Why companies are struggling to keep up with SaaS data protection
While businesses increasingly rely on SaaS tools, many leaders are not fully confident in their ability to safeguard their data, according to Keepit.
Growing concerns over SaaS data protection
According to the survey, while 28% of respondents expressed high confidence in their data protection measures, a significant 31% reported moderate to severe lapses in their data protection. This lack of confidence is alarming as the use of SaaS applications continues to grow, with critical data stored in applications like Microsoft 365, Salesforce, and Power BI.
Moderate confidence in SaaS data protection is not enough in today’s threat landscape,” said Paul Robichaux, Senior Product Director of Keepit and Microsoft MVP. “Organizations must ensure their data recovery processes are robust and regularly tested. Otherwise, they risk discovering weaknesses too late, when a disaster has already struck and they’re trying to recover.”
The survey reveals that 50% of respondents cite increased compliance requirements as their top challenge, with growing data volumes and the complexities of managing SaaS data also ranking high. As global regulations like NIS2 and DORA become more stringent, organizations are under pressure to ensure their SaaS data is adequately protected and compliant with these evolving mandates.
“In the financial industry, for example, DORA requires that backup environments be segregated from production environments to reduce risk. And we know that many organizations aren’t well-prepared to meet these requirements,” noted Robichaux. “The rising volume of data, combined with increasingly complex regulations, presents a significant challenge for many organizations.”
Financial and reputational risks drive data protection priorities
The survey also highlights the financial and reputational risks associated with data loss. 57% of respondents identified brand and reputation damage as the most significant business impact of data loss, followed closely by financial consequences and regulatory compliance violations.
“Customer data is among the most valuable assets an organization holds,” said Robichaux. “Losing access to that data, whether through ransomware or accidental deletion, can have devastating financial and reputational consequences. Organizations need to take a proactive approach to ensure their SaaS data is protected.”
While 58% of respondents reported using Microsoft to back up their SaaS data, there is a disconnect between perception and reality. Many executives mistakenly believe their data is fully protected by native SaaS backup features. However, shared responsibility models mean that SaaS providers are not accountable for customers’ data backup, leaving a critical gap in protection.
“Only 15% of respondents consider backing up directory and identity services like Entra ID to be crucial, even though losing access to these services could cripple business operations,” Robichaux added. “This shows a need for better education around SaaS data protection.”
When asked about the roadblocks to improving their data protection strategies, 56% of respondents cited budget constraints, while 33% noted a lack of expertise and resources. Many organizations also face the challenge of managing multiple data backup vendors, further complicating their efforts.