Backup and Recovery

To Trust or Not to Trust Your SaaS CRM Data

Demetrius Malbrough
Director of Technical Evangelism
August 17, 2021

Despite how ubiquitous Software as a Service (SaaS) applications have become, there are still misconceptions from consumers around who is responsible for protecting and securing the data within these applications. Too often, it takes data being unavailable, deleted, or corrupted for end users to recognize that it is, in fact, their own responsibility to protect their SaaS data. This blog post will encourage you to evaluate your current SaaS Customer Relationship Management (CRM) data and metadata risks and bring SaaS data protection to the forefront of your data recovery strategy.

Whether your organization is large or small, your CRM platform holds critical data that is key to your customer’s experience and company's bottom line. According to IDC, 52% of large enterprises rely on custom or added development on CRM to meet their business needs, making data in SaaS CRM business-critical. The amount of operational staffing (administrators, developers, architects) and the associated maintenance costs of your SaaS CRM platform should be enough for your Chief Information Security Officer (CISO) to have SaaS CRM on their cybersecurity dashboards.

Establish enterprise-class resiliency for SaaS CRM

IDC estimates that SaaS applications will account for 60% of the cloud market by 2024. CIOs must be more vigilant during this digital transformation in ensuring they have an enterprise-class resiliency and data protection strategy. To achieve this, your SaaS CRM team has to be knowledgeable about the shared responsibility model to secure your mission-critical SaaS CRM data outside of its existing home. They also need to reinforce the importance of a third-party data protection solution to the other members of the leadership team to lessen the impact of data loss or corruption on the business.

Moreover, we all know that the inevitable will happen, whether it's a misconfiguration of your cloud storage with publicly accessible buckets or bucket policies granting access to other internal accounts. A step in the right direction is to continuously educate yourself and your leadership around the internal security controls that lead to an effective enterprise-class resiliency and data protection strategy that minimizes stress during integration or migration projects. 

Let's review some of those security controls that a third-party data protection solution must have to securely protect your SaaS CRM data from rising internal or external threats.

Implement strong web application security

There are a few web-application security controls that your third-party SaaS CRM data protection solution should have at a minimum:

  • Access should only be via HTTPS (TLS 1.2+) with an encrypted session between the user, the application, and the SaaS CRM data protection solutions and Cloud Provider.
  • Allow role-based access control (RBAC) for multi-org permission management.
  • Ability to set up an audit trail to review or export all changes made by multiple administrators
  • OAuth 2.0 authorization flow to protect the identity of administrators credentials
  • Use multi-factor authentication (MFA) for accessing your SaaS CRM data protection accounts.
  • Single sign-on (SSO) support and SAML 2.0 identity providers (idP)

Encrypt your sensitive data

Your SaaS CRM data protection solution should encrypt your sensitive data at rest and allow you to manage your encryption key life cycles based on your business requirements. Especially if you are in a highly regulated industry that requires you to comply with HIPAA, PCI-DSS, and FedRAMP, you should confirm the following is capable:

  • FIPS 140-2 approved algorithms and AES 256-bit encryption at rest
  • Key Management Services (KMS) used in server-side encryption mode via Customer-Managed Keys
  • Traffic between the SaaS CRM data protection solution and the CRM platform APIs is over HTTPS utilizing TLS 1.2 and OAuth 2.0

Lock down your network

Your SaaS CRM data protection solution should integrate with the cloud provider’s network infrastructure controls. The architecture design considers the shared responsibility that all of your data stored in the cloud practices defense in depth. At a minimum, your SaaS CRM data protection solution should:

  • Utilize the Cloud Provider’s network controls, thus restricting egress and ingress network access
  • Operate with a multi-tier architecture with separated Virtual Private Clouds (VPCs), DMZs, public, and untrusted zones
  • VPC S3 Endpoint restrictions used in each region with targeted access

The below figure provides the enterprise-class resiliency and security controls that OwnBackup employs to protect your SaaS CRM data and metadata.

Trust OwnBackup to protect your SaaS CRM data

It is no secret that companies are using more SaaS applications to run their businesses year over year. When your organization is responsible for over 80+ SaaS applications that run your business's mission-critical functions, you need an enterprise-class resilient SaaS CRM data protection solution.

OwnBackup is the #1 data backup, archiving, and sandbox seeding app on the Salesforce AppExchange. With nearly 4,000 customers already trusting OwnBackup to protect their SaaS CRM data and metadata with comprehensive, automated backups, precision recovery, enhanced sandbox seeding, and data archiving, security is at the forefront of every data management transaction.

What else should you consider?

These security controls are just a glimpse into the things you should consider when choosing a backup and recovery solution. For the complete list of factors to assess, as well as a downloadable scorecard to rate the solutions you are evaluating, check out our ebook, The Buyers Guide For Backup and Recovery.

Buyer's Guide eBook
You may also like

Get started

Share your details and we’ll contact you shortly to schedule a custom 25-minute demo.
Schedule a Demo
magnifiercrossmenuchevron-downchevron-right linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram
Copy link
Powered by Social Snap