Survey shows low confidence in SaaS data protection strategies

A recent survey conducted by Gatepoint Research for Keepit has highlighted growing concerns among senior decision-makers regarding the protection of SaaS data amid increasing regulatory complexities.

The "SaaS data protection confidence survey" gathered insights from 100 senior decision-makers across finance, healthcare, technology, and manufacturing sectors. The findings revealed that only 28% of respondents have high confidence in their data protection measures. Meanwhile, 31% indicated moderate to severe lapses in their data protection, which is concerning as the use of SaaS applications continues to expand.

Paul Robichaux, Senior Product Director of Keepit and Microsoft MVP, noted, "Moderate confidence in SaaS data protection is not enough in today's threat landscape. Organisations must ensure their data recovery processes are robust and regularly tested. Otherwise, they risk discovering weaknesses too late, when a disaster has already struck and they're trying to recover."

Compliance with increasing regulations is a significant challenge for many organisations, as 50% of the respondents cited increased compliance requirements as their top concern. Global regulations such as NIS2 and DORA are becoming more stringent, necessitating that organisations adequately protect their SaaS data.

Robichaux added, "In the financial industry, for example, DORA requires that backup environments be segregated from production environments to reduce risk. And we know that many organisations aren't well-prepared to meet these requirements. The rising volume of data, combined with increasingly complex regulations, presents a significant challenge for many organisations."

The survey also identified that 57% of respondents perceive brand and reputation damage as the most significant business impact of data loss, followed closely by financial consequences. "Customer data is among the most valuable assets an organisation holds," said Robichaux. "Losing access to that data, whether through ransomware or accidental deletion, can have devastating financial and reputational consequences. Organisations need to take a proactive approach to ensure their SaaS data is protected."

A notable gap exists in perceptions of data backup responsibility, as 58% of respondents reported using Microsoft to back up their SaaS data. However, many executives mistakenly believe that their data is fully covered by native SaaS backup features, overlooking the shared responsibility models in place.

Robichaux pointed out, "Only 15% of respondents consider backing up directory and identity services like Entra ID to be crucial, even though losing access to these services could cripple business operations. This shows a need for better education around SaaS data protection."

Budget constraints and lack of expertise are significant roadblocks to improving data protection strategies, as noted by 56% and 33% of respondents, respectively. Many organisations also face challenges managing multiple data backup vendors, complicating their efforts further.

To address these challenges, Keepit plans to host a webinar titled "Protecting Your SaaS Data – Pitfalls and Challenges to Overcome" on 17 October 2024. This event will offer industry professionals insights into improving their SaaS data protection strategies and ensuring compliance with evolving regulations.