Your SaaS Data May Not Be As Safe As You Think

DELETE. It's a button we hit every single day. But normally, we are comforted by the fact that if we need to get something back that we accidentally deleted, backup software can save the day. But what happens when you delete data within a SaaS application? In some cases it is as simple as pulling up the virtual trash can and retrieving it. Sometimes, however, its not so simple. While the majority of the enterprise-grade SaaS offerings have robust methodologies for backing up and restoring data to protect against data loss or disaster, they may or may not make this technology available to you as the user. In cases where data is deleted accidentally or maliciously, tied to the account of departing employees, wiped out by rogue applications or lost during a migration, the vendor may or may not work with you to retrieve data from its backups. 

How well do you know your SaaS provider's SLAs for retrieving data? Chances are, this isn't something you've spent much time thinking about. In a recent report, we dug through the backup and restore policies of dozens of SaaS vendors and found the results extremely variable. Some vendors will help restore data, but only for a hefty fee, others will take no part in assisting you with restoring data, and the vast majority, simple don't disclose their policies. Here are excerpts from several SaaS provider's restore policies that we found particularly interesting:

  • Google Apps: "Once an administrator or end-user has deleted any data in Google Apps, we delete it according to your Customer Agreement and our Privacy Policy. Data is irretrievable once an administrator deletes a user account."
  • IBM SmartCloud: "IBM's safeguards against accidental deletion include a 'trash can' which gives users and admins a second chance to recover data within SmartCloud Notes. Admins can prevent users from emptying this trash can for a configurable number of days (up to 90). IBM can restore data on a case-by-case basis if needed. The process typically takes 1-2 days depending upon the artifacts involved. No fee is required."
  • Microsoft Office 365: "Microsoft also allows end users to recover accidentally deleted files from a recycle bin. Administrators can restore data — such as collections — as well as deleted users."
  • Salesforce.com: "Data Recovery is a last resort process where Salesforce.com Support can recover your data at a specific point in time, in the case that it has been permanently deleted or mangled during a data import. The price for this service is a minimum of $10K (Ten Thousand US Dollars)."

How can you combat these risks? I hate to expose a problem and not suggest a solution. While there are several different tactics one can take to mitigate the risks of losing SaaS data, one of the most straightforward approaches is to work with a cloud-to-cloud backup provider. I've outlined a few examples of these providers below:

I'd love to hear from you: have you ever experienced data loss in your SaaS solution? How did you deal with it? Are these risks that you are concerned with?

I encourage you to read my full report here.

Comments

Oh yes I have suffer a

Oh yes I have suffer a similar loss with Google Apps and as the policy says the data wasn't retrievable! This is such a sad situation :/
Well Thanks for your Cloud to cloud backup suggestion, I am sure this will be a help in future :)