SaaS Backup – The Shared Responsibility Model

SaaS Backup – The Shared Responsibility Model

Do SaaS Vendors Provide Backup for Your Data?

Let’s cut straight to the chase, the simple answer is no. Microsoft doesn’t backup Microsoft Office 365, and Google doesn’t backup Google Workspace. In fact, across all the major SaaS environments, your own data is still 100% your responsibility, just as it would be with your critical on-premise data.

Why? Because all major SaaS vendors operate under what is known as the Shared Responsibility Model.

What is the Shared Responsibility Model?

The Shared Responsibility Model is cloud security framework that dictates the distinguished security obligations of both the cloud computing provider and its users, in order to provide accountability. It means the obligations are shared between the vendor and the end-user organisation (the customer).

When it comes to SaaS Backup, this means that whilst SaaS vendors like Microsoft and Google do an excellent job taking care of the physical infrastructure, network controls, and operating systems that host Office 365 and Google Workspace, it’s a common misconception that they also take care of your data.

The Shared Responsibility Model means that the SaaS vendor takes on the responsibility for the physical security of their data centres and software, but the data – the critical component that powers the business – remains the entire responsibility of the end-user organisation. It’s the customer’s obligation to protect their own data from ransomware, human error, internal and external security threats, and programmatic issues.

Below is a breakdown of the Shared Responsibility Model:

Does That Mean SaaS Backup Is An Absolute “Must Have”?

Put simply, yes. It is crucial that you have robust backup and recovery in place for SaaS environments such as Microsoft 365, Google Workspace, Azure AD, Dynamics 365, Salesforce, and Dropbox.

In fact, Microsoft even officially recommends third-party backup and recovery for Microsoft Office 365 in their Service Agreement – stating:

“We recommend that you regularly backup the Content and Data that you store on the Services using third-party applications and services.”

Microsoft makes it crystal clear that your tenant – and more specifically the data within it – is still owned by the organisation and is therefore your responsibility.

Gartner has even gone as far as to “forecast security breaches, for at least one major SaaS vendor, which will cause irreparable data loss and interruptions to business, costing organisations more than £80 million, by 2025”.


Arcserve SaaS Backup & Recovery from E-ZU Solutions

Arcserve SaaS Backup & Recovery offers world-class protection with the most comprehensive SaaS coverage on the market: Microsoft 365, Azure Active Directory, Google Workspace, Dynamics 365, Salesforce, Dropbox, and more.

It’s powered by Keepit technology, which is recognised as a ‘Leader’ in the Forrester New Wave™. Our service retains 4 x copies of your SaaS backup data stored across ‘Tier 4’ private datacentres, meaning it adheres to the NCSC recommended 3-2-1 strategy which most SaaS Backup solutions do not (stored in a public cloud).

With our cloud-to cloud service, your data is stored with a true ‘Immutable’ blockchain infrastructure, which means it’s 100% impervious to Ransomware or accidental deletion.