- Protecting SaaS data is a shared responsibility between SaaS providers and their customers. They must work together to prevent data loss and corruption, while remaining in line with increasing governmental regulation.
- Resilience is just one part of the shared responsibility model. The ability to recover when a data loss or corruption occurs is critical. It’s a matter of when, not if.
- Organizations across different industries can protect their mission critical ServiceNow data to ensure its availability, security and compliance.
ServiceNow is the kind of platform with workflow solutions that organizations turn to when they want to supercharge their business. But is the data involved as resilient and compliant as it can and should be?
ServiceNow data loss can have a huge impact on business operations, with downtime, data breaches, and noncompliance events being costly. As such, it’s critical to detect issues as early as possible and rapidly recover lost data.
In an evolving, cloud-based world, compliance with governmental regulations is as important as protecting data against loss and corruption. Equally crucial, however, is recovery. In a recent webinar, experts from ServiceNow and Own discussed how data loss can impact business, and strategies to minimize downtime.
“It's not just about the ability to be resilient, but also the ability to recover,” says ServiceNow deputy CISO Jeff DiMuro. This is something regulators are now clocking, says Own VP Cybersecurity Strategy & Product Development Eoghan Casey. “They’re realizing that having backups doesn't equate to being resilient.”
The right data platform can help prepare a range of industries to remain both resilient and compliant while recovering when—not if—data corruption and loss occur.
Shared responsibility: Protecting SaaS apps against data loss and corruption
ServiceNow, Salesforce, and Microsoft protect platform-based applications, networks and data centers that organizations depend on for mission-critical business operations. Meanwhile, the businesses themselves look after data accuracy, security and compliance. This is the case for all SaaS applications.
“There's shared responsibility between SaaS vendors and customers,” Own Product Marketing Director Gene Eun says, to ensure smooth operations. Data loss and corruption are common: “It's not a matter of if an incident is going to happen, but when it's going to happen.”Typical reasons for data gone awry include:
- Human error, which is by far the most common cause, often as a result of bulk uploads and careless mistakes
- Bad code that can come from heavy development efforts that require complex code changes
- Integration errors like bad inputs and exports that can create downstream issues such as failed compliance audits, poor system performance and rule overrides
- Migration and divesting instance errors, involving large-scale org changes that increase the risk of data corruption and loss
- Malicious intent present in both disgruntled employees manipulating data and external bad actors gaining access
“We have to be realistic and protect our data from the outside as well as the inside, and be able to be resilient in both cases,” Eoghan highlights. This goes for banks, pharmaceutical companies, global communications providers, clothing manufacturers, educational institutions and business service providers.
Remaining resilient and compliant
The shared responsibility model extends beyond business continuity in the face of data loss and corruption.
While the CrowdStrike incident already served as a lesson on the challenges of adequate recovery, there’s even more at stake. With the Digital Operational Resilience Act (DORA) and the EU Artificial Intelligence Act (EUAI) incoming, regulatory compliance is a top priority for organizations that need to protect critical ServiceNow data.
“There's going to be more and more regulation,” Jeff says. “Regulators require that organizations periodically test backups to ensure that they can recover in a timely manner when problems occur,” Eoghan adds. Controlled environments that rigorously test processes, platforms and people all prevent panic in the event of a real emergency. “That's where regulators have doubled down.”
“What I'd like to see is more harmonization with the global regulations,” Jeff says. Regulations vary according to response times and even what constitutes incidents—i.e. are they material or substantial?
Harmonizing is challenging but crucial as “regulations are coming in with greater enforcement and fines,” Eoghan says. “We're seeing a shift away from compliance for compliance’s sake.” Businesses should take stock and document evidence of compliance with regulations.
But they can’t do it alone. “Many customers try to take recovery and resilience in-house,” Jeff says. “This just concentrates risk further—risk that service providers want to outsource. That’s why we’ve partnered with Own.”
Regulators want to see separation: providers mitigating their risk by using trusted third parties to meet critical objectives they might not be able to handle independently. “Backups should be on a segregated system so they're protected from incidents that might impact primary service platforms,” Eoghan says.
This also applies to protecting the data integrity and confidentiality of dependencies within enterprises: Backend system unavailability may hinder recovery of primary services.
How to keep pace with evolving regulations
Besides getting to grips with new regulations, organizations need to prioritize their relationships to stay effective amid a changing regulatory environment. “Stay very close and friendly with government relations teams,” Jeff advises, “as they have insights into and an early understanding of how shifting regulations affect SaaS platforms.”
“I see more companies focusing on adopting platforms—rather than individual applications,” he says. A happy byproduct of this trend is that platform providers anticipate changing regulations and better support their customers’ alignment.
It’s crucial that businesses are prepared for unexpected events and are able to recover and return to known good states. Whatever products services business infrastructure relies on must be covered by solid service level agreements and security for adequate service maintenance.
“It’s a closer partnership than has existed before between regulated entities and their service providers,” Eoghan says. “And I think that's a positive thing.”
Own Recover: The resilient, compliant answer to data risk
Global industries need solutions on which they can rely for data protection, resilience, and compliance. “More organizations realize they need to partner with maturer providers that are robust in meeting regulatory requirements,” Eoghan highlights.
Own has provided its Salesforce customers with backup and recovery for almost a decade. “Many of those companies told us that they needed the same data protection for their ServiceNow data,” Gene explains.
To this end, Own Recover enables organizations running ServiceNow, Microsoft, and Salesforce platforms to:
- Back up critical data with more control
- Mitigate risk with flexible retention policies
- Proactively monitor for data loss and corruption
- Restore data with speed and precision
Businesses can decide what data to back up and how long to retain backups—giving heavily regulated industries peace of mind—and the ability to take action on timely alerts to minimize business disruption. With Own Recover, organizations can rest assured that they remain compliant and able to recover in the worst-case scenario.
This blog post is based on a webinar moderated by Own Product Marketing Manager Gene Eun and featuring Own VP Cybersecurity Strategy & Product Development Eoghan Casey and ServiceNow Deputy CISO Jeff DiMuro. Download the datasheet to learn more or request a live demo to see how you can safeguard critical ServiceNow data and ensure compliance.
