ESG's Christophe Bertrand discusses key findings from ESG Research on Cloud Data Protection, specifically as it relates to misconceptions around Data Protection and SaaS
Hello. My name is Christophe Bertrand, and I am a senior analyst at ESG focused on data protection. ESG recently conducted quantitative research targeting 370 well-qualified IT leaders in North America responsible for data protection technology decisions for their organization, and specifically around those data protection and production technologies that may leverage cloud services as part of the solution.
Today, I would like to double-click on what we heard about protecting data in SaaS applications. There's a big disconnect between the expectations of IT users who leverage SaaS applications and the reality of what is delivered by the SaaS providers in terms of data protection. Indeed, one-third of current and potential SaaS users believe these cloud-based applications do not need to be backed up.
Users might be giving up control and resiliency of the data, but not data protection or governance responsibilities. Similarly, 37% believe that the SaaS provider is actually responsible for protecting data, which is only typically true for limited periods of time and only from an availability standpoint versus data recoverability. The vast majority of current and potential SaaS users came to be familiar with the data protection and recovery SLAs of their SaaS providers with more than half asserting awareness with all SaaS SLAs.
These respondents are more than twice as likely to rely on the SaaS vendor's data protection. ESG believes that they might be confusing availability of the service with actual backup and recovery responsibility, which is always the data owner's concern. SaaS applications are expected to be always on, always available and except for rare service interruptions, they actually are.
Yet, it does not mean that the data is backed up as is the age-old best practice in on-premises environments. Could it be that many organizations are still naive when it comes to data protection in the cloud, specifically as it pertains to SaaS? Nearly three-quarters of respondents believe that cloud-based applications are more resilient than those run on-premises in their own data centers and those perceptions can affect data protection behaviors.
The higher the level of confidence that organizations have in cloud-based application resiliency, the likelier they are to believe that SaaS apps don't need to be backed up, to rely on the SaaS provider for data protection, and to claim that they are familiar with all SaaS data protection SLAs. Many organizations have reported struggling with the quality and availability of the support provided by their SaaS providers with measures of experience with enterprise class support for on-premises resources setting the expectation bar pretty high, SaaS providers will need to up-level the support capabilities.
The most common support shortcomings include finding the right person to solve specific problems, misalignment in terms of understanding what the SLA means for recovery, inexperienced staff, and limited support hours. As far as top data loss causes for SaaS applications, nearly one in three organizations site deletions, whether accidental or intentional, and more than one in five report losing data to service outages or unavailability, an unacceptable level of risk in terms of compliance and RPOs, RTOs for most modern enterprises.
ESG recommends that IT professionals conduct a thorough review of the contractual backup and recovery capabilities and the methodologies provided by the SaaS vendors and consider leveraging third-party applications to help deliver on the data protection SLAs. Thank you for your time.