The Misconceptions and Realities of Data Protection in Cloud-based Office Productivity Suites Today

Topics in this article

Speaking with customers and prospects is the Spanning product team’s number one priority, and we continue to hear some common themes related to SaaS data protection. It’s always nice to see our findings confirmed by others, — especially industry analysts, In a recent international Gartner study, they found that businesses now consider SaaS deployments mission-critical for cost savings, innovation, and agility. Cloud-based productivity suites like Google Apps and Office 365 are becoming prevalent in the enterprise market, however, as Gartner’s research shows, data loss, privacy and security continue to be primary concerns.

When organizations move to cloud-based applications, they often misunderstand and underestimate the need to consider third-party data protection for SaaS applications like Google Apps and Office 365. So, I’d like to examine some of the misconceptions and explain the realities of data protection in these cloud-based office productivity suites.

Misconceptions about SaaS data protection
It is common for SaaS adopters to think that once they implement a cloud-based productivity solution like Google Apps or Office 365 there’s no further need to think about backup and recovery. Yet approximately 32% of SaaS users have lost data in the cloud.

cloud question markHow is this possible? Many SaaS users don’t fully understand what their cloud service provider covers and where their own responsibility begins in protecting data stored in SaaS applications. Each service provider’s SLA contains detailed and often confusing information on the configuration and policies surrounding each service. Navigating the options is difficult and even with full understanding, there are clear gaps in the providers’ ability to protect and restore customer data.

For example, in Office Exchange Online, users can purge their deleted items folder and their “junk folder” (recoverable items folder). By default, the data is permanently deleted from the recoverable items folder after 14 days (or 30 days if the administrator extends this period manually). Without the right policies in place and a third-party backup and recovery partner, users may be left with no recourse to get this data back from Microsoft. You can learn about other similar scenarios in Office Exchange Online and how to prevent data loss here.

With Google Apps, if a departing employee were to “clean up” his or her Drive by deleting folders shared with others and emptying the trash, this data would be lost for good. Read more about data loss in Google Apps here.

SaaS application users that assume their data is just one support ticket or phone call away are often disappointed (and panicked) to hear that their cloud service provider cannot help them recover data that disappears due to factors like human error, hacking, malicious insiders, sync error, and more. Have other preconceived notions about SaaS data protection you want cleared up? Check out this article that addresses the most common misconceptions surrounding cloud-to-cloud backup.

The reality and responsibilities of SaaS data protection
SaaS vendors like Google and Microsoft can’t protect you from yourself. SaaS vendors do a great job at running their applications and preventing data loss due to hardware failure, software failure and natural disasters but they don’t completely cover user-driven data loss. In fact, they explicitly state that will carry out all actions requested by your organization.

Why this is the case? Because SaaS vendors have the responsibility to treat customers’ data in the manner the customer prescribes. As a customer, if I say “delete this data,” my SaaS vendor has a legal obligation to remove every copy of the data from their servers. But what if I’m deleting something by mistake or a malicious insider is trying to harm the company? Unfortunately, the SaaS vendor can’t know the intent of the person deleting the data, and most importantly, they can’t keep copy of my data around “just in case,” because their legal obligation is to delete it.

Both Microsoft and Google make this clear. The Office 365 Trust Center states, “With Office 365, it’s your data. You own it. You control it.” Similarly, Google tells customers, “To put it simply, Google does not own your data.” Clearly, managing and protecting SaaS application data must be viewed as a partner effort between the cloud provider and customer.

Solving SaaS data protection for good with third-party backup and restore
Though the information I’ve shared may seem daunting, it’s no reason to turn away from cloud-based productivity solutions. Just remember that you’re not alone. Many organizations are going through the same evolutionary changes, adapting their processes and policies, and looking for solutions to help protect and secure their data.  Spanning’s suite of SaaS backup and recovery products have helped thousands of organizations protect critical business data in SaaS applications and more importantly, performed over 9 million restores, making worry over data loss in the cloud a thing of the past.

About the Author: Mat Hamlin

Topics in this article