Authored by: Joanne Weng, Senior Sales Manager (HQ), Synology Inc.
There’s no way to get around the fact that COVID-19 has fully excelled the deployment of SaaS services for businesses as SaaS apps have become the default system of data for many organisations. However, the cloud adaptation among enterprises has expanded so significantly in such a short period of time that enterprises have neglected the appropriate security measures for Cloud data safely, which led to an increase in cloud security incidents, SaaS attacks, and SaaS data exploitation. Moreover, the innocence of businesses who misunderstand the erasure coding practice of the cloud providers as the safeguard to their cloud data protection measures severely jeopardises businesses’ cloud data safety in the events of external threats, human errors, or others. Below are some of the findings of why SaaS backup should not be overlooked as it become such a crucial practice for enterprises.
External threat has become increasingly worrisome for enterprises. According to Palo Alto Network’s Unit 42 Cloud Threat Report of 1H2021, organisations globally increase their cloud workloads by more than 20% in between December 2019 and June 2020, leading to an explosion of security incidents. The research further indicates that cloud security incidents increase by an astounding 188% in the second quarter of 2020. This shows that while organisations have quickly moved workloads to the cloud in response to the pandemic, they still struggled many months later to automate cloud security and mitigate cloud risks. Moreover, Trend Micro’s Cloud App Security Threat Report 2020 suggests that over 16.7 million high-risk email threats were detected and blocked by Trend Micro Cloud App Security, a 32% increase from the previous year. Trend Micro even predicts that Microsoft Teams, SharePoint, Office 365, and Exchange will be the most targeted SaaS applications for hackers to explore vulnerabilities in 2021. At this pace, it is inevitable that more sophisticated SaaS security measures will need to be introduced.
Besides external threats, human error also is often overlooked as well. According to Gartner, “up to 95% of cloud breaches occur due to human errors such as configuration mistakes, and the research firm expects this trend to continue.” To elaborate more with an example, KPMG attempted to delete a single user’s account from an active account retention policy in 2020. In the midst of all, a human error was made and the policy was applied to the entire KPMG Teams deployment, resulting in the permanent deletion of 145,000 Microsoft Teams users at KPMG. Microsoft later confirmed that the Teams chat data was not recoverable. Even with the proclaimed retention policies of SaaS vendors like Microsoft 365 or Google Workspace, data that were removed may only be restored within the last 25~30 days unless additional policies are set in place. Should the businesses decide to retrieve those data or get put on notice of the deletion beyond the grace period, it would be too late. Thus, to ensure businesses have remedies to the above-mentioned scenarios, like the on-premise IT infrastructure, enterprise cloud data should also be backed up.
A very common yet often ignored backup practice “The 3-2-1 Backup rule” should be evoked. As essential as all enterprise data stored on an on-premise storage environment, SaaS data should be no exception and follow the 3-2-1 backup rule. Every business should have 3 copies of data (production data and 2 backup copies) on two different media (cloud, disk, tape, etc) with at least one copy off-site for disaster recovery. For businesses that are unsure of what it takes to start out or currently limited on budget, It is especially vital for them to look for the following three elements when it comes to SaaS backup strategy, the pricing model, the cost of storage, and the scalability.
Cost of license and number of accounts supported
Unlike SaaS service providers that charge on a per license or per account basis, there are solutions that actually require no license and support unlimited number of accounts. Corin, who provides reconstructive orthopaedic devices globally, struggled to find a backup and archiving solution to backup up Microsoft 365 deployment. After stumbling upon Synology Active Backup for Microsoft 365, Corin is able to save more than 65,000 USD annually with 2,400 accounts being safely protected without any hidden fees.
Growth of data equates to increase in cost
Most business must have experienced the pace of the amount of their digital data been growing. Intuitively, it comes down to how businesses can efficiently utilise storage space because bad quality or duplicate data are expensive. According to Data Warehouse Institute, data quality problems cost U.S businesses more than 600 Billion USD every year. The Neighbourhood Advice-Action Council of Hong Kong, whose initial hurdle was to find a Microsoft Office 365 backup solution to prevent employees accidental deletion, indirectly benefited from Active Backup for Microsoft 365’s deduplication technology that ultimately saved them 67% of the storage space. Their IT admins consequently were able to allocate budget and focus on tasks and projects that require more resources.
Sustain performance as company scale up
Polish lender Idea Bank, is legally bound to keep backups of all operations, including emails, and Microsoft SharePoint data. The bank performed backups of its Microsoft 365 data and user information manually, which the solution was not only proven to be overly time-consuming, the performance issues along with the growth in number of users forced Idea Bank to seek solutions that may sustain service availability while ensuring future demands were met along the way. Idea Bank ultimately deployed two Synology RackStation units to realise more than 160TB of RAID 6 storage to not only protect more than 2,400 Microsoft 365 user accounts and more than 1,200 Microsoft SharePoint sites with Synology Active Backup for Microsoft 365, the need to meet data and employee expansions are also carefully being taken into consideration.