The pandemic completely transformed the IT environment for SMBs, and one of the most dramatic changes was the concerted push to SaaS platforms like Microsoft 365 and Google Workspace. While these solutions allow for increased collaboration in a remote work environment, there are significant misconceptions and challenges surrounding the protection of the data in these applications.
Christophe Bertrand is the resident data protection expert at the renowned analyst firm Enterprise Strategy Group (ESG) and has more than 25 years of experience helping organizations navigate data protection challenges. Here are three things he feels MSPs need to know about SaaS data protection in order to effectively safeguard their customers’ data and increase their own profitability.
SaaS Providers Are Not Responsible For Your Data.
Though the misconception that SaaS providers are responsible for data protection has been debunked by countless experts, many IT professionals still mistakenly believe they do not need to proactively back up their SaaS data. When ESG conducted its 2021 Data Protection Cloud Strategies research, Bertrand was surprised by the number of individuals who still believed that the SaaS platform would fully protect their data.
“What we found in 2019 was that there was a big disconnect — 37% of respondents said the SaaS vendor was responsible for their data,” Bertrand said. “This year, I expected this to go down significantly, but we still found that 35% of respondents said their SaaS vendor was responsible for their data. Market education is still needed.”
MSPs need to understand the importance of protecting both their clients’ and their own SaaS data using a third-party vendor, especially for key applications like Microsoft 365 and Google Workspace.
MSPs Have Opportunities In SaaS Data Protection — If They Properly Educate Their Customers.
“We found in our 2020 research that 32% of mission-critical data is in SaaS-based applications,” Bertrand said. “If almost a third of a client’s most crucial apps are SaaS-based, and the client doesn’t understand the service level agreements (SLAs) and thinks backups happen automatically, there is a real potential for disaster.”
Therefore, it is highly likely that MSPs have clients storing critical business information across several SaaS solutions. Since even IT professionals are misinformed when it comes to SaaS data protection, it should come as no surprise that an MSP’s customers are likely also confused about who is responsible for this data. Because many clients may simply assume that organizations like Microsoft and Salesforce will automatically protect their data, it’s up to the MSP to help educate their clients about the do’s and don’ts of SaaS data protection.
“It’s key for MSPs to identify their client’s crucial workloads and identify what mechanisms are in place to protect the data currently,” Bertrand said. “In their initial conversation with the client, it’s key to amplify that just because it’s a SaaS service does not mean the vendor is governing the data. It’s also important for MSPs to discuss data protection from a compliance angle and ensure the client understands their SLAs.
“Our recent research found that 29% of respondents were only familiar with some of their SaaS providers’ data protection and recovery SLAs, and 7% stated that they were not familiar at all. There is so much flying in the dark.”
While there is a large amount of education that needs to take place in the market, Bertrand sees this as a good thing. “This is a fantastic opportunity for MSPs, especially in the Microsoft 365 market,” he said. “If you look at the success rate of recoveries in Microsoft 365 in our recent research, we’re nowhere near the 100% mark. In fact, 37% of respondents in our recent research recovered 75% or less of their data. You should really have the majority at 100%, as Microsoft 365 is mission-critical.”
Interestingly, MSPs may find significant challenges in educating their more digitally savvy clients on the topic of SaaS data protection. ESG found that organizations under 20 years old were more likely to believe that the SaaS vendor was responsible for their data — 44% of organizations that had 20 years or fewer in business stated that the SaaS vendor was responsible versus only 21% of organizations that had been in business for over 50 years. Thankfully, a worst-case scenario with SaaS data can be avoided for a client of any type with the help of an MSP partner who takes the time to truly understand the client’s data needs and uses key research and experience in the field to inform the customer about the best options for their needs.
And while the importance of SaaS data protection will continue to grow, Bertrand reminds MSPs not to set their sights on cloud-only environments. “It’s a hybrid world,” said Bertrand. “Though SaaS is low-hanging fruit, data is everywhere. MSPs have an opportunity to help their clients build a coherent data protection plan across this hybrid environment. If I am looking for someone to take over my IT, they need to understand where the data truly lives.”
Data will continue to grow across multiple environments, and it’s important for MSPs to look for unified business continuity and disaster recovery (BCDR) solutions that allow them to view data across multiple environments from a single dashboard. This unified approach will save them time as they grow their SaaS data protection services for their clients.
When Assessing SaaS Data Protection Platforms, Cybersecurity And Recoverability Are Key.
While the average client of an MSP may not know much about SaaS data protection, it’s likely they are very aware of the threat of ransomware. After all, it’s hard to turn on the news without hearing about a new cyberattack. Since ransomware is an unfortunate reality, it’s critical that MSPs look for SaaS data protection solutions that include key features like dark web monitoring and predictive analytics. These can spot unusual patterns in data that are often a telltale sign of an attack. It’s also crucial that MSPs thoroughly test their chosen SaaS data protection platform to ensure they can successfully recover.
“It’s about moving the bar up from BCDR to cyber recovery and cyber resilience,” Bertrand said. “It’s important to have a holistic view of data loss prevention.”
Fast Facts About Christophe Bertrand
Christophe Bertrand is no stranger to the world of data, with nearly three decades of experience with companies such as Legato Systems (now EMC), VERITAS, Maxtor, Hitachi, DDN, and Arcserve. In his role as senior analyst at Enterprise Strategy Group (ESG), Bertrand helps clients create cohesive data protection strategies and is also instrumental in spearheading ESG’s data protection research.
Do you want more leads, more clients, more profits now but don’t know where to start? Click here and watch a quick video about the three biggest problems IT Service Businesses face and how to solve them.