Rethinking SaaS: It’s Not Just About Backups Anymore
We’ve all heard the phrase “backups are old news.” Sure — the concept of protecting systems with backups has been around for decades. But while traditional backup strategies focus on saving copies of files or systems in case something breaks, a new conversation is emerging. One where backups aren’t just about recovery — they’re about security and resiliency.
This new approach includes using backups for threat detection, vulnerability analysis, and cyber resilience. It’s exciting, it’s modern — and we need to move in this direction. But as we explore this future, there’s a new and perhaps more urgent issue we need to look at, our SaaS applications.
The SaaS Blind Spot
For years, many of us have assumed that cloud-based tools — Microsoft 365, Google Workspace, Salesforce, etc. — were just “handled.” They’re hosted by tech giants like Microsoft, Google, and AWS, so we rarely questioned their safety. But recent outages, account issues, and — my personal favorite — good old-fashioned human error, have shown that SaaS data is not immune to loss or disruption.
And here’s the kicker: we’re using more SaaS than ever before. It’s not just email and file storage anymore — it’s our CRMs, automation tools, identity platforms, finance systems, and more. These tools are deeply woven into the fabric of how we operate.
What Really Needs Protecting?
When we talk about SaaS data protection, we’re not just talking about emails or documents. We need to think broader — configurations, policies, metadata, and integrations are just as critical to our operations. Here’s just a snapshot of what we’re dealing with:
Microsoft 365
- Copilot chat history
- Whiteboard sessions
- Defender policies
- Loop content
- Forms (questions and responses)
Entra ID
- Sign-in and activity logs
- Conditional access policies
- VPN Gateway configs
- PIM and role assignments
Google Workspace
- Gmail
- Google Drive
- Sites and Forms
- Chromebook configurations and device keys
Power Platform / Dynamics
- Power Automate workflows
- Application connectors
- CRM configurations
- Azure DevOps projects
Salesforce
- Metadata (code, structure, automation)
- Business-critical data
Finance Platforms
- Xero, MYOB, Reckon, Business Central
- Billing data, tax configs, user permissions
Identity Management
- Okta and Duo configurations
- Connected apps and access policies
Productivity & Operations Tools
- Monday, Trello, Zoho
- Boards, workflows, automations
And this list is just scratching the surface.
Two Big Questions We Need to Start Asking
- What would happen to our business if this data was lost?
It’s not just about recovering the files — it’s about understanding how tightly this data is tied to how your organization functions. - If a SaaS tool failed today, how long would it take us to get everything back to where it was?
Rebuilding policies, access control, automation, and integrations isn’t simple — and sometimes it’s not even possible without prior backups.
So, What Do We Do?
Some vendors are stepping up with SaaS backup solutions — but none can cover everything (yet). These products vary in scope, capability, and quality. There’s no one-size-fits-all solution, and even I’m still working through how best to protect certain tools.
But what’s clear is this:
We need to start asking better questions.
And we need to ask them now.
The more we challenge vendors, the more we raise awareness, and the more we demand robust SaaS protection and resilience, the faster the ecosystem will evolve to meet our needs.