Part of:Protect SaaS data with backup and disaster recovery planning
SaaS disaster recovery best practices
Businesses that use SaaS applications hand off some responsibilities of managing that data, but disaster recovery is not one of them. Make sure you have a recovery plan in place.
The cloud has changed the game for backup and recovery admins, and software-as-a-service options are continuously rising. When businesses entrust data to SaaS providers, they must consider the effects of downtime on that data and have a disaster recovery plan in place.
When it comes to SaaS disaster recovery, there is no room for confusion about who is responsible for protecting and recovering that data. Organizations must know not only what the SaaS provider can do but also what the organization is responsible for in an outage.
Like any IT service, SaaS disaster recovery requires the combined efforts of the consumer and the provider. Consumers must know what type of recovery they want, how much downtime they can tolerate and what they want to do to meet these goals. The SaaS provider must consider its limitations and plans when something goes awry on the user's end.
Find out more about why SaaS disaster recovery is important, what considerations businesses should make when choosing a vendor and some best practices for implementing a SaaS DR plan.
Consequences of SaaS downtime
Organizations use SaaS for several business functions. Common SaaS uses include:
Cloud storage
Communications and office tools
Customer management platforms
Project management
Electronic records
One major benefit of SaaS is that it enables businesses to use software without installing or managing it on-site. This is especially helpful for smaller businesses that might not have the staff or resources to manage business data and applications.
Storing data in a SaaS application -- especially customer data -- means that organizations that use SaaS applications have an extra layer of responsibility to protect this data and mitigate potential disruptions.
If an organization uses a SaaS platform to store personal information, downtime and data loss can cause not only reputational harm but also legal repercussions.
Because it is connected to a network, SaaS data is still vulnerable to issues affecting on-site data. These can include:
To better mitigate threats, disaster recovery and IT teams should conduct a risk assessment and business impact analysis. These assessments will inform businesses of the threats they are most likely to face, and which scenarios could cause the most damage or downtime.
Consider disaster recovery from the start
When choosing a SaaS platform, consumers should have a clear idea of what they are looking for in a provider and what is possible through those services. Any decent SaaS provider must provide some level of backup as part of their responsibilities to their clients, but they may not keep the same backup frequency an end user might find useful. Backup frequency must be included in the SLA documentation, so consumers should read all documentation carefully to understand the provider's responsibilities and their own.
With most major SaaS providers, consumers should also conduct their own backups.
With most major SaaS providers, consumers should also conduct their own backups. Along with varying backup/retention policies among providers, if a file is accidentally or maliciously deleted it might be easier and faster to restore from in-house copies rather than making a support request. Disaster recovery using the organization's backups is both expedient and likely to have the most up-to-date information if the business backs up its data frequently.
Most major SaaS providers offer options to export data if needed. Each vendor addresses it differently, but many do provide the option. While vendors might offer to export data, that doesn't address the SaaS elephant in the room: Without the proprietary SaaS platform, the data alone serves no purpose. The consumers are at the mercy of the SaaS provider and its disaster recovery abilities.
Some vendors, such as Zerto and Veeam, provide the ability to invoke disaster recovery and render a limited read-only version of the services in question for the duration of the outage. This type of backup service could be costly. But, if an organization uses it properly, in conjunction with a proper business continuity plan, it can mean the difference between reduced levels of service and none at all.
DR considerations for SaaS providers
The optics are slightly different for providers of bespoke SaaS services. It is important to plan for loss of service and design for redundancy across multiple physical locations. If an organization does this, it can easily fail over to another region in an automated fashion without lengthy downtimes.
SaaS providers must design the infrastructure to be resilient and not rely on a single zone or region being available for failover purposes. While multiple failover zones might have higher costs, being able to initiate disaster recovery operations and complete a restore quickly will pay for itself after a single outage.
Above and beyond that, the ability to restore data at the granular level is critical. End users frequently lose or somehow mangle their data, so a SaaS provider should have contingencies ready for human error on the consumer side. Providers must clarify their responsibilities and outline those of the consumer from the start in the SLA. This will avoid confusion or conflict between the end user and the provider if an outage occurs.
Stuart Burns is a virtualization expert at a Fortune 500 company. He specializes in VMware and system integration with additional expertise in disaster recovery and systems management. Burns received vExpert status in 2015.
