retention period, your data is purged. Google Vault cautions against the potential “irreversible purging of data from user accounts” associated with their own retention tools in the how it works page here.
If the lost data is recoverable via native means, you may not get exactly what you need. Matt Maines of Worksighted explains, “If you have 250 folders in your email and it gets accidentally deleted, I can recover all the emails, but it comes back to you as if I took that entire file folder and dumped it all over your desk! Is Is that any good for you? No!”
Ask yourself: Is your email backed up? Well what would happen if someone deleted all their emails and walked out the door?
For more info contact us, or 01622 391300