As an industry professional, you're eligible to receive a printed copy of the journal.

Fill out your address below.

Please reset your password to access the new
Reset my password
Welcome aboard, !
You're all set. We've send you an email confirmation to
just to confirm you're you.

Welcome to DRJ

Already registered user? Please login here

Existing Users Log In

Create new account
(it's completely free). Subscribe

The world is online more than ever. Ecommerce stores are being flooded with orders, project management platforms are seeing record usage, as are video conferencing tools like Google Hangouts. These businesses all have one thing in common, large and small: they’re struggling to keep up. Increased use of SaaS (software as a service) and PaaS (platform as a service) today is a peek into our future

Servers are down and many services are slowing as demand rises but supplies flounder. Whether it’s headcount, bandwidth, or inventory, the world is struggling to feed the monster of online activity. According to The Verge, the uptick in online activity due to COVID-19 has already caused major Microsoft Teams outages in Europe, while other SaaS and PaaS providers prepare for increased usage.

Consumers and businesses are bringing more of their daily activity online, not less. Whether it’s grocery shopping or project management, businesses are slowly finding they can operate from their computer. Current events are extreme, but the trend of business operations “coming online” started long before our global quarantine.

This means as businesses become more digital, they will be creating more and more data which will become essential to their day-to-day existence. This online data will drive operations and strategy.

The more data being created, the more there is to secure and backup. So it is more important than ever to keep our data protected. And data stored in the cloud is not immune to threat. There are myriad ways our online presence could be compromised, but generally these can be lumped into two major buckets: external and internal threats.

External Threats: Cybercrime

As online activity increases, so does criminal activity. Bad actors around the world are recognizing more users means more opportunity. In 2018, worldwide Internet users jumped from two billion in 2015 to nearly 4.5 billion.

Traditional industries, like main street small businesses, are taking advantage of lucrative online marketplaces. To cybercriminals, this not only means more users, but also probably less tech-savvy ones. Research has shown these bad actors overwhelmingly prefer victims over 50 years of age, and with 52 percent of small business owners in the United states being between the ages of 50 and 88, this demographic is rife for exploitation. Cybersecurity Ventures has already predicted a business will fall victim to a ransomware attack every 11 seconds by 2021.

Cybercrime is also costing the world between three and six trillion dollars per year in recovery, reparations, and ransoms. But, cybercrime isn’t just about ransoms and untraceable Bitcoin transactions. A talented hacker can wreak havoc on the backend of any website from a major SaaS provider to a small ecommerce business. This is where the cost of cybercrime truly shows. It’s in the repair and disaster recovery, not your anti-virus software.

As more businesses “come online” and inject more of their data into SaaS and PaaS platforms, the more opportunity for cyber criminals to take advantage.

The bottom line: The more online we are, the more we are at risk of cybercrime. But, let’s not burn our laptops and give up on technology just yet.

Internal Threats: APIs and Human Error

To expand, businesses are using the tools which SaaS companies have to offer. Ecommerce tools such as Shopify and BigCommerce, project management tools such as Trello Asana and Slack, and CRM and sales tools such as HubSpot, Salesforce, you get the drift.

It makes sense: These platforms take what were tedious, monotonous offline tasks, streamline them, and make them look nice with some really slick product design. And they actually work. With over 10,000 SaaS companies operating globally, statistics suggest “41 percent of workloads will be on the public cloud by the end of 2020.” That is both a testament to the quality of these platforms and to the inevitable migration of operations to online platforms.

For all these tools to truly be effective, they need to talk to each other and work together, like an orchestra. When they work – it’s incredibly efficient and powerful – but when they don’t, that is where problems arise. That is due to something called APIs.

An API or “application programming interface” is a computing interface which allows third parties to extend the functionality beyond the platforms themselves. To draw another analogy, I’m going to use Shopify and Quickbooks.

Back in the day, a small business owner would need to maintain their accounting books by manually copying data from their Shopify store to their accounting software. Now, QuickBooks Online and Shopify’s APIs have enabled links, allowing integrations that make same manual process automated with only a few clicks from the same user to get set-up.

Unfortunately, not all SaaS and PaaS companies work this way. Either the platforms are too robust, or the platforms haven’t created an API or connected their two platforms together. Third party integrations can also change, manipulate, or delete your data if connected improperly. Sometimes, if a user wants two platforms to speak to each other, they’d hire a developer or have their development team build out the functionality. This makes sure the integrations are sound, and no stone is left unturned.

Generally, these companies are under no obligation to release their API. Plus, it’s a ton of work to build the integration yourself. With that in mind, let’s quickly explore what many have found to be the biggest threat to any online business: human error.

There are thousands of ways to compromise your data, but just one mistake can dismantle an online operation. No matter how much training we do or how many times we’ve done the same thing, mistakes happen. It’s simply human nature, especially in a fast-paced environment. It isn’t a matter of if, it’s when.

These may all be things you’ve heard before, and you may be asking yourself why it all matters. It matters because the cloud storage and security protocols we rely on to protect our data are insufficient. As businesses operate more digitally, the more data is subject to cloud storage’s limits and downfalls.

Cloud Storage Limitations

The more we rely on cloud storage, the more careful and attentive we must be. Many Internet users assume the platforms they’re using have a level of responsibility to protect their users and their data. Unfortunately, that isn’t always the case.

For example: If your product roadmap is entirely set up in Trello, if your customer and leads lists are in Salesforce, and your ecommerce store is built on Shopify or BigCommerce, you are essentially beholden to the levels of security which these platforms are obligated to provide. Now, some are more robust than others, but generally speaking, SaaS and PaaS companies like these often provide a macro-level of security, storage, and backup capability in case of disaster. Unfortunately, this means account-level information like your customer details, website themes, and even your blog posts are gone.

