Assess the Risk of Browser Extensions Installed in Your Browser. Add to Chrome.×
Home » Spin.AI Blog » SSPM » SaaS Applications Risk Assessment » Expert Insights: SaaS Application Data Protection Fundamentals
March 21, 2024 | Updated on: April 11, 2024 | Reading time 7 minutes

Expert Insights: SaaS Application Data Protection Fundamentals

Author:
Avatar photo

Former Gartner Analyst, Backup & Recovery

SaaS applications appeal to organizations because they make running the application “somebody else’s problem.” However, this is only partially true; in particular, SaaS vendors rarely take responsibility for preventing data loss and rarely offer backup as part of their service.

Although the SaaS vendor may be running the application, the data loss risks are the same as on-premise applications: the only difference is, you share responsibility for protecting your application and the critical data it stores.

Figure 1 – Data loss risks:

Data loss risks

Table 1 – Potential causes of data loss:

Potential causes of data loss

The greatest risk to data from cyberattacks applies to services such as Microsoft OneDrive or Google Drive where data is cached locally, edited, and then synced back to the service. In this scenario, the local copy can be encrypted by ransomware and then synced back to the service to overwrite the master copy. Attacks on SaaS applications that don’t store data locally are harder, but it is still possible to use application APIs to read and encrypt the data and then overwrite the original data in the application.

When it comes to the risks at the provider, it’s harder to assess as much will depend on the provider in areas such as:

  • Security processes: Any breach of the administrator’s security could allow attackers free reign to delete, encrypt, modify, or steal customer data.
  • Testing and deployment processes: Providers can and do make mistakes that allow poorly tested updates to their service which can lead to data loss for clients.
  • Infrastructure design and implementation: Many SaaS providers build their applications on top of infrastructure provided by vendors such as Microsoft and Amazon. The use of major public cloud providers allows the SaaS provider to benefit from the security blanket provided by the major cloud providers who can hire the best people to protect their operations. However, some SaaS providers build their infrastructure which puts all the responsibility on the SaaS provider, who may or may not have the required expertise. 

The key point is that you can’t assume that data stored in a SaaS application is safe and that it’s the customer’s responsibility to ensure that the data is protected. Though not widely publicized, SaaS vendors usually include disclaimers to this effect but bury them deep in the small print of the terms of service for the SaaS application.

Click here to learn more about SaaS data protection for mission-critical SaaS applications, including Google Workspace, Microsoft 365, Salesforce, and Slack.

Was this helpful?

Thanks for your feedback!
Avatar photo

Written by

Former Gartner Analyst, Backup & Recovery

Recently retired from full-time work, Nik Simpson spent 40 years in the IT industry in a variety of roles with major IT vendors, startups, and IT Research companies. Most recently, Nik was VP of Research covering backup and disaster recovery at Gartner where he worked on signature documents such as the Backup & Recovery Magic Quadrant as well as leading research into Backup-as-a-Service and backup for SaaS applications such as Microsoft 365. In a 15 year stint at Gartner, Nik also covered a variety of topics including server technology, data center design, and storage platforms.

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

How to Ensure that Your Google Chrome Extensions are Safe

Google Chrome is the world’s most popular internet browser, enjoying a global market share of...

Courtney Ostermann - Chief Marketing Officer Spin.AI

Chief Marketing Officer

Read more

Key Components of a Disaster Recovery Plan

In an independent study commissioned by Arcserve, 95% of responding IT decision-makers said their company...

Courtney Ostermann - Chief Marketing Officer Spin.AI

Chief Marketing Officer

Read more
Gmail vs. Outlook: Backup

10 Reasons You Need an Outlook Backup (That Isn’t Microsoft)

10 Reasons You Need an Outlook Backup (That Isn’t Microsoft) If Outlook is the heart...

Courtney Ostermann - Chief Marketing Officer Spin.AI

Chief Marketing Officer

Read more