Organizations are increasingly reliant on SaaS for many of their mission-critical applications and workflows. This means that a significant amount of business-critical data associated with these applications is now also cloud-resident. As a result, it is more important than ever that this data is available or at least recoverable. However, there is (still) a problematic misunderstanding about the responsibility for protecting SaaS data. While maintaining application uptime is the responsibility of individual SaaS providers, the onus for the availability and protection of data typically falls on IT organizations. This data protection gap exposes organizations to potential data loss, compliance and governance violations, and general operational risks.
In order to gain further insight into these trends, Enterprise Strategy Group surveyed 398 IT professionals at organizations in North America (US and Canada) personally familiar with and/or responsible for SaaS data protection technology decisions, specifically around those data protection and production technologies that may leverage cloud services as part of the solution.
This study sought to answer the following questions:
- What steps, if any, do organizations take to protect the data associated with the SaaS applications they currently use?
- Have organizations experienced any data losses or corruption with any of the SaaS applications they use over the past 12 months?
- What are the most common causes of data loss or corruption for SaaS-based applications?
- What benefits have organization realized as the result of using a solution to protect SaaS application solutions?
- What are the biggest challenges organizations have experienced with the data protection solution(s) they use for SaaS applications?
- What are the most important characteristics or considerations of a data protection solution, whether third-party or internally developed, for SaaS applications?
- How do organizations characterize the mission criticality of the major SaaS applications they currently use?
- What are the recovery time objectives (i.e., downtime tolerance) for the SaaS applications and workloads organizations protect today?
- What are the recovery point objectives (i.e., transaction or data loss tolerance) for the SaaS applications and workloads organizations protect today?
- Over the next 12-24 months, what level of IT priority do organizations expect to give to protecting SaaS applications, customizations, and associated data?
- How do organizations typically fund the data protection solutions used to protect their SaaS-based applications?
Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.