COVID-19 Pandemic accelerated a migration to cloud technology for U.S. government offices. A recent study found 56% of federal government offices now use some level of cloud-based solutions and systems, while 49% of state/local governments have most of their systems and solutions in the cloud. While software-as-a-service (SaaS) applications enable tremendous efficiencies and cost savings, they also come with some risk when it comes to data protection and privacy.
Federal agencies must follow the Federal Data Strategy framework which focuses on building a culture that values data, governing, managing, and protecting data, as well as promoting efficient and appropriate data use. Similarly, many states have enacted, or are currently enacting, data privacy laws. To help adhere to these policies, agencies must examine whether the data they gather and store is at risk of exposure. Backing up SaaS data can help them meet data governance and privacy regulations.
The vast majority of organisations backup their on-premise application data. They know how crippling it could be if the data they rely upon to run their missions and perform their services is lost or corrupted. However, it is not the case with SaaS application data. According to a study, 33% of IT professionals believe SaaS-based applications don’t need to be backed up, with 37% relying solely on the SaaS vendor to back up the data. However, when the vendor is keeping an agency’s SaaS app running, it does not automatically mean it is protecting the data.
Many SaaS vendors operate under a shared responsibility model. They are obligated to protect the application itself, but they are not responsible for safeguarding the data housed inside of it which is the users’ responsibility. After a service failure or end-users unwittingly change or delete data, then organisations finally realise critical data is gone and cannot be recovered.
As much as 45% of federal and 52% of state and local offices are already storing citizen and mission data in the cloud. One key way they can mitigate data risk, improve control over data access and enhance compliance is by backing up SaaS app data directly into their own services or cloud storage environment, instead of the SaaS app or backup vendors’ infrastructure.
Capturing information about who made data changes is also important. This includes not only who the people are, but also where they were located, their IP address, the device they used to access data, and so on. This is key for maintaining a digital chain of custody for data and enabling traceability and auditing.
The data that government offices generate in SaaS applications has value beyond the applications themselves. Government employees and contractors often need to tap into that historical data for other analytical purposes and use cases.
Many organisations use application programming interfaces (API) to provide direct access to that data so users can copy it into other systems and applications. However, not only are APIs time-consuming to maintain, but when too many users use them, agencies hit their API limits and have to pay SaaS vendors more for continued access.
Moreover, many agencies do not even know how many copies of data are made or where they reside. This quickly becomes a security and data management failure which can result in violation of data privacy regulations, such as the right to be forgotten.
However, by centralising backed-up SaaS data in a cloud data lake that they own, agencies can create pools of data for authorised users. IT teams can then use cloud-native tools that plug into the lake, automatically streaming data into applications and systems that can be tracked. Backing up SaaS data is extremely important. By capturing data at high frequencies in a cloud data lake they own, federal, local and state governments can better protect their data while maximising the value they get from it.
