SaaS (Software as a Service) is currently the most common model of delivering software application from the cloud, based on a per user subscription basis. The software product can be an office suite application, a CRM system, or even an ERP system…
In the SaaS model, the software product does not require local installation on the client side, because it is deployed at the physical facilities of the SaaS vendor. Thus, the client does not have access to the system infrastructure. The end-user only pays for the time of using the software application, rather than the cost of the license. The provider of the SaaS application is responsible for the operability, availability, and updating of the software service.
In this article, we will talk about SaaS data protection, but first, a few words about the most popular SaaS applications (or apps): Office 365.
Microsoft 365 is a software product that combines a set of web services, which is distributed on a subscription basis under the “Software plus services” program. The office 365 package provides access to various programs and services based on the Microsoft Office platform, business-class e-mail, functionality for communication, and document management features. In April 21st, 2020 a new version called Microsoft 365 was released instead of the earlier Microsoft Office 365.
Microsoft Office 365 was primarily designed to provide email hosting, corporate social networking, and cloud storage for businesses. Initially, the package included the following tools:
- Business class email on Microsoft’s Exchange server;
- SharePoint portal and public business site with a simple page builder;
- Communicator Lync (Skype for Business), which allows to exchange text messages, conduct video and audio conferencing, and share desktop;
- Access to applications of the latest version of Microsoft Office
- OneDrive storage space
With the release of Microsoft Office 2013, Microsoft Office 365 has been expanded to provide services for different types of businesses, as well as for individual users who want to use the Microsoft Office suite on a subscription basis.
Office 365 requires Internet as a pre-requisite, because programs are verified and activated each time the end-user starts an Office 365 program or app.
Office 365 became especially popular during the COVID-19 pandemic when many employers had to switch to a “work from home model” (WFH) due to the pandemic.
Office 365 allows remote workers to do their work faster and more efficiently, when and where it is convenient, using the already familiar Microsoft Office applications on their favorite devices (PC, smartphone, tablet).
Moving to the cloud involves certain risks to businesses; however, the pros outweigh the cons, when the company implements certain security protocols.
SaaS data, like data stored on users’ laptops and mobile devices, continues to be prone to human error, malicious deletion, misconfigured workflows, and ransomware.
This is a great troubling problem because, unbelievably, SaaS vendors do not protect user data.
Microsoft in the case of Office 365, is responsible for the availability of the services and this is where its responsibility ends. Microsoft protects its infrastructure and makes sure services are available to users.
Microsoft is not liable for data loss due to app outages. From Microsoft SLA:
“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored.
We recommend that you regularly backup Your Content and Data that you store on the Services or storeusing Third-Party Apps and Services”.
Moreover, Microsoft is not liable for data loss due to deprovisioned user accounts. From their SLA:
“Microsoft will retain Customer Data that remains stored in Online Services in a limited function account for 90 days after expiration or termination of Customer’s subscription so that Customer may extract the data. After the 90-day retention period ends, Microsoft will disable Customer’s account and delete the Customer Data and Personal Data within an additional 90 days, unless Microsoft is permitted or required by applicable law to retain such data or authorized in this agreement.
Microsoft has no liability for the deletion of Customer Data or Personal Data as described in this section.”
According to Aberdeen Research Group, one in three companies has experienced a permanent loss of SaaS data. Datto‘s (American cybersecurity and data backup company) independent survey of IT professionals found that 40% of SaaS customers have already experienced some kind of data loss.
The most common reason for data loss in SaaS is simply accidental deletion: a user accidentally deletes something that he did not intend and does not realize later.
Also, more and more users are being attacked by ransomware. People might not believe that ransomware can appear in the cloud, but variants like Cryptolocker and Jigsaw can infiltrate the SaaS environment through file synchronization. The fact that O365 has such a large user base means that this platform is attractive to hackers.
Even if you pay hackers, it could mean days or even weeks without access to important files. Besides, paying hackers does not always guarantee that you will get back access to your information.
SaaS Protection is an easy way to ensure comprehensive data protection in Office 365.
We provide an automated, secure backup of the data that resides in the core components of Office 365 suite including Exchange, Tasks, Calendar, Contacts, OneDrive, SharePoint, including Mail, Calendar Contacts, Drive and Teams.
With our SaaS Data Protection, you can safely work with Microsoft office 365, without worrying about security.
Contact our experts for a free consultation.