It’s getting riskier every year to give employees access to SaaS data. While people still need to access data to do their jobs, the majority of all data loss incidents are caused by human error. Other causes (technical issues, cyber attacks, malicious actors) can also be attributed to human incidents.
Human error is inevitable, and it is impractical to expect perfection. Most companies use rigorous backup and recovery procedures, effective for data center applications. But workers prefer SaaS applications. Most people use nine or more SaaS apps to do their jobs every day.
With 70% of software used by companies being SaaS, more business-critical data is being stored with SaaS vendors. There’s a large faction of organizational leaders who believe their SaaS vendor protects their data for them. Unfortunately, due to shared responsibility policies, that’s not the case. So how can businesses account for the human factor when it comes to protecting their SaaS data?
Debate exists over annual data loss in SaaS services, as vendors seldom share this metric. However, data from a report commissioned by our organization from the ESG group (“SaaS Data Protection: A Work in Progress”) indicates the second most common cause of data loss in SaaS environments is accidental deletion, accounting for 33% of incidents.
Other causes include account closure (29% – also considered human error if the IT team didn’t think to reassign the data to another user), malicious deletion by an employee (23%), and “schema” misconfiguration (20%). Gartner predicts 70% of businesses will suffer an unrecoverable loss of data in their SaaS applications. And currently 60% of business data is stored in the cloud.
Data loss events are either “big” events or “small” events. A big event can be a service outage, a data integration error, or a malicious attack — someone deleting an entire account. Small events are individual user issues, like deleting a customer contact in a CRM. While big events are what get our attention, it’s the small events that make up the majority of incidents and cause the greatest daily aggravation for users and IT teams.
We know people make mistakes, but what are the root causes? According to research, there are a few common causes that contribute to people making more errors than they should.
SaaS data loss impacts vary from a minor annoyance to a total business shutdown. Should a developer inadvertently delete their task card in Jira, it may result in a minor inconvenience. However, deleting an entire company’s Git repository would be catastrophic – erasing months of development work. The result? Delayed product launches, upset customers, frustrated coworkers, and downgraded financial results.
In the worst case scenario, it can cause downtime, costing the average small business $427 per minute or $9000 per minute for large enterprises. Additionally, data recovery incurs costs, and if impossible, rebuilding and replacing data is time-consuming.
Companies often overlook SaaS data protection in their business continuity plans, despite storing valuable information in SaaS services. That’s something every IT leader needs to address.
Preventing SaaS data loss in the first place is better than being in the position of having to recover it. Part of the responsibility of prevention is on the user, and part of that is an organizational requirement. Here are three proven ways to help people avoid errors.
Better training is needed for users when it comes to SaaS apps. Many organizations believe the user is responsible for their own training when it comes to SaaS applications. Provide training on proper information entry and error prevention to avoid data loss.
Training cannot prevent all errors. In those cases, user design should be looked at to see how it may contribute to user error. Some user design flaws are caused by SaaS vendors themselves, but others are caused by the SaaS customer’s configurations and settings. Even something as simple as the design of a field can help improve data quality. Setting data validation rules restricting user choice or creating pop-ups before a deletion event can help users be more accurate.
Wherever possible, users’ rights to make destructive choices to data should be limited. Preventing users from deleting records or files without approval should be the default setting. In principle the lowest level of access should be provided unless deemed necessary.
When SaaS data is lost, having options to recover data is vital. Some SaaS vendors have limited built-in recovery options like an undo button, but most changes are usually permanent. Despite vendor policies, shared responsibility means customers must protect their own data. Most SaaS vendor’s terms and conditions recommend customers have a way of protecting their data.
The majority of SaaS apps do allow exports of data from their accounts, but they aren’t true backups. They aren’t too useful for data recovery efforts, they can’t be automatically run, and they are delivered as .CSV files that are sent unencrypted. (A security no-no).
A 3rd party data protection service, like SaaSAssure℠ powered by Asigra, is a better option. SaaSAssure automates data backup, performing it regularly and securely. It provides easy access to account-level data and granular user records, facilitating quick recovery when needed.
In conclusion, addressing the human element in SaaS data protection is critical. With the majority of data loss incidents rooted in human error, businesses must prioritize robust training, intuitive user design, and stringent access controls. Implementing these measures alongside effective recovery strategies, like third-party data protection services, can mitigate risks, ensuring data integrity and continuity. It’s not just about safeguarding data; it’s about securing business viability in a SaaS-dominated landscape.