• Mark Molyneux, EMEA CTO at Cohesity


• 22.06.2023 02:00 pm
#data #saas

The dynamic growth of Software as a Service (SaaS) has revolutionised business operations, offering financial organisations newfound flexibility to scale application services according to their unique requirements, freeing them from the constraints of lengthy and costly contracts. Nevertheless, as financial institutions navigate this SaaS landscape, it is crucial for IT and business leaders to remain vigilant about potential challenges related to data storage, retention, and protection within this evolving paradigm.

The popularity of the SaaS delivery model, where software is licensed on a subscription basis and is centrally hosted, is on an upward trajectory. Analyst firm Gartner says almost two-thirds (65.9%) of spending on application software will be directed towards subscription based cloud offerings in 2025, up from 57.7% in 2022.

It’s clear to see the results of that success – SaaS is ingrained into how organisations run their applications. Yet a side effect of that success is that more data is stored in the cloud too, which could have big implications going forwards. Whilst that data is stored on external infrastructure, it is the responsibility of the organisation to protect it from loss, human error or infections. 

You will get all the benefits of an on-demand service when signing up with a SaaS provider, but that doesn’t mean you can log in and simply forget about how your data is held. Financial companies that rely on SaaS will have data spread across a host of providers. Any IT or business manager that uses SaaS must focus now on how data is stored, retained and protected in these distributed environments - with different providers involved who are guided by different service level agreements.

The Significance of Reviewing Data Storage Terms and Conditions

The process for buying SaaS is so straightforward that analyst Gartner says many IT and business managers complete more than 60% of the buying process on their own before even engaging a vendor. And as a result, many IT and business managers buy the service without needing to engage with the vendor.  The large SaaS providers have designed their sites and purchasing mechanisms to make B2B procurement as simple as those a customer may entail with a major online retailer.

A number of decision-makers are delegating the buying process to team members as SaaS is seen to be an easy, low-risk investment. So, while a senior manager may make the final spending decision, someone else covers most of the selection process for a new service. According to Gartner, decision-makers often enter the fray for just the final 5% to 10% of the SaaS buying process. 

However, IT and business managers at financial organisations must recognise that signing up with a SaaS specialist doesn’t mean you pass on storage responsibilities to the cloud provider. When it comes to regulatory compliance, it’s up to the end customer to ensure data is backed up safely and securely, not the cloud provider. 

So, while your SaaS partner maintains the cloud provision, your business is responsible for everything it puts in the cloud. There must, therefore, be senior managers engaged from the start of the contractual process and for them to consider the range of services the business is buying and ask the following pertinent questions:

Does the team at your organisation pour over every detail of the terms and conditions when it signs up to a new cloud relationship? Or do they simply click ‘accept’ when it comes to the legal agreement, much like a consumer might do when purchasing a new service online? If that situation sounds familiar, then it’s time to act. 

Senior IT managers at financial organisations must think carefully about the implications of the SaaS deals their organisations are signing. Crucially, they must ensure the systems and services they use abide by legal mandates, including the General Data Protection Regulation (GDPR).

Streamline data management processes for your organisation

Data storage isn’t your only concern when you move to a cloud provider. Another key issue is retention. Once you pay for a SaaS service, you might assume data is retained by the provider for as long as you are signed up with the provider. However, that’s not necessarily the case.

Policies and procedures for data retention vary significantly between providers and across product ranges. While some providers offer enterprise-level deals that give longer periods of retention, some services only retain deleted data for 30 days. That might sound like a reasonable timeframe, but what about if someone deletes information unknowingly and your company needs the data months later? 

Financial organisations can't really afford to take a risk on data storage and retention, but rather they require the mechanisms to help ensure data is stored, retained and secured, even in the worst-case scenario such as a ransomware attack. The answer is to work with a dedicated Data Security SaaS partner.

When selecting a provider, prioritise simplicity in your data management processes. Seek out a partner that seamlessly integrates three essential security capabilities within a single SaaS solution: threat detection, data classification, and cyber vaulting/data isolation. By harnessing the power of these combined capabilities, customers can effectively safeguard, identify potential threats, and swiftly recover their data in the face of a cyber attack.