SaaS Backup (Backing up Google Workspace | Office 365)

Introduction

The adoption of SaaS applications has spiked with the increase in remote work due to the global health pandemic. These tools have become essential in today’s remote work world, however, even before work-from-home became the norm for many, the benefits of easy access to documents from any device and improved collaboration were already obvious.

Unfortunately, many organisations still believe that these tools make backup obsolete. This simply isn’t the case. Backup is just as important for data in Software as a Service (SaaS) apps as it is for data hosted on-premises.

This article is aimed at shedding some light on common myths and misconceptions about SaaS and what to look for when selecting a SaaS backup solution.

Common SaaS myths and misconceptions

Misconception #1 - SaaS applications do not require backup

While there is considerable redundancy in most SaaS applications (think Google Workspace and Microsoft 365) that protects against data loss in their cloud servers, this doesn’t protect against user error, accidental and malicious deletion, or ransomware attacks. While accidental deletion of files is by far the most common form of data loss in SaaS apps, ransomware can be the most damaging. That’s because ransomware is designed to spread across networks and into SaaS applications, impacting as many users as possible.

Ransomware definitely isn’t only an on-premises problem. It can and does spread into SaaS applications, especially Microsoft 365. Organisations need a way to quickly revert files, folders, settings, and permissions in the event of an attack.

Misconception #2 - File sync is a replacement for backup

While file synchronisation tools like Microsoft OneDrive or Google Drive do create a second copy of files and folders, they are not a replacement for backup. These tools automatically copy changes to synchronised files. So, if a file or folder is infected with ransomware, the malware will automatically be copied to all synchronised versions of that file.

While these services do offer some restore capabilities via versioning, but they fall short of a true backup solution. Here’s why:
  • Versions are not definitive recovery points. So, if a file is deleted, older versions of the file are deleted as well.
  • Versioning doesn’t enable centralised management of multiple user data. In other words, a system administrator doesn’t have centralised control over backup and recovery - it’s left in the hands of end-users.
  • Versioning doesn’t maintain recovery points across files, folders, settings and users. If you only need to restore a couple of files, that's no problem, but in the situation where large restore operations are required, this becomes a time-consuming, manual process.

Beyond simply lacking the restore capabilities of a backup solution, file synchronisation can actually introduce ransomware to the SaaS applications you're trying to protect. File synchronisation and backup should not compete with each other, rather they can and should be used side-by-side. Remember: file synchronisation and share is for productivity and backup is for data protection and fast restoration.

Misconception #3 - SaaS applications are always available

While SaaS apps are highly reliable, outages do occur. In one month (October 2020), Microsoft 365 had three significant outages that impacted businesses worldwide. In 2019, a massive Google outage affected nearly one billion Gmail, G Suite, and YouTube users (which also affected other non-Google services such as Snapchat and Discord).

Outages and slow restore times aren’t just an inconvenience. When organisations can’t access important data, productivity falls and, in the case of businesses, revenue is impacted. Creating backups that are independent of a SaaS provider’s cloud servers is the only way to ensure access to essential files in the event of an outage - all the more so if the outage extends beyond an acceptable period of time.

Misconception #4 - SaaS vendors are responsible for backup

SaaS providers (e.g. Google and Microsoft) make reasonable efforts to ensure they won’t lose your cloud data with built-in redundancy and other high availability measures. However, they do not take responsibility for restoring data if you lose it, or - more importantly - if it gets corrupted. Microsoft calls this the Shared Responsibility Model for data protection. That’s why Microsoft recommends the use of third-party SaaS backup in its user agreement. In the Shared Responsibility Model, you are responsible for data backup, endpoint protection (laptops, mobiles, tablets and desktops) and user account protection (e.g. using secure passwords, enforcing multifactor authentication). The SaaS provider is only responsible for security as it pertains to the Cloud environment and its immediate components including physical infrastructure, app- and operating system patching and access controls (physical access to their data centres and network access controls).

In other words, the Shared Responsibility Model places the onus of data protection squarely on the organisations that rely on their SaaS services. SaaS providers are responsible for keeping their infrastructure up and running, but businesses are responsible for the preservation and security of their data.