What these companies are obligated to uphold is the “shared responsibility model.” Basically, the shared responsibility model is a virtual contract between you and the platform you’re using. For example, AWS (Amazon Web Services) is responsible for the security of their cloud. Users can rest assured their team is doing everything they can to ensure their infrastructure is resilient to all forms of disaster—criminal, natural, human, or otherwise. As a user, you are responsible for security in the cloud. That includes your operating system, firewall, network, apps, and everything else.

If this information is lost due to a data breach, human error, or criminal activity, AWS and platforms like it have no way of getting it back. It isn’t their job. This is the major fear for businesses relying on SaaS and PaaS platforms to build companies and operations. If disaster strikes, plans need to be in place as many of these platforms don’t provide the necessary backups and security of account-level data which businesses need to reduce losses.

Given what we’ve learned about the state of SaaS and PaaS disaster management, the impending increase of online users, and the flood of use cases and areas of business which are finding their home in these platforms, we need to start thinking about solutions to our main problem: security and backup.

Ultimately, cloud storage and backup are insufficient. Companies aren’t obligated to hold onto sensitive account-level information for all users, and even if they were, business owners may not want to risk cybercriminals hacking a server. They want more control than that.

How do you fix these problems while giving businesses a streamlined workflow, heightened security, and peace of mind? Well, users generally have two options: the easy way, or the resource intensive way.

The easy way involves simpler strategies to implement, but ultimately offers a superficial level of security.

If you choose to go resource intensive, you’ll spend more time, but end up with a more robust and secure backup.

Easy Backup Strategy Solutions

Not everyone has access to a development team, and not every business has the money to hire one. But regardless of resources, data needs to be made as secure as possible. These measures may not be what you think of when you imagine a traditional “backup,” but it’s essentially the same thing: You’re working proactively to make your data as secure as possible in anticipation of a disaster scenario.

User Restrictions: Many platforms offer multi-level access to users. Make sure you set your preferences and administrator privileges to the highest restrictions possible.

Passwords: Use a different password for each platform and keep them on-hand. Maybe use a password manager like LastPass, or “Keychain Access” on your iOS device.

2-Factor Authentication: Connect your app or service to another account to further secure logins. Most platforms offer this functionality, and Google offers a great 2FA tool you can install on your phone.

Manual Saves: If you have the time but are strapped for cash, you can download everything you need from the providers themselves -however tedious, and however disorganized.

Basically, do your due diligence. These are the major boxes to check when you’re looking for a new SaaS or PaaS service, but there are more advanced measures you can take to protect yourself as well.

Resource-Heavy Solutions

These strategies are going to take a lot more than some password changes and 2FA. But, while they’ll definitely take longer and might need a few extra hires, these more robust solutions offer a more complete and over-arching backup strategy to keep your business safe.

Build it yourself

You might be thinking, “I can build my own backup integrations in no time. I have a talented developer team. I have a couple of months to spare. What could go wrong?”

Short answer: a lot.

Long answer: It will definitely take more than a couple months to do the initial work, and that is besides the maintenance plan and upkeep you’ll need to do. But, logistics aside, there are simply more important things you and your team could be working on. Yes, you read that right.

I’ve spent this article talking about the importance of disaster recovery and how we need to take some of the burden off of SaaS and PaaS platforms, I know. When weighing the cost of creating your own internal backups in house against the value which those same resources could bring to customer acquisition or expanding your platform, the numbers don’t add up.

Plus, this maintenance part is a lot harder than it sounds. It’s a full-time job. Anytime there is distraction or multitasking, there’s an opportunity for error. From what we’ve learned about disaster recovery, these mistakes can cost a business a ton of money, and may even shutter it.

Hire an expert

While building something in-house can lead to errors and maintenance issues, companies which do this kind of stuff all the time, benefit from efficiencies and economies of scale. If a business owner writes a backup solution in house, it should fit their use case. However, keep in mind, it fits at this moment in time. Software is always evolving and a backup is useless if you can’t use it to recover.

The experts have thousands of customers backing up and restoring their data daily. The system is constantly being used, exercised, and validated and enhanced to ensure when you need to restore something, it will work. Ultimately, a ton of money can be saved by working with experts who focus solely on protecting the data they need to keep the doors open. This same level of certainty can be much harder to build and more costly if your DIY backup solution is a side project and not a first-class citizen of your business.

The Bottom Line for Backups

Businesses need more online activity to thrive and grow. The threat and dangers aren’t going away. Access to account-level data can help speed recovery, keep businesses running, and growing amid disasters. SaaS and PaaS platforms are developing faster than ever, but a focus on backups and disaster recovery in general is missing from the roadmap. Things are moving in the right direction but, for now, businesses need to take matters into their own hands.

The more we educate ourselves and ask the right questions, the better prepared we’ll be for the future of online business.


James Ciesielski

James Ciesielski is the cofounder and CTO of Rewind.

We’re in the Cloud, So We’re Covered, Right?
For the past decade, conversations within the IT community have been largely dominated by talk of “the cloud” and all...
Recovering from Ransomware
Recently, I got the call from a firm that had been attacked by ransomware. With all servers infected, they refused...
10 Key Elements of a Disaster Recovery Plan Companies Often Overlook

Technology can sometimes give organizations a false sense of security. If you have the technology and automation in place, you might believe you can simply press a button and recover if you experience a disaster, right?

Counting on Disaster: What Every Financial Institution Should Know
Disaster planning and recovery are often viewed as the need for backup systems to safeguard an organization’s data. Here’s a little hint for the survival of your company ... it’s not just about the data.