We know the perks of moving our data to the cloud. The cloud is ubiquitous, secure, fault tolerant, and claimed to be fully “backed up”. Thus, we have moved key applications to the cloud making the as-a-service model for delivering software mainstream. IDC anticipates the cloud software market to grow to $151.6 billion by 2020 with a five-year compound annual growth rate (CAGR) of 18.6% – far exceeding the growth of traditional software. But the question that we address here is whether the SaaS version of enterprise software is secure. The cloud version of your application may be ‘safer’ but it is not ‘invulnerable’. The data in your SaaS application is yours and you are rightfully responsible for it. The adage being an ounce of prevention is better than a pound of cure, act now or else repent later. No one in this data-centric century can afford to lose data.


Forrester asserts that cloud-to-cloud backup services is the most pragmatic way for SaaS data protection. Cloud-to-cloud backup gives us continued benefits of the cloud while keeping a secure copy on a separate cloud. But there are a couple of options available in the market and selecting the best among them is yet another uphill task. Below are a set of points which matters when we choose a viable backup solution for our SaaS ‘Data Specific’ Applications.


  1. Contemplate a reasonable RTO and RPO according to your SLA. You should rate the backup provider on the merits of what they can deliver in terms of the recovery time objective and recovery point objective. RTO efficiency comes with frequent backups and RPO adequacy comes with point in time ‘Recovery’. We could instantly recover from the backup by just a few clicks.
  2. Return to normalcy is also a stand out point among different vendors. Once the backup is done, we want to recover the data as it was earlier, in the same format and patterns.
  3. Granular backup and recovery feature can’t be ignored. Why should we restore the whole chunk of data when we require only a small portion of the data which was deleted by a vexed employee? Or what if the employee intentionally deletes an important email and it is hard to find and recover it.
  4. Security and compliance is indispensable while considering a backup option. Where is our data residing after backup is a huge concern. What is better than choosing a backup targets rendering to our security needs. The backup solution should be compliant with major data-centric standards and regulation around the world. We may be a Healthcare, Financial or a Government organization, based on our specification we need to assure that the backup is compliant with our usecase. Standards like PCI-DSS, HIPPA etc. requires stringent safeguards like activity logging and long-term data retention. Compliance with security standards like ISO 2700x and considering the watershed privacy regulation GDPR could be a good differentiator.
  5. Cost factor also cannot be ignored we choose a backup solution for our SaaS Application. We should see what licensing model it offers. A subscription-based licensing (for example per user license) is always flexible and accommodative.

Find a backup solution that fulfills the above criterion and you are all set to protect your SaaS data.


NetApp SaaS Backup (formerly Cloud Control) is an easy-to-use, cloud-native SaaS offering that simply requires you to sign in and choose the service you want to back up, choose your backup target, and then start protecting your data. You get a complete backup service from NetApp for your Office 365 data. Learn more about NetApp SaaS Backup.” Watch the video “Guard Your SaaS data with NetApp Cloud Control.” If you haven’t thought about SaaS backup yet, it’s the right time. Gear up now and keep protecting.

Shraddha Agarwala

Shraddha Agarwala is an Information Security Engineer with Cloud Business Unit at Netapp. Her focus areas include security testing and validation for NetApp's SaaS backup portfolio. She is passionate about information security and likes to evangelize the importance of securing information and related best practices.

Add comment