Forrester Report: How to Create a Saas Application Resilience Strategy

Vigorous SaaS Adoption Creates A Widening Gap In Technology Resilience

In Forrester’s Software 1 Survey, 2022, 55% of global software decision-makers at enterprises said their business already uses SaaS, and another 35% expected to use a SaaS solution in the next 12 months. They use SaaS to address core business functions like sales enablement, collaboration, human resources, enterprise resource planning, and commerce. Many of the systems that SaaS options are replacing or augmenting are key capabilities that were previously protected by rigorous backup and disaster recovery plans. Moving those systems into SaaS environments where enterprise IT teams have little control or visibility leads to gaps in resilience. SaaS challenges technology leaders because:

Shared responsibility makes SaaS unique. When you host it, it’s clear you manage it — data and all. Responsibility is also clear when using a contracted hosting service for off-the-shelf software, as the contract with your hosting provider clearly assigns ownership. SaaS operates differently. Your business brings its data to the provider’s platform, and the provider takes responsibility for the runtime, middleware, operating system, infrastructure, etc. and some management of the app and data. In terms of data resilience, most SaaS vendors don’tprovide encryption for data in transit nor do they back it up or grant direct access to this data for users to back up their own data. This piecemeal resilience landscape differs from what many enterprises are accustomed to.

• Shared ownership leaves room for gaps. Although the SaaS provider is responsible for the application and data, it often takes care of only a small portion of what an enterprise requires: Salesforce offers platform backup but not granular restore for lost records; Microsoft 365 uses a default 30-day deleted-email retention policy. This leaves you, ultimately, in charge of the resilience for your data, which means you must be aware of any shortcomings or less-than-desirable default settings. And user assumptions often lead to the most painful gaps in coverage.
• Vendor decisions or mistakes impact your business. SaaS vendors make product design and management decisions. This abstracts the complexity away from end users, allowing them to simply consume the product. However, this assumes that the vendor is making the right underlying decisions to protect its users. This isn’t always the case. Service outages and data loss due to uncontrolled automation, routine maintenance scripts, cyberattack, and more all impact the users of a product. Not only are users subject to financial, competitive, brand, and regulatory repercussions, they may not have the ability to stand up comparable interim services, even if they back up their data outside the platform.