Evaluating SaaS Backup Solutions

There are a variety of SaaS backup solutions at competitive price points on the market today. However, there is disparity in exactly what these products protect. So, when evaluating products it is imperative that you either perform research in these areas for yourself or partner with a trusted Managed Service Provider (MSP), like Entity, that has evaluated the solutions and can recommend a solution that best suits your organisation's needs.

Comprehensive Protection

Some SaaS backup solutions only protect email, files, and folders. However, there are solutions available today that offer more comprehensive coverage. When selecting a backup product, look for solutions that offer protection for things like contacts, shared drives, collaboration and chat tools, and calendars. SaaS protection solutions that offer this type of coverage are far more effective at maintaining business continuity than less robust offerings (more on that below).

Recovery Point Objective and Recovery Time Objective

Recovery point objective (RPO) and recovery time objective (RTO) are also critical considerations. These metrics refer to the point in time you can restore to and how fast you can perform a restore, respectively. When it comes to SaaS backup these are largely dictated by the frequency of backups and what specifically is being protected. Solutions that offer frequent backups address RPO since they enable you to restore to a recent point in time, minimising data loss. As noted above, these make restores faster and easier by reducing the amount of manual effort to perform restores. Plus, they enable users to access data in the event of a SaaS outage.

Ease of Use/Management

Ease of use is a critical function of SaaS backup solutions because it generates efficiency. This ease of use should cover both the initial deployment and ongoing management. That might mean streamlined onboarding, native reporting capabilities, intuitive seat management, flexible retention policies and 24x7x365 tech support.

Security/Compliance

Choosing a SaaS protection solution that can address the needs of the relevant security and compliance requirements for your type of organisation is essential. Look for products that back up data in compliance with Service Organisation Control (SOC 1/ SSAE 16 and SOC 2 Type II) reporting standards that can meet any relevant HIPAA and GDPR compliance needs. Solutions that enable automated retention management to meet compliance standards can reduce the need for manual intervention - streamlining management and ensuring client data is stored for the right length of time.

Entity's SaaS Protection Solution

Powered by Datto, Entity's SaaS protection solution is a cloud-to-cloud backup solution that offers comprehensive backup and recovery for critical cloud data in Google Workspace and Microsoft 365. It is designed specifically to protect SaaS data efficiently and manage data retention, licenses, and cost.

SaaS Protection protects against permanent data loss and allows us to easily recover your data following a ransomware attack with 3x daily, point-in-time backups. Backups are stored securely in the Datto Cloud with files, folders, settings, and permissions intact for fast restore operations whether you need to restore a single item or an entire user account.

SaaS Protection delivers backup, search, restore, and export for:

Google WorkspaceMicrosoft 365
  • Gmail
  • Google Drive
  • Calendar
  • Contacts
  • Shared Drives

There is a small subset of files Datto SaaS Protection/Backupify does not back up. These are:

  • Google Forms: While we cannot back up the form itself (due to Google not having an available API), we do back up the resulting response spreadsheet which contains the questions from the form. The linked spreadsheet needs to be accessed first to enable backup.
  • Google Scripts and Fusion Tables: These are also not available for export through the Google APIs. The underlying data for fusion tables will be backed up as a spreadsheet if it is in your drive.
  • Microsoft Office temporary files: When you edit an Office doc that is saved in Drive, Office creates a temporary file that gets deleted once your file is saved. You might see it as ~$example.docx. Since these temporary files have no content and cannot be restored, they are not backed up. This helps backups run faster and keeps your folder uncluttered.
  • 3rd-party application documents: Docs from 3rd parties like Smartsheet and Lucidchart cannot be backed up if they do not reside within Google Drive.
  • Google Classroom: Files that are in Google Drive will be backed up, but there are certain files that Google doesn't expose through available APIs.
  • Exchange
  • Tasks
  • OneDrive
  • SharePoint
  • Teams

SaaS Protection also offers:

  • Simple, per-license pricing: Deploy licenses across end clients, and redeploy them as needed.
  • Flexible subscription options: Choose the best model for you with standard month-to-month contracts or discounted longer-term commitments


Share :