Data Security Simplified: The reasons why you need to consider a backup for your data

In our latest blog with our National Partner Redstor, we look at simplifying data security and the reasons why you need to consider backup for your Software as a Service (Saas) data.

While businesses of all sizes generally understand that it is important to protect their data from threats like ransomware and to ensure recoverability, there is still a misconception held by some that data held in Software as a Service (SaaS) platforms such as Microsoft 365 and Google Workplace does not require any additional protection.


In the first of a series of blogs, we will look at why you should consider a backup strategy for your SaaS data as part of your wider data security.


What is SaaS data?

SaaS or Software as a Service is a distribution model in which a third-party or vendor supplies a hosted application or software, making it available via the internet; SaaS services are generally referred to as part of cloud services and include services such as Microsoft 365 and Google Workspace (formerly G Suite).


What are the threats to SaaS data?

Microsoft estimates that 58% of all sensitive data is now stored across Microsoft 365 and that up to 80% of users do not have an additional layer of protection for this data. So, what are the threats to SaaS data?


  1. Human error

The most common threats to sensitive data still come from users, in some cases maliciously but in many cases human error leads to data loss, accidental deletion or corruption.

This could be a simple case of deleting the wrong files or accidentally opening a malicious email, file or website and falling victim to a cyber-attack.

The effects of lost or deleted data are often not felt straight away as many of the files we create are not accessed on a regular basis, if at all once they have served their original purpose.

With missing data only identified after a file is requested for legal or compliance reasons, this leads to a rapid response to attempt to access data from in-built retention within a SaaS platform. However, this retention is usually limited and may not contain the data needed, causing compliance issues.


2. Ransomware

Another, well publicised, threat is that of ransomware. While ransomware is typically associated with physical machines or servers, it can have a knock-on effect on your SaaS data as well.

Ransomware strains often take hold rapidly and will encrypt an organisations entire environment in minutes once they have begun (including backups).

For many, SaaS platforms utilise replication to ensure versions of files are up to date. If ransomware infects the local copy of the file however, replication may copy the encrypted version of the file to your SaaS storage preventing the data from being accessible.


3 Compliance

Data backup should make up an important part of any data management and protection policy.

However, SaaS-platform data is often the forgotten factor when considering what data needs to be included. This is especially true in instances where businesses have been forced to rapidly set up SaaS platforms to cope with new requirements for remote access and working.

This data must be included in data management policies and considered as part of data regulations for compliance needs.

If SaaS data is not considered for compliance and included in data protection policies, it could lead to breaches in regulations or lead to holes in disaster recovery and business continuity planning.


Why you need a backup for your SaaS data.

Despite these threats there is still a common misconception held by some that the data is already protected by the vendor running the SaaS service, most commonly Microsoft or Google.

This is not the case however as vendors prioritise platform health and uptime over the data held within them.

It is key for organisations utilising these platforms to ensure they are protecting the critical data being created in them with a third-party backup.

Having this backup in place allows for additional retention in-line with existing data protection policies, ensures compliance with regulations and vitally ensures that data can be recovered in the event or loss or deletion, both purposeful or accidental.


About Redstor

Redstor is excited to support Business Resilience International Management (BRIM) and the UK Cyber Resilience Network a National Member.

Redstor aligns with Cabinet Office and National Cyber Security Centre (NCSC) guidance, with a solution that backs up and archives data securely and directly to the cloud, mitigating the risk of ransomware with isolated offsite protection – and without the need for on-prem hardware that can be compromised, leaving organisations paralysed.

Accelerated recovery of backed up data is seen as the last line of defence in the world of cyber security and this is Redstor’s key area of expertise. Redstor looks forward to providing advice and support on best practice in conjunction with the experts from BRIM and wider law enforcement.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.

South East CRC White copy.png

USEFUL LINKS

CONNECT WITH US

  • LinkedIn
  • Twitter

© 2021 - The Cyber Resilience Centre for the South East

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.