Problem - SaaS Providers Do Not Take Responsibility for your Data Protection
There's a common misconception, a wishful hope, that by putting anything in the cloud, you get that naive, 'Isn’t the cloud provider backing that up for me?
Global Pharmaceutical And Life Sciences Firm Lost Data From Some Of The More Than 100 SaaS Services It Uses
In most cases, it could not completely recover
1 out of 3 Companies Lose Data in SaaS
SaaS was by far the most common public cloud IT infrastructure used with 80% of 123 surveyed companies.
SSP Worldwide faced a THREE-WEEK LONG outage
Insurance brokerage firms could not issue new policies, look up the expiration dates of existing policies, or communicate with their clients. Couldn’t recover some clients’ data from backup instances.
Backing Up SaaS Application Data Is Your Responsibility – FORRESTER REPORT
Nearly every SaaS provider explicitly states in its terms and conditions that clients are responsible for protecting their own data.
SaaS Data Loss – The Problem You Didn’t Know You Had – ABERDEEN ANALYST INSIGHT
SaaS providers have disaster recovery plans for their disasters not for your user-inflicted data loss scenarios; the risk is real.
Back Up Your Critical Cloud Data Before It's Too Late – FORRESTER REPORT
It's not just a best practice — it's a fiduciary responsibility. If you don't back up your data, then customers, partners, and employees consider you negligent and incompetent.
Reasons for SaaS Data Loss
Why should you backup G Suite & Office 365 data?
Based on the survey conducted by Cyber Guardian Consulting Group, we have obtained a similar result (as Aberdeen Report – shown below)where more than 58% of the problem is due to human error.
Example: Google, Microsoft, Zoom and others do not take responsibility for data loss. Data backup is your responsibility.
Reasons for SaaS Data Loss – ABERDEEN GROUP ANALYST INSIGHT, January 2013
While 68% of SaaS-users reported that they have never lost any of their data from an application, a full third (32%) reported that they had.
Few Firms Protect Their Cloud Data From Obliteration
Global Software as a Service (SaaS) Market was Valued at $134.44 Bn in 2018 and is Expected to Grow to $220.21 Bn at a CAGR of 13.1% through 2022 - Global Software as a Service (SaaS) Market Report 2020
Accidental deletion/Human Error
Everyday human errors account for up to 64% of data loss incidents according to Aberdeen research. Employees inevitably delete the wrong email, contacts, or critical configurations.
Illegitimate deletion requests
SaaS providers will honor your deletion request without question. They have no way of knowing if it’s a hasty (or malicious) request and they are not responsible for any unexpected results.
Whether through technical means or social engineering, aggressive individuals and organizations are constantly inventing new tactics for getting to your data.
Otherwise known as sync errors, those powerful tools designed to streamline business processes can ruin critical data in a flash — with no undo.
Employee action is involved in up to 23% of all electronic crime events, according to the CERT Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute.
Malware and viruses
Rogue software can spread mayhem with programmatic efficiency without an active attack from a hacker. Many malware programs and viruses emerge from existing code after hibernation, making them especially hard to defend against.
Beyond a typical cyberattack, these forms of industrial-scale extortion are becoming increasingly aggressive and expensive.
An unexpected and prolonged outage at your SaaS provider can cripple your business. Unless you have a plan for how to handle such circumstances, it’s highly unlikely that you’ll have access to your data.
Data retention policy
(for audit or compliance purpose)
While your organization’s policy or regulatory compliance mandates require you to retain data for few months or years, your SaaS providers won’t preserve data for that long.
Available Solutions are Insufficient
Weekly Scheduled Exports
Manual + Time-consuming, Infrequent, and Won’t Enable Efficient + Timely Recovery
Example: Google’s in-house tool for creating one-off exports of your data in different Google services, Google takeout is a serviceable means of creating a manual, one-time Gmail backup. Google takeout creates a .zip file of all your Gmail messages in the MBOX data format for re-import.
Limited Capacity, If Emptied Can Lead to Permanent File + Data Loss.
Requesting the SaaS Provider for Retrieval
Costly and Time Consuming. Not Feasible For Every Data Loss
Example: As part of a last-resort process, Salesforce support can recover customer data at a specific point in time in the case that it has been permanently deleted or corrupted. The price for this service is a minimum of $10,000.
