Not that we ever need an excuse to talk about the importance of backing up your data, but today is the annual World Backup Day. So we thought it would be as good a time as any to ask, “who’s responsible for backing up SaaS data?”
When it comes to personal devices like smartphones, tablets and laptops, most people understand that it’s their own responsibility to back up the data on those devices. But the responsibility isn’t as clear when it comes to the data that businesses store in the cloud.
In our recent State of SaaS Data Protection Report, we asked respondents who was responsible for protecting the information kept in SaaS applications, like Salesforce. 43% percent of respondents said these responsibilities sat with the SaaS provider, or were unsure where responsibility sat.
So where do the vendor’s responsibilities actually end, and the customer's begin?
The answer lies in the shared responsibility model, which has become the de facto standard for most SaaS application providers. Although the responsibilities vary slightly between the major cloud service models, all three put some onus on the customer. When it comes to SaaS in particular, the shared responsibility model states the SaaS provider is responsible for managing the security of the cloud infrastructure and maintaining uptime, while customers are responsible for protecting their data, as well as configurations and customizations of their applications.
What SaaS providers say about the shared responsibility model
Today, nearly all SaaS providers today subscribe to this shared responsibility model. Here’s what some of the most prominent ones say about data protection responsibilities:
Salesforce
“While AWS secures and maintains the cloud infrastructure, you (the customer) are responsible for securing everything that you put in the cloud. This includes your data, the applications that you build, your configurations, and so on.”
Microsoft
“For all cloud deployment types, you own your data and identities. You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control.”
Source: https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
ServiceNow
“An easy way to understand this is with a simple analogy: we provide a box and secure it (hosting), and you, as our customer, decide what is put in the box and who can access it (storing).”
Source: https://community.servicenow.com/community?id=community_blog&sys_id=990b8c49db0c4c145ed4a851ca961973
DropBox
“While Dropbox is responsible for securing each aspect of the service that’s under our control, customers play a key role in ensuring their teams and data are protected and secure.”
Source: https://assets.dropbox.com/documents/en/trust/shared-responsibility-guide.pdf
How to uphold your end of the shared responsibility model
Through 2022, it's estimated that at least 95% of cloud security failures will be caused by missteps on the part of customers. That's why it's more important than ever before to clear up confusion around the shared responsibility model and set yourself up for success.
So the shared responsibility model says you're responsible for backing up your data, but did you also know that it also says you're responsible for configuring your security controls?
At Own (formerly OwnBackup), we help companies in both areas. Our market-leading backup and recovery solution, Own Recover, is available for Salesforce, ServiceNow and Microsoft Dynamics 365 customers. And with Own Secure, we can assess your current Salesforce implementation and how it aligns to your policies around data classification, access controls, Salesforce Shield Platform Encryption, data retention, and compliance audits.
Contact us to learn more about protecting your SaaS data or schedule a customized 1:1 demo today. Because after all, it’s your responsibility to back up your SaaS data.