Cloud providers’ default retention policies are not enough: You better back your SaaS up

If there’s one thing that recent earnings reports from Microsoft, Google and Amazon made clear, it’s that their cloud businesses are booming.

While the shift to the cloud is well underway, many companies aren’t paying attention to a critical aspect of this growth: the dramatic increase in data generated by SaaS that is not adequately protected. This exposure can put companies at greater risk for ransomware attacks, breaches, compliance woes and much more.

The growth of enterprise SaaS is rapid and inevitable. Gartner expects end-user spending on SaaS to rise over 18% to $171.9 billion in 2022 from $145.5 billion in 2021 — and it’s easy to see why.

The SaaS model offers significant value to both service providers and customers, ranging from reduced costs to simplified management and maintenance. The benefits of SaaS are many: It eliminates the need to install and configure software; it gives the customer greater financial flexibility by moving from licensing fees to subscriptions; there is no need to purchase and maintain hardware; and new releases and upgrades are automatically deployed.

Without the right policies in place, organizations often have little visibility into what SaaS data they actually have; whether that data is in compliance, protected or compromised.

But despite its rapid growth and countless benefits, there are significant challenges associated with managing and protecting SaaS data. That’s a problem that can only get worse, as for many organizations, SaaS is the fastest-growing segment of their data.

Cloud providers’ default retention policies are not enough

Each cloud service provider (CSP) and SaaS provider has its own data retention policy, and once that policy expires, the customer is responsible for backing up, protecting, and, if needed, restoring the data in the event of a cyber attack.

Not only is the customer responsible, but data retention policies can differ based on the provider and the type of SaaS data. In the current world of rampant ransomware attacks and stringent privacy and compliance regulations, leaving data unmanaged and unprotected is a risk few organizations can take.

Let’s look at Microsoft 365 as an example. Microsoft 365 adoption has been phenomenal, with nearly 300 million users and over 50% subscriber growth over the past two years. It is one of the most popular enterprise SaaS applications, and yet backup options are limited in terms of data stored on Azure.