Most of us are now relying on zoom for our business communications, conference calls, and meetings.
- We are also often recording these calls to share with those unable to attend the live call, to reference back when necessary, and as a form of meeting minutes to revisit later.
- However, just because Zoom stores your recording in the cloud, does not mean that it's backed up.
Why should you backup Zoom data?
Zoom does not take any responsibility for data loss. Each business is liable for their recorded conversations should they need to be referenced in the future. Even though zoom stores recordings in the cloud, it does not mean they are backed up.
Backing up your zoom data adds an extra layer of protection from human error, hackers, illegitimate selection, and programmatic errors. Your data is important to your business, and backing up that data ensures you do not suffer irreplaceable and unrecoverable data loss.
With Cyber Guardian Consulting Group’s Cloud-to-Cloud backup, information stored in
the cloud is also copied to another cloud backup so that your data is completely protected.
- The above screen grab is from the ZOOM Customer Terms of Service which highlights that ZOOM is not responsible for any content but can delete the content at will.
- What will happen because of this is that all your hours and hours of call recordings of important meetings will no longer be available to you.
How Google Drive Doesn't Back Up Its Own Data
The situation gets more complicated —and riskier — if you emptied the Google Drive Trash after you deleted a file you needed. This is a “hard delete,” and there is no easy way to restore permanently deleted Google Drive files. Google offers a roughly 25-day “graceperiod” after permanent deletion to administrators of G Suite for Work or G Suite for Education, but there are some caveats and complications.
Outside the very specific “paid users that contact us in 3.5 weeks or less” scenario, recovering deleted Google Drive data isvery complicated. In fact, if you aren’t a paid G Suite domain user, Google takes the rather extraordinary step of asking that you actually call Google support to discuss if it's possible to locate and recover your files. In many cases, this results in Google simply breaking the bad newsina more personal fashion.
What’s worse, there are lots of ways to permanently delete some or all of your G Suite data.
Limited Time to Restore Google Drive and Team Drive Files
Google Notes that: You have a limited time from when the data was permanently deleted to restore files and messages. After that, the data cannot be recovered and is gone forever.
As mentioned above, you could empty the Google Drive Trash. In addition, deleting a G Suite account purges all of the user’s Google Drive files (and Gmail messages, and Calendar events, and Google Sites files). No take-backs. No do-overs. A third-party app with access to your Google Drive account could delete all your Google Drive documents and data, permanently.
- The above screen grab is from the Google Privacy & Terms shows that Google can suspend or terminate your access under various conditions.
- What will happen because of this is that all your google drive data will no longer be available to you.
I&O Professionals And SaaS Providers Must Take Responsibility For Data Protection
Data Protection Challenges
Infrastructure & Operations Professionals
- Data Corruption
- Rogue Applications
- Hacking Events
- Malicious insiders
- Departing employees
- Power Failure
- Infrastructure failure
Work with a cloud-to-cloud backup provider
Talk to your SaaS provider about its backup and restore policies
Define a manual process for exporting cloud data
Cloud-To-Cloud Backup Is The Only Practical Option – FORRESTER REPORT, December 29, 2017
It’s not practical to custom-develop adapters or connectors that protect SaaS application data.
You must engage cloud-to-cloud backup providers*, as they can leverage their experience to add support for new services quickly.
Cloud-to-Cloud Backup from
Cyber Guardian Consulting Group
Why Cloud-to-Cloud Backup from Cyber Guardian Consulting Group?
Cyber Guardian uses a proprietary Software as a Service (SaaS) method to backup data from platforms that are normally not backed up, or do not have backup solutions available. With our Cloud-to-Cloud backup, information stored in the cloud is also copied to another cloud backup so that your data is completely protected.
- Secure: We contain your data in secure, redundant data centers that are SOC-2, ISO 27001, and PCI-DSS certified
- Encryption: Your data is encrypted with a minimum of AES-256 (4096-bit/8192-bit RSA encryption available upon request – and yes, a company did require this.)
- Durable: 99.9999999999% durability
Managed Cloud Backup
Our managed cloud-based backup* and disaster recovery products are designed to reinforce your current infrastructure with complete end-to-end data protection and security. We follow the 3-2-1 Backup Rule which states: businesses need to keep at least three copies of their data stored on two types of media with one copy off-site.
Cyber Guardian supports Windows, Linux and OSX on servers, workstations and mobile devices.
