Aberdeen Group - Home
SaaS Data Loss: The Problem You Didn't Know You Had
Dick Csaplar
FEB 08, 2013 08:00 AM
A+ A A-

In January 2013, Aberdeen surveyed 123 organizations to learn how they use the Public Cloud as part of their IT infrastructure. This Blog will focus on Software-as-a-Service (SaaS) as a platform for enterprise applications and the surprisingly high percentage of survey respondents that reported losing data from their SaaS applications. This report is a warning to all that have mission critical data in Public Cloud SaaS deployments — you may not be as well protected as you believe.

Public Cloud Services

Almost every IT function can be outsourced to a third-party provider and purchased on an “as-a-Service” basis. As part of the survey, Aberdeen asked respondents to report the types of Cloud services they use to support their computing infrastructure. The percentages in Chart 1 will add up to greater than 100% as respondents were allowed to identify all services they currently have deployed in the Public Cloud.

Chart 1

Software-as-a-Service is the most common form of Public Cloud used. Eighty percent (80%) of survey respondents reported some form of SaaS application in their organization. The reasons are easy to understand: a SaaS application requires no long-term software license, the time to deployment is very fast, and in many cases, end-user organizations can bypass IT as no corporate computing resources are required to use a SaaS services other than access to the Internet.

Cloud SaaS Offerings

Most software vendors now offer a SaaS deployment of their application. Users are likely familiar with SalesForce.com, Google Apps, and Microsoft Office 365 as the most widely used of these, however there are now SaaS offerings for almost every aspect of business management. The technology can be used for departmental apps (such as customer relationship management (CRM), product lifecycle management (PLM), and business intelligence (BI) or by function (email, database, and ecommerce).

Using the SaaS form of an application is becoming popular. In Chart 2, survey respondents reported what types of SaaS applications they used in their organizations.

Chart 2

The usage rates varied dramatically, with the CRM arena dominating the field (not surprising as this is the home of the popular SalesForce.com). Microsoft's CRM application is also in this category. The 52% utilization rate includes CRM used to manage sales and also service functions such as help desk and customer repair.

Email is the second most popular SaaS deployment with Exchange mail accounting for about 38% of the total. Even with Finance and Accounting, the source of some of the most private data a company manages, 17% of survey respondents reported trusting their data in a SaaS deployment.

Aberdeen will continue to monitor the usage of Public Cloud SaaS applications and expects to see the utilization rates much higher in the coming years, as the ease of use and financial benefits of this form of computing become widely understood.

SaaS Data Protection

With the growing popularity of SaaS application usage, there is one issue that is not widely publicized — data loss. SaaS providers are quick to point out that their data is professionally backed up with the application spread over several geographically dispersed datacenters. SalesForce.com reports on its website that it performs both disk-to-disk as well as disk–to-tape backup for redundant recovery capability. This ensures that the common causes of application downtime are covered, including loss of power, natural disasters, and application failures. Most SaaS users believe their data is protected, and for these types of data loss, they are correct.

However, once an individual data element in a SaaS application gets changed and the application closed, there is little to no ability to recall the old data. If a particular data field is over-written by an end-user, co-user, or contributing application, the original data is either lost entirely or becomes difficult and expensive to recover. Some SaaS providers do offer services to recover over-written or deleted data, but those services can take several weeks before the data is produced and be very expensive.

While 68% of SaaS-users reported that they have never lost any of their data from an application, a full third (32%) reported that they had. Chart 3 shows the causes of the data loss. This portion of the chart will not total to 100% as those that lost data were allowed to report multiple causes.

Chart 3

The most common reason for SaaS data loss is end user deletion. This is easy to do; SaaS providers may provide multiple warnings about making sure the data changes are desired before the application is closed, but end users will still make mistakes. The second most common cause of data loss is where one employee over- writes a data element shared by others. The original employee may open the SaaS application to see that the data they entered and saved properly has been over-written by a later user.

The Solution

There are services in the market that will proactively backup the data in a SaaS solution and store those files for later access. These files can be stored on their site or at yours depending on your requirements. Some industries require third-party backup protection for compliance purposes so using these sorts of services meets that legal requirement.

As the popularity of SaaS grows and larger enterprises adopt more SaaS solutions, we expect them to demand the same level of control and data protection for their SaaS deployments as they have for their on-premise applications. For mission critical applications, each and every data element needs complete protection. Whatever the solution, SaaS users must ensure that their critical business information is protected from both macro- and micro-disaster events.

by Dick Csaplar
Senior Research Analyst, Virtualization and the Cloud
IT Infrastructure Group
Aberdeen Group

[%= name %]
[%= createDate %]
[%= comment %]
Share this:
Please login to enter a comment: