In nearly every industry, SaaS applications have become the new normal. Enterprises now average an astounding 288 SaaS apps, and by the end of 2022, 86% percent of organizations expect 80% of their software to be in the cloud. As digital transformation continues to grow, the role of IT and security leadership has expanded to become the most dynamic amongst their peers. One of their many responsibilities includes safeguarding SaaS data from threats and ensuring that their cloud providers deliver bulletproof security and compliance guardrails.
Recently, IDG hosted a webcast with top tech leaders at Zoom, Salesforce and OwnBackup to discuss how the cloud is transforming business, the evolving role of the CIO and CISO, and the criticality of SaaS data protection.
Highlights from the webcast are below, along with a link to the full recording at the bottom of the post.
While SaaS had been growing steadily prior to 2020, the pandemic accelerated this trend. For companies moving to remote work, SaaS solutions are among the easiest to adopt and roll out across a distributed workforce. But what else makes SaaS so appealing? Adrian Kunzle, OwnBackup’s Head of Product & Strategy and former EVP of Platform Products at Salesforce, offered his unique perspective:
“I think one of the key things we see is that the SaaS solutions, whichever business processes they're supporting, come ready built with a best-in-class process for you to start with. You're not starting at ground zero trying to work out what your sales pipeline management process should be. You can pick up a best of breed from a SaaS provider, and then start modifying and tweaking it for your needs. This provides better alignment with the business and better returns.”
Gary Sorrentino, Zoom’s Global Deputy CIO, agreed that companies can reap the benefits from a SaaS platform, regardless of their size.
“The person who has 10 licenses with Zoom running a small business is running the same product as some of the largest firms in the world...they’re just running it with fewer users. They're getting all of the knowledge from all of those companies that we meet every day. We came up with over 400 new features last year alone. That is one of the benefits of the SaaS product- you're getting the group thinking, the thought leadership of many large companies, even if you're just a one license premium user.”
As the world effectively shut down last March, Zoom video conferencing became essential to help people connect, both personally and professionally. Zoom added more than 183,000 enterprise customers in the March 2020 quarter, up 353.7% year over year. As Sorrentino says, this would not have been possible without the cloud technology that Zoom had in place.
“There's no way with traditional on-prem infrastructure that you are going to scale 300% or whatever the numbers came out to be. We as a company had to grow as well- we about doubled during the pandemic. So we needed to also onboard other SaaS applications to help us do that. How do we handle our onboarding? How do we handle our reviews? How do we handle our analysis of bringing on new people? We became very dependent on cloud-based services.”
For SaaS companies like Salesforce who house an organization’s valuable data, trust is their number one asset. Which means that security and privacy must be a top priority. Salesforce’s CTO of Security, Taher Elgamal, explained what the shift to the cloud has meant for the role of security leaders like CISOs.
“The migration to SaaS and the cloud has actually caused a lot of companies to change the way they think about what is important. The CISO's are becoming business people rather than pure technology security people. They are presenting directly to the board and different boards act differently depending on the characteristics of the business, but it's all about risk. I don't think there's a board of any company today that does not look at cyber security as the number one or two risk factor in governing the company at this point in time.”
As SaaS continues to pervade, concerns about the ability of cloud service providers to safeguard customer data have largely diminished. However, it is the customer’s responsibility—not the SaaS provider’s—to protect all data stored in the cloud.
In the webcast, Elgamal explained what the shared responsibility model means when it comes to protecting SaaS data.
“SaaS companies run applications with the customer, or on behalf of the customer. The business logic is owned by the business (the customer). Protecting the business has to be shared because there are features in all SaaS applications that need to be utilized by the customers for the full protection to actually happen. As a SaaS provider, we protect all data the same way, but the customer needs to utilize features and protection features in the SaaS stance in order to be able to protect the data of the business.”
When asked if CIOs embrace their data protection responsibility, Kunzle explained that everyone is at a different level of understanding, and it’s up to leaders in the space to help bridge the knowledge gap.
“I think the question for CIOs, back in 2019, was still trending towards ‘is my data safe in the cloud?’. Now the question really should be, ‘what's my role in keeping the data safe in the cloud?’. Everybody's at a different place. They're all on a journey. Part of what we do is help people through that journey, connect them with their peers, and hopefully help them to think about SaaS data protection in a different way.”
At the close of the webcast, Sorrentino shared how Zoom relies on OwnBackup to protect their critical Salesforce data. He also talked about the budding partnership between the two organizations.
“I think what we realized is that after our big explosion with customers during the pandemic, we weren't capable of doing backups through exports and zip files and doing it the way we did pre-growth. We needed a new solution. We started a partnership- and it really is a partnership- with OwnBackup.”
Today, Zoom plays an active role in advising OwnBackup on its own products.
“We have our own advisory board also, and we're honored to be a member advising OwnBackup” concluded Sorrentino.