Additionally, we backup Virtual Machines (Hyper-V, VMWare and VirtualBox), Databases (SQL, etc..) and more.
*Cloud backups use secure offsite storage centers to protect from data breaches in the case of disaster.
CGCG’s Ability to backup
Amazon Web Services (AWS)
Office365(includes Microsoft Teams and OneNote)
G Suite (All Apps)
Benefits of Cloud-to-Cloud Backup by CGCG
Cyber Guardian Consulting Group’s C2C backup offers a number of advantages over a SaaS vendor's native data protection:
It is more comprehensive, as it protects the user against many possible cases of data loss
Focus is on backup data, so backups and recoveries are quicker and easier to perform
Data backed up is accessible from almost anywhere in the world
Immune to ransomware attacks on an organization because they are not on the office network
The pricing is typically based on the amount of data (in GB) to be backed-up
We are open to discussion
Cyber Guardian Consulting Group Cloud-to-Cloud Backup
About Us - Cyber Guardian Consulting Group
Cyber Guardian implements proactive, lightweight, and inexpensive solutions that meet and exceed business security requirements. Our cutting-edge technology leverages vast amounts of metadata, machine learning, mathematics, and data science algorithms, as well as some of the best minds in the IT security business – to keep companies and data secure.
Deliver the best possible solution that will grow and evolve with your business.
We always optimize your technology to bring the best return on investment..
We are the trusted business partner you can rely on for solutions that make sense.
Nicholas Martin is the Chief Executive Officer (CEO) of Cyber Guardian Consulting Group, LLC. (CGCG), a multidisciplinary team of cybersecurity and IT specialists supporting companies in healthcare, law, insurance, government, capital management, and the nonprofit space for almost a decade. Martin is also the chairman and largest voting shareholder of NY-LA Scoring & Sound Design Co, LLC. Beyond this his holdings extend to several other verticals, such as Finance, Entertainment, Modular Construction and Real Estate.
Furthermore, he is a frequent technical advisor, assisting Private Equity firms around the world with due diligence on high-profile transactions. Today, with a business management proficiency from Harvard Business School under his belt, his focus is on applying his expertise in information technology and data security to ameliorate, optimize and fortify his clients' assets.
Head of AI/ML & Quantum Projects
Mr. Shuster heads the Artificial Intelligence/Machine Learning & Quantum Projects at Cyber Guardian Consulting Group. With specialization in AI, ML, Quantum Computing, and Financial Analysis, Mr. Shuster has led and consulted a number of projects at different organizations. He has held positions with Morgan Stanley, The Federal Reserve Bank of New York, Standard and Poor’s, Merrill Lynch and more.
He is currently working with local organizations designing and installing cutting edge computing systems.
Mr. Shuster has three MAs in Computing, Philosophy, and Economics and is currently a Doctoral candidate.
Sr. Cloud Analyst & Software Developer
Di Wang is the Senior Cloud Analyst & Software Developer at Cyber Guardian Consulting Group. Di has worked as part of the Cloud Development Infrastructure team to design and help implement appropriate business security measures on the new cloud environment.
He has extensive experience working on server-based operating systems; kernel configuration on Red hat Linux, CentOS, OpenSUSE, Ubuntu 15.10, Amazon Linux AMI 2 and IBM Z platform. Di also has experience installing, configuring, and managing Client-Server Connection, CloudFront, Virtual Private Cloud, Load Balancers, Console Servers, and Network Security on Amazon Cloud Service. In addition, he has three years of work and teaching experience in software development with a broad skill set of problem-solving and a strong foundation in theory, concepts and methodologies of client requirement design and analysis.
Di has completed Master of Science and Bachelor of Arts in English/Legal Affairs.
Director of Engineering - Web
Mo Abdelalim is currently heads the Engineering for Web at Cyber Guardian Consulting Group. Mo has been Managing Partner and Engineering Director at Grosware Systems and Stell respectively. He has extensive experience in leading web technologies and cloud platforms. Mo brings years of hand-on experience in software and API development. He enables development teams to work coherently and complete tasks in accordance with requirements.
Mo has completed a Bachelors in Software Engineering.
In every implementation of Cloud-to-Cloud, on a quarterly basis we are championed to assist IT in restoring data that would have been otherwise gone forever with no means of recovery.