Every SaaS administrator’s worst nightmare is data loss, which frequently results in expensive and cumbersome recovery processes and even affects business operations.
Unfortunately, there’s a large disconnect about who is actually responsible for reliably backing up data — but fortunately, the path to recovery isn’t too tricky to navigate.
In ServiceNow, for example, customers must safeguard mission-critical data, but they can’t do it alone. For all its pros, ServiceNow doesn’t focus on data backup. But a shared responsibility model — between SaaS vendors and customers — helps ensure that SaaS data remains safe and protected.
By regaining control of backups, businesses improve data resiliency and compliance through better practices in SaaS environments.
SaaS data losses in a regulatory context
Regulatory audits are both common and frequent. According to TechTarget research encompassing hundreds of IT decision-makers and users, audits typically happened six to 10 times over the preceding three years. But that doesn’t mean companies passed them.
TechTarget found that, while just shy of a third of respondent organizations had failed an audit, the same proportion had failed twice — and 11% of respondents had failed four times. Audit failures mean fines, additional compliance issues, and obstacles to gaining certifications, all consequences that businesses definitely want to avoid.
Data loss and compliance issues are too common for comfort. SaaS applications are not immune to data loss, with over half of TechTarget’s questionnaire respondents confirming data loss or corruption within the previous 12 months. Most of those respondents do nothing to protect SaaS-resident application data — even though half acknowledge that backing up this data is solely or partially their responsibility.
The great SaaS backup disconnect
There’s a clear inverse correlation between protecting and losing data: The more safeguards in place, the less likely it is that major loss will occur. But many businesses are asking why they (rather than their SaaS providers) need to protect their SaaS environments. This represents a major obstacle to effectively safeguarding SaaS data.
A third of respondents to TechTarget’s 2022 research believe that it’s up to the SaaS vendor to protect SaaS-resident application data. Around half assume partial responsibility — and only a fifth assume complete responsibility, using a third-party or custom data protection solution or service (like Own).
Data owners are completely responsible for data governance and compliance, which includes the protection of data assets under management. Service agreements with third parties don’t cause data to automatically shift hands from owners to third parties.
Contrary to what some might believe, there’s no magical cloud backup team. This means they need a proactive responsibility-driven backup solution in place ahead of data loss or corruption.
Losing SaaS data is easy — but recovery doesn’t have to be difficult
SaaS data loss doesn’t have a single cause. Unsurprisingly, TechTarget found that cyberattacks play a role in just over a third of cases, but even more common were service outages and unavailability potentially corrupting data. And while attack-based deletions can be devastating, so can the behavior of employees, who deliberately delete company data in nearly a quarter of cases and accidentally in another third.
This is by no means an exhaustive rundown of data loss causes. Account closures following the completion of a service level agreement (SLA) don’t oblige vendors to keep data, which is costly to store. But even though losing SaaS data is easy, recovering it doesn’t need to be hard.
Enter the shared responsibility model
Using cloud-based infrastructure isn’t a failsafe for preventing data corruption or loss. SaaS-based businesses need to work from an alternative model: shared responsibility.
To understand shared responsibility, it’s helpful to think of SaaS providers or vendors as landlords and SaaS customers as tenants. SaaS vendors secure the infrastructure and services that they offer, which include applications, network controls, operating systems (OS), physical hosts, networks, and data centers — whatever the SLAs between SaaS providers and customers define. In a house, these are the pipes, walls, and yard.
On the other hand, SaaS customers are responsible for information and data, accounts and identities, and device security, in the same way that tenants must take care of furniture, TVs, and household appliances inside the house.
ServiceNow’s Advanced High Availability Architecture (AHA architecture) allows for availability, high performance, and outage avoidance — but doesn’t guarantee data recovery in the event of loss or corruption. Its 14-day data backup through ServiceNow Support is handy, but the manual restore process can be lengthy and cumbersome — nor does it account for data loss after that two-week period.
Taking full responsibility to back up for the long haul
On-prem backup and recovery services have been an industry mainstay for a long time. There’s no reason they shouldn’t also be available in cloud-based environments.
A solid SaaS recovery service improves data resilience and compliance in four key ways:
✔ Control-prioritizing, critical data backups: Easily setting up backups with configurable backup timing and frequency shouldn’t need coding, professional services, or maintenance. Customers can decide what data to back up and how — both before and after major changes — with customizable datasets for optimized backup performance on either AWS or Azure. Scheduled, automated backups right before upgrading instances as needed, with full confidence that business operations can continue as normal.
✔ Risk mitigation and flexible retention policies: The time limit for retaining backups should be up to customers — especially those with longer, ever-evolving retention requirements in heavily regulated sectors like healthcare and financial services. Think up 99 years or more, allowing for full audit checks thanks to historical data access.
✔ ️Proactive data loss and corruption monitoring: You need to know about data incidents when they happen to avoid business disruption and maintain data health and quality. Timely “smart” alerts allow for immediate action in response to unusual levels of changes based on configurable thresholds that identify statistical outliers against normal activity. Customize alerts to uncover significant changes to specific tables, and monitor for data anomalies in both production and sub-production instances.
✔ Precise, speedy data restoration: Restoring data is difficult if you don’t know what went wrong or where the data corruption occurred. As such, businesses need platform data accuracy and quick, self-service restoration of only relevant data — without rolling back entire instances — when either accidental or malicious loss and corruption happen. With a granular recovery solution like Own Recover for ServiceNow, you can quickly identify loss/corrupted data and restore them, right down to the record or column level.
Recover everything with confidence
Maintaining compliance, data governance, and recoverability is a tough balancing act. Doing it at scale is even harder. But protecting mission-critical data is something that all business leaders should be thinking about — not just IT decision-makers.
A solution like Recover for ServiceNow assumes that responsibility for backing up mission-critical data falls on customers, not vendors. As well as being simply reality, it’s also good business practice to proactively back up data and fully prepare for times when loss and corruption occur.
No business wants to halt operations when the worst happens — you want quick, surgical recovery and the ability to export data as required. You also want to recover not half or 75%, but 100% of your data. With the right backup and recovery solution, businesses can improve data resilience and reduce the risk of business disruption.
This post is based on a conversation between Own Product Marketing Manager Emory Zhao and TechTarget Enterprise Strategy Group tech analyst Christophe Bertrand, which you can watch here. Find out how Own helps protect your ServiceNow data: Schedule a demo today.
