Data Protection Act 2018 (DPA 2018) 6 common social media privacy issues

data protection as a service (DPaaS)

What is data protection as a service (DPaaS)?

Data protection as a service (DPaaS) involves managed services that safeguard an organization's data. These services are often cloud-based and sold by subscription, and include service-level agreements (SLAs) between the vendors and customers.

DPaaS is either backup as a service (BaaS) or disaster recovery as a service (DRaaS). Customers outsource their data backup, recovery and/or disaster recovery to a service provider. The provider fully or partially manages the services.

Key aspects of DPaaS include the following:

  • SLAs. These agreements specify requirements, including backup frequency, restore times, data retention policies and snapshot strategies. SLAs vary by application type based on recovery point objectives (RPOs) and recovery time objectives (RTOs).
  • Storage options. Customers choose storage media types -- disk, flash, tape or cloud -- based on data urgency, or vendors can select media to meet SLAs.
  • Responsibilities. Providers manage monitoring, upgrading and maintaining the service.

DPaaS is available through many backup vendors, large public cloud providers, managed service providers and traditional infrastructure vendors that provide storage as a service (STaaS).

BaaS vs. DRaaS vs. DPaaS

BaaS and DRaaS are similar in how they are sold, deployed and managed, but their services are for different IT use cases.

Both types of DPaaS are part of a larger industry trend toward storage as a service, where managed service providers handle primary or secondary storage. The largest storage vendors have STaaS programs, which usually include DPaaS options.


Backup as a service automates the backup and recovery processes that almost every business uses. Any successful backup system protects company databases, files and other critical data by storing them on less expensive media or in the cloud or a co-location site.

Some BaaS options merely host applications in a public cloud, while the customer manages the process. Others provide software to move data and backup targets to store data, automating and managing the entire process. BaaS also continually updates data protection software and infrastructure, so the customer needn't worry about hard drives, tape libraries and backup software.


Designed to achieve business continuity following a disruptive human-caused or natural disaster, disaster recovery as a service protects data, applications and infrastructure required to operate the business in order to recover as quickly as possible.

DRaaS includes an off-site location -- either a public cloud or a service provider's location -- containing all the resources needed to recover after a disaster. This site alleviates the need for an organization to maintain and equip its own secondary data center as a DR site. DRaaS replicates and migrates data to the secondary site.

The DRaaS vendor provides failover and failback capabilities when a disaster strikes. Common triggers of DR include cyberattacks; natural disasters, such as floods, hurricanes or earthquakes; power outages; equipment failures and human error. Any business in an area prone to natural disasters should locate its DRaaS secondary site in a different geographic region.

Is data protection as a service important?

Protecting data is of utmost importance for most organizations, especially in today's world of cybercrime. Also, artificial intelligence (AI) requires a company to maintain up-to-date, reliable and easily accessible data.

Organizations can perform their backups and DR manually, but DPaaS is often more flexible, secure and efficient. It's typically less expensive because it saves a company from acquiring infrastructure and backup software. With many IT teams stretched thin by budget constraints, DPaaS allows staff to work on other projects. DPaaS lets companies set specific backup policies on an application-by-application or site-by-site basis, depending on their RPO or RTO needs.

DPaaS affords anomaly detection, encryption and other security measures for specific data sets. It keeps companies functioning or helps them restore operations quickly in case of a disaster or security breach.

How does DPaaS work?

DPaaS automates the backup and recovery processes by orchestrating workflow processes to meet RPOs, RTOs and SLAs.

Customers determine what's protected, including virtual machines, databases, emails, files and cloud-based data. They also set the type of backups they want, such as incremental, full or differential.

Other options include the types and amounts of compute, storage and networking needed for each type of workload, along with their retention and encryption policies. Customers also choose, when the need arises, where their data can be found once it's recovered.

DPaaS providers automate these customer-picked processes.

Data protection as a service vs. traditional data protection

DPaaS removes all or some of the manual management processes required by traditional data protection. The DPaaS provider deploys, monitors, scales and updates the hardware and software required for backup and disaster recovery. This is attractive to companies with staffing challenges due to budget restrictions or skills shortages.

DPaaS also uses a different payment structure than traditional data protection products. DPaaS is often consumed as Opex, purchased on a subscription or pay-for-what-you-use basis, while traditional data protection is a Capex payment, where the customer invests upfront money in the hardware infrastructure and software.

Key benefits of data protection as a service

DPaaS ties into several IT trends. It often uses AI and machine learning to automate processes, it allows companies to consume IT as an Opex rather than Capex cost, and it simplifies operations.

Here are the major benefits of DPaaS:

  • Reduced Capex. With DPaaS, customers only pay for what they use instead of first purchasing costly hardware and software.
  • Rapid scalability. DPaaS scales servers, storage and other resources to meet demand quickly. This elasticity works both ways. Companies add or subtract resources as their needs change.
  • Centralized management. DPaaS protects data on premises, in the cloud or at the edge without requiring separate systems and processes.
  • Automated workflows. New applications and business units are rapidly brought online without changing workflows.
  • Fast restores. The service provider restores data based on customer-set policies to meet SLAs. No manual intervention is required.
  • Security for remote workers. DPaaS removes the responsibility of protecting and securing data from users when they work from home or travel.

Drawbacks of data protection as a service

DPaaS is not the best fit for all organizations. The following are among its drawbacks compared with traditional data backup and disaster recovery:

  • Sticker shock. As with many cloud services, monthly subscription bills grow as protected data grows.
  • Egress fees. Large public cloud providers can charge customers for transferring data from their cloud to data centers or other public clouds.
  • Less control over sensitive data. Outsourcing data protection has privacy and compliance ramifications. Some geographic areas require data to be stored close to a company's premises, and an organization's customers might balk at having their personal information handled by a third party.
  • Corporate Capex preferences. Many companies mandate that their equipment must be purchased rather than leased or outsourced because they prefer owning and controlling costs and upgrade schedules. Highly regulated industries -- such as healthcare and finance -- often favor Capex buying.

Future of data protection as a service

The trends pushing IT organizations toward adopting storage as a service are accelerating. These include the following:

  • Rapid data growth.
  • Proliferation of software-as-a-service apps.
  • IT skills shortages.
  • Cybercrime.
  • Data privacy regulations.
  • Increase in remote work.
  • Desire to optimize costs through subscription and pay-for-what-you-use models.

These trends point to the expanded use of DPaaS as well as other types of STaaS. Today, most main data protection and primary storage vendors offer their technologies as a service, often in partnership or competition with public cloud providers.

This was last updated in April 2024

Continue Reading About data protection as a service (DPaaS)

Dig Deeper on Data backup and recovery software

Disaster Recovery