“Dude, Where’s My Data?” — How Data Is Lost in the Cloud

The adoption of Software-as-a-Service (SaaS) has grown rapidly over the past decade, and since the COVID-19 pandemic, its implementation has reached new heights. Some of the top reasons behind the increasing popularity of this cloud-based service are ease of use, flexibility, scalability and cost-effectiveness. According to Gartner, Inc., worldwide end-user spending on public cloud services is expected to reach nearly $600 billion in 2023.

SaaS solutions, such as Google Workspace, Microsoft 365, Salesforce and so on, provide compelling alternatives to traditional on-premises IT infrastructure. SaaS applications provide users access to powerful tools to enhance productivity and collaboration. Additionally, there’s no need to install, update or manage them, which enables users to focus on their tasks rather than wasting time troubleshooting issues. Undoubtedly, SaaS solutions offer multiple benefits to businesses both large and small. Despite all the benefits of SaaS applications, the risk of losing data in the cloud remains.

It is estimated that 99% of companies on the market use at least one SaaS solution to run their business. If you’re among those companies that store mission-critical data in the cloud, read on to learn more about how data loss occurs in the cloud and why you must back up your precious SaaS data.

Icon showing a worried employee that has lost data in the cloud.

How data is lost in the cloud

According to Statista, as of 2022, over 60% of all corporate data is stored in the cloud. The 2022 Thales Cloud Security Study found that 45% of organizations surveyed have experienced a data breach involving data in the cloud. Data loss in cloud applications is not rare or unheard of and can occur due to several reasons. The top reasons for SaaS data loss include:

Human error/accidental deletion

According to the Enterprise Strategy Group (ESG) research report The Evolution of Data Protection Cloud Strategies, deletion is the leading cause of SaaS data loss, whether accidental (20%), external and malicious (19%), or internal and malicious (6%). Employee negligence/human error is responsible for most data loss incidents and breaches in the SaaS world. As per Verizon’s 2022 Data Breach Investigations Report, more than 80% of breaches involved a human element.

Businesses using SaaS apps must realize that if anyone with valid credentials takes action, SaaS vendors, such as Microsoft, Google or Salesforce, also known as the “processor,” will view the request as legitimate and process it. This means SaaS providers will add, delete or modify data upon request. The context of the action (accidental, malicious, fraudulent, etc.) does not matter if valid credentials authenticate the command, including programmatic and scripting errors.

External hackers, ransomware and viruses

As more organizations pivot to the cloud, it is only natural that threat actors are increasingly targeting cloud data using new tactics, methods and procedures. In 2021, ransomware was responsible for over 20% of all attacks and continued to dominate the cyberthreat landscape, according to IBM X-Force Threat Intelligence Index 2022.

Ransomware threat actors target critical data to impact organizational operations and yield the greatest return. Microsoft validates this concern and encourages its users to implement ransomware protection for the security of their Microsoft 365 tenant. If that isn’t concerning enough, new variants of viruses and malware appear daily, increasing the risk of SaaS data loss. Around 300,000 new pieces of malware are created every day to target individuals and organizations.

Malicious insider activity

Despite implementing several technical and operational security measures, accidental and malicious insider activities are harder to prevent. This challenge exists both in on-premises as well as cloud IT infrastructure. With new tricks up their sleeves, threat actors increasingly target individual employees for insider efforts rather than looking for vulnerabilities in an organization’s networks and systems. Additionally, events such as the “Great Resignation” due to dissatisfaction among employees within the IT industry indicate that malicious insider activities are poised to increase in the foreseeable future.

“Dude, where’s my data?”

Nearly 60% of respondents in the 2022 Thales Cloud Security Study said that at least 40% of their data in the cloud is sensitive. Given the large volumes of important files, folders and records that businesses store in the cloud today, a data loss/breach incident could be catastrophic.

When businesses use any SaaS solution, they operate under the “shared responsibility model,” which means the security of your vital data in the cloud is a partnership between you and your cloud service provider. SaaS vendors like Microsoft, Google and Salesforce are responsible for application uptime and availability. This means you can access your productivity tools and files anytime, anywhere and from any device via the internet. However, you are operationally and contractually liable for data protection and account and access management.

Unfortunately, many organizations still do not back up their SaaS data. This is because they falsely believe that backing up SaaS data is unnecessary and that solution providers back up and protect their data. In fact, as per the 2021 Data Protection Cloud Strategies report, 35% of organizations surveyed solely rely on SaaS vendors to protect their data. Although SaaS providers are responsible for fixing issues that arise due to inadequacies on their end, they are not responsible for data loss or downtime that occurs due to human mistakes, programmatic errors, insider activities or cyberattacks.

Microsoft, Google and Salesforce operate data centers with world-class disaster recovery capabilities to protect from infrastructure threats like hardware and software failure, power outages and natural disasters. Still, they cannot protect you from the most common causes of cloud data loss.

The table below clearly distinguishes vendor and customer responsibilities.


Vendor Responsibilities Your Responsibilities
Hardware failure Human error
Software failure Programmatic errors/misconfigurations
Natural disaster Malicious insider activity
Power outage External hackers
Deletion requests Ransomware and viruses

Secure your data in the cloud with Spanning Backup

The Ponemon Institute and IBM’s Cost of a Data Breach 2022 Report found that the average total cost of a data breach increased from $4.24 million to $4.35 million in 2022. With businesses increasingly relying on SaaS solutions for day-to-day operations, data loss or downtime can severely impact an organization in more ways than one. While Google, Microsoft and Salesforce provide some native, basic functionality to help customers protect their data, there are significant gaps that need to be addressed.

Spanning Backup for Microsoft 365, Google Workspace and Salesforce fill the gaps in native functionality to protect critical data against the most common causes of data loss like phishing, ransomware and malware attacks, human error and more. Spanning is unique in its ability to enable both administrators as well as end users to quickly find and restore data to its original state in just a few clicks. It is remarkably easy to install, manage and use. More than 10,000 organizations rely on Spanning’s powerful yet easy-to-use capabilities to secure their SaaS data.

See for yourself why Spanning is the leading cloud-to-cloud backup solution.

Request a Demo Today