Access the Report
Forrester Report: How to Create a Saas Application Resilience Strategy
Executive summary
Resilience in cloud is easer to achieve than on-premises solutions - but only if you have the right strategy in place. As you design your approach, there are many key considerations to make, including if you want to work with a SaaS partner to achieve business resilience.
Every SaaS solution is different and you must build a framework for assessing risks in SaaS platforms and identify the tools they need for mitigating those risks.
This report highlights the biggest challenges you’ll face with working with a SaaS partner and how to mitigate those risks to ensure you’re taking advantage of all the benefits that are inherit in cloud computing.
THIS GUIDE INCLUDES
Resilience is a shared responsibility between you and your SaaS partners
Shared ownership introduces gaps and risks to your solution
Building cloud resilience is possible, with the right tools in place
PDF content preview
How To Create A SaaS Application Resilience Strategy
Summary
The rapid adoption of software-as-a-service (SaaS) platforms like Microsoft 365, Salesforce, and Workday is changing how businesses address data resilience. Understanding data protection isn’t straightforward. Technology and risk leaders must build a new framework for assessing risks in SaaS platforms and acquire new tools for mitigating those risks. Building a SaaS application data resilience strategy will require changes to everything from procurement to backup software choices. This report helps technology leaders build a strategy for protecting data hosted in enterprise SaaS platforms.
Vigorous SaaS Adoption Creates A Widening Gap In Technology Resilience
In Forrester’s Software 1 Survey, 2022, 55% of global software decision-makers at enterprises said their business already uses SaaS, and another 35% expected to use a SaaS solution in the next 12 months. They use SaaS to address core business functions like sales enablement, collaboration, human resources, enterprise resource planning, and commerce. Many of the systems that SaaS options are replacing or augmenting are key capabilities that were previously protected by rigorous backup and disaster recovery plans. Moving those systems into SaaS environments where enterprise IT teams have little control or visibility leads to gaps in resilience. SaaS challenges technology leaders because:
Shared responsibility makes SaaS unique. When you host it, it’s clear you manage it — data and all. Responsibility is also clear when using a contracted hosting service for off-the-shelf software, as the contract with your hosting provider clearly assigns ownership. SaaS operates differently. Your business brings its data to the provider’s platform, and the provider takes responsibility for the runtime, middleware, operating system, infrastructure, etc. and some management of the app and data. In terms of data resilience, most SaaS vendors don’tprovide encryption for data in transit nor do they back it up or grant direct access to this data for users to back up their own data. This piecemeal resilience landscape differs from what many enterprises are accustomed to.
- Shared ownership leaves room for gaps. Although the SaaS provider is responsible for the application and data, it often takes care of only a small portion of what an enterprise requires: Salesforce offers platform backup but not granular restore for lost records; Microsoft 365 uses a default 30-day deleted-email retention policy. This leaves you, ultimately, in charge of the resilience for your data, which means you must be aware of any shortcomings or less-than-desirable default settings. And user assumptions often lead to the most painful gaps in coverage.
- Vendor decisions or mistakes impact your business. SaaS vendors make product design and management decisions. This abstracts the complexity away from end users, allowing them to simply consume the product. However, this assumes that the vendor is making the right underlying decisions to protect its users. This isn’t always the case. Service outages and data loss due to uncontrolled automation, routine maintenance scripts, cyberattack, and more all impact the users of a product. Not only are users subject to financial, competitive, brand, and regulatory repercussions, they may not have the ability to stand up comparable interim services, even if they back up their data outside the platform.
PDF preview
Access the full download
Understand how to create practical authentication policies