Understanding Data Protection Within the SaaS Shared Responsibility Model

By Zack Brigman - Senior Manager, Product Marketing
February 24, 2021

SaaS applications are transforming how businesses consume software. From Salesforce to Dynamics 365 and Office 365, cloud service providers offer robust, highly performant SaaS solutions. And while cloud service providers are responsible for the underlying infrastructure and availability of their SaaS applications, customers (users) often believe the service providers are also responsible for protecting your data.  However, the majority of cloud service providers follow a ‘shared’ and ‘distributed’ responsibility model – putting the onus of data protection on you (the customer).

Understanding the ‘shared responsibility’ model

Many customers mistakenly believe that cloud service providers are responsible for both administering their tools AND protecting the data created and stored within them. Put plainly, they’re not… Universally, the top cloud service providers in our industry (such as Microsoft, AWS, Google, and Salesforce) follow a ‘shared responsibility model’:

  • The cloud service provider’s role: In this model, the cloud service provide is responsible for the infrastructure and underlying services of their SaaS applications – while the customer is always responsible for protecting his or her data. This means CIOs, security officers, and IT professionals must recognize that the responsibility of protecting cloud data that does not lie with their SaaS application providers.
  • Your (the customer’s) role: Data protection is the customers’ responsibility. This includes data entering, living in, and leaving the system. With that comes the responsibility of long-term, extended protection of data residing in production and sandbox environments.

The importance of data protection

SaaS app data loss comes in many shapes and sizes. From accidental deletion, to corruption, to sophisticated ransomware attacks, to malicious internal users, businesses must comprehensively protect their data from a variety of threats. And while SaaS solutions may offer basic tools for short-term replication – they are limited in nature and are not capable of meeting the retention and recovery requirements of today’s businesses. In fact, data experts and cloud service providers alike recommend the use of third-party data protection solutions, recognizing them as the last line of defense in protecting your critical SaaS app data.

Best practices for data protection

Dedicated solutions provide an elevated level of security and control to help admins and IT professionals safeguard their data.  Industry best practices hinge on having a dedicated third-party solution that keeps data retained, secure, and rapidly recoverable. Benefits include:

  • Comprehensive coverage of SaaS app data across environments
  • Isolated, immutable backup copies – in a separate security domain from source data
  • Granular backups with flexible restore options for precision recovery at scale
  • Long-term data retention, without recycling bin limitations
  • Hardened, multi-layered security controls
  • Highly performant and complaint, to meet retention and recovery SLAs

Are you ready to secure your SaaS data?

Check out Metallic® Office 365 Backup, Metallic® Salesforce Backup, and Metallic® Backup for Microsoft Dynamics 365 to safeguard your critical app data today.

microsoft cloud-metallic blog ad

About Metallic

Metallic, from Commvault, offers award-winning data protection without the complexity. With broad-ranging coverage across apps, endpoints, on-prem, and cloud environments – Metallic is proven to safeguard your critical data from deletion, corruption, and attack.