South African organisations spend $1 billion annually on SaaS or Software-as-a-Service, conveniently bringing many productive applications into their operations at affordable rates and with flexible access. Yet, for all the benefits of SaaS, businesses overlook a crucial responsibility: data backups.
No, your SaaS provider is not responsible for backing up your data. This revelation might come as a shock—aren’t cloud providers supposed to ensure uptime and access? Yes, but there is a crucial difference between that role and comprehensively looking after your data. And you don’t want to wait for disaster before learning the difference.
“Unfortunately, a lot of companies think that using cloud software releases them from their data responsibilities,” says Liz Borges, General Manager – Core Business at Sithabile Technology Services. “Then, when there is a loss of data, they look at the provider to help. But it’s not that simple at all, and you cannot rely on a SaaS provider to cover all your data backups.”
Understanding shared responsibility
SaaS applications are prolific. We all use them: Office365, Google Workspace, Dropbox, Salesforce, Clickup, Slack—these are just a few names from a vibrant market. Since they leverage cloud technologies, one doesn’t need to own a SaaS application or the server hardware to run it, or invest in expensive, long-term licences. There are no hidden fees for updates to new features, and one can access most SaaS applications from anywhere through a browser or designated app.
Yet the same narrative of convenience can incorrectly extend to customer data, creating the impression that data in the cloud is safe. After all, if Microsoft, Amazon, Google, or countless other SaaS providers maintain the background hardware, software, and databases, they’ll do a better job than their clients ever could.
This concept is true, but also not accurate, says Borges, “We can blame some of this misconception on cloud marketing, which is all about convenience and removing the burden from clients. But the devil is in the details. There are two things customers must know about SaaS data. First, the shared responsibility model and, second, how SaaS providers duplicate data.”
The shared responsibility model is a common cloud arrangement that defines the responsibilities between cloud service providers and their clients. It varies from provider to provider but comes down to the same point: cloud providers are not 100 percent responsible for client assets on the cloud platform.
The provider’s responsibility is to ensure consistent access and uptime for all their customers, whereas the client is responsible for access and control of their specific data. Borges compares the concept to security, “Your SaaS provider is responsible for security on the cloud platform, but you are responsible for security on your side. So, if someone hacks your cloud account because you fell for a phishing email, that is not the SaaS provider’s problem.”
Incompatible backups
Many things can happen to cloud data outside of the SaaS provider’s responsibility: criminal intrusions, employee negligence, accidental deletes, and syncing or integration errors being the most prominent.
All these actions have one thing in common: they are in the control of the client, not the provider. Expecting the provider to reduce those risks with backups is unrealistic. It’s also impractical, says Liz Borges:
“SaaS providers make data duplications. Many people don’t realise there is a difference between backups and duplications. A backup is a strategic copy that contains specific data based on a plan that matches business requirements. A duplication is a big copy of everything, even corrupt and deleted data. Backups are designed for storage but a duplication is much more temporary. For example, if you deleted a file last week and need it back, an archived backup will help but a duplication will likely already have changed to reflect the deletion.”
There are more reasons why you want backups, not duplications, but the bottom line is that the latter is not a replacement for the former. Thus, a SaaS provider is not obligated to provide client data backups, nor are its systems compatible with that approach.
“Your data is your problem, so make sure you’ve got backups. Some providers have a separate backup service designed to do the job properly, and there are many third-party backup services that connect with SaaS providers. But it can become messy because SaaS platforms are very different from each other and work with different backup systems. Start with talking to data management experts such as Sithabile and creating a backup strategy.”