SaaS is Changing Everything – Including Data Loss Risk from Admin Error
As seen on EMC’s The Core
Software-as-a-Service (SaaS) has a history unlike that of on-premises software, and the people who manage and administer SaaS applications reflect that difference. When it comes to data protection, that difference matters, as you’ll learn.
What is SaaS, and does it REALLY differ from on-premises or from hosted applications?
SaaS isn’t just some software sitting on a vendor-managed server in the cloud – it’s significantly different from its predecessors, hosted and on-premises applications, in its delivery and its architecture.
- A SaaS application is by definition cloud-based and multi-tenant, sharing IT resources securely in the cloud among multiple applications and tenants (businesses, organizations, schools). Multi-tenancy is the technical architecture that differentiates SaaS from hosted/ASP applications. The customer will access the application through a web browser, and is only responsible for managing the data and metadata (customizations) of their instance.
- A hosted application is almost always a single-instance, single-tenant adaptation of an on-premises application. The customer may lease or own physical or virtualized servers upon which the application is installed, and will access it through a web browser or a thin client. The customer may be responsible for managing the servers, and is responsible for managing application upgrades and maintenance.
- On-premises applications are installed on and operated from a customer’s in-house (on-premises) servers and computing infrastructure. The customer is responsible for application security, availability to the organization, and management.
How Did SaaS Come to PaaS?
In 1999, salesforce.com was founded, offering the first true multi-tenant architecture in a commercial software application. Its SaaS applications, such as Sales Cloud and Service Cloud, were developed on its Force.com Platform-as-a-Service (PaaS). By foregoing conventional application development platforms and creating its own platform, salesforce.com freed itself from some of the performance limitations inherent in a standard relational database.
The salesforce.com achievement in creating a PaaS to enable SaaS, enabling them to scale up to support hundreds of thousands of intra- and inter-enterprise tenants (different departments, different organizations) was, to quote Computerworld, “complex, commendable and quite revolutionary.”
The SaaS Revolution Brought the Consumerization of IT to Business Applications
The revolution was not just technology – it also changed how business users researched and purchased applications, making acquisition as fast and easy as it was for consumers. A business user simply visited an app store, and could deploy with little or no help from IT. This focus on the non-technical application owner also meant SaaS applications were designed to be easy to administer and use by non-IT people. People with little or no technical background, such as an executive assistant or marketing team member, often found themselves tasked with deploying and managing the SaaS application.
These “accidental admins” were pioneers, learning—without traditional IT skills, and often with little or no IT support—how to use and customize the SaaS application to meet the organization’s needs.
And who were (and are) these pioneers?
- They are not traditional sysadmins. In the same survey, 66% had a non-IT backgrounds.
- A majority are women. In a recent survey of the Salesforce Community, women comprised 62% of admins and other Salesforce Community members who responded.
- In other words, these admins are different than traditional on-premises IT sysadmins.
SaaS Admins Look Like the Future of IT – Business-Focused, Diverse, Forward-Thinking – But There Are Gaps
With SaaS applications, traditional IT infrastructure and application maintenance activities are no longer a requirement. But that doesn’t mean that traditional IT disciplines and experience should be ignored. The “accidental admin” is often woefully unaware of the need for business continuity planning related to those SaaS apps she manages. She also may not be familiar with the IT governance and compliance requirements for data protection that are relevant for SaaS data.
Nearly 60% of survey responders said they use a native Salesforce backup tool with a WEEKLY, manually intensive backup process. Fully 26% didn’t know whether or not they had any form of backup for their SaaS data – even though they know their organization relies on SaaS data for sales forecasting, customer management, service and support, and other critical activities. None of these data points would make an experienced IT professional happy.
This is the sort of knowledge gap between the “accidental admin” and an organization’s traditional IT teams that must be filled. The new SaaS admin knows their SaaS vendor is secure, multiply redundant, and has enviable uptime stats. What they don’t generally know is that data can still be lost, through failed application syncs, accidental or malicious overwrites, or even a configuration change error. Further, they are likely unaware that the SaaS vendor cannot help them recover lost data due to these losses. Ultimately, the SaaS vendors cannot protect them from their own mistakes, or that of their authorized users, in the same way the IT team could with on-premises applications.
It’s Time for a Partnership Between “Accidental Admins” and IT
A partnership between the new SaaS application administrator and their IT teams can reduce the risk of accidental data loss. This partnership should include:
- An evaluation of current RTO and RPO for the SaaS applications, to align them with organization standards;
- A plan for SaaS data backup that also includes the ability to perform fast, accurate restores, getting the organization “back to good” in a timely fashion; and,
- A continued focus on ease of use and agility, to support the reasons why SaaS had been adopted – enabling the business to do more, faster.
SaaS Means Velocity, Diversity, and Change – Embrace It!
If you’re in traditional IT disciplines, reach out to those SaaS administrators within your organization. You’ll get insights into where the business might want to go. And if you’re a SaaS administrator, meet your savvy partners in IT. They have the experience and expertise you need when protecting your SaaS application and its data.