April 04, 2022
What Is SaaS (Software as a Service)?
SaaS stands for “Software as a Service” and is a cloud-based IT service. It is an on-demand software that can be accessed by the user via an internet connection. Saas is one of the most popular ways to provide business software to consumers thanks to its many benefits, including scalability, low cost, and ease-of-use.
As businesses have shifted from office-based to remote work, leveraging SaaS platforms has been key to keeping businesses running. However, with this increase in remote workers comes an increase in security risks due to the lack of secure infrastructure of a corporate office. To help managed service providers (MSPs) protect remote workers from potential cloud data loss, we have compiled this useful guide.
Read on for a deep dive into SaaS and how you can protect yourself from potential security threats.
SaaS vs traditional software
SaaS is a software distribution model where the software and its data are centrally hosted. This model offers benefits to customers by providing a more stable environment and making it easier for them to maintain their software.
Traditional software is typically installed on a customer’s own computers and managed by that customer. It provides more control over the environment, but it also means that the customer has to install updates, manage backups, and install new hardware if necessary.
Common examples of SaaS companies
There are thousands of SaaS software vendors to choose from, but the more popular ones include:
- Google Workspace
- Microsoft 365
These companies are leading examples within the SaaS industry and have come to define the framework of successful Software as a Service companies. However, it's always worth investigating who has liability for what when it comes to choosing a SaaS Vendor. We put together a few top tips from Managed Service Providers on what to look for.
Types of SaaS solutions
- Accounting Software
- Billing and Invoicing Software
- Customer Relationship Management (CRM) Software
- Email Marketing Software
- Enterprise Resource Planning (ERP) Software
- Marketing Automation
- Project Management Software
- And more
SaaS tools are primarily involved in key business functions and often contain sensitive data. As a result, they are also prime targets for cyber attacks and hackers.
What to look for in a business SaaS solution
When it comes to looking for the right SaaS technology to protect your clients’ data it's essential to make sure it fits your purpose. Here are five key elements to look out for:
Know who is liable for what SaaS providers ensure they won’t lose your customers’ cloud data with built-in redundancy and other high availability measures. However, they do not take responsibility for restoring data if your customers were to lose it. Microsoft calls this the Shared Responsibility Model for data protection.
2. Comprehensive protection
Some SaaS backup solutions only protect email, files, and folders. However, there are solutions available today that offer more comprehensive coverage. When selecting a backup product, look for solutions that offer protection for things like contacts, shared drives, collaboration and chat tools, and calendars. SaaS protection solutions that offer this type of coverage are far more effective at maintaining business continuity than less robust offerings.
Recovery point objective (RPO) and recovery time objective (RTO) are also critical considerations. These metrics refer to the point in time you can restore to and how fast you can perform a restore, respectively. When it comes to backup these are largely dictated by the frequency of backups and what specifically is being protected.
Solutions that offer frequent backups address RPO since they enable you to restore to a recent point in time, minimizing data loss. As noted above, these make restores faster and easier by reducing the amount of manual effort to perform restores. Plus, they enable users to access data in the event of an outage.
Many MSPs serve clients in verticals with significant security and compliance requirements. So, choosing a SaaS protection solution that can address these needs is essential. Look for products that back up data in compliance with Service Organization Control (SOC 1/ SSAE 16 and SOC 2 Type II) reporting standards that can meet clients’ HIPAA and GDPR compliance needs.
Solutions that enable automated retention management to meet compliance standards can reduce the need for manual intervention. This streamlines management and ensures that client data is stored for the right length of time.
5. MSP business growth
No discussion of product evaluation for MSPs is complete without considering profitability. Look for products that have the features and functionality you need at a price point that allows you to build margins on your services. Consider products that offer pricing benefits for MSPs such as sales-based discounting and flexible “pay for what you use” licensing.
As noted above, products that increase efficiency can also grow margin and increase revenue, since they require less manual intervention. You may also want to bundle SaaS protection on top of SaaS services that you already deliver — this has proven effective for some MSPs. This isn’t necessarily part of the product evaluation process, but it’s worth noting when discussing business growth.
Why the SaaS business model is a good fit for managed service providers
Leveraging SaaS services for your clients is a great way to scale your service offerings. Software as a Service solutions are normally delivered by a license subscription model which fits perfectly with the MSP service model. The overall objective is to be able to quote your clients on a per user/per month basis.
SaaS tools present different risks to your clients’ data than traditional software. As a result, you can enhance your service offering further with rsecurity add-ons.
How to ensure SaaS security with a multi-layered security approach
As an MSP you can deliver security as a service as an add-on for SaaS products to ensure that your users are protected.
Shared data responsibility & SaaS backup
Most SaaS providers design their SaaS infrastructure with built-in redundancy and other high availability measures to ensure that they won’t lose your cloud data.
However, if you have deleted data or fallen victim to a cyberattack, the responsibility to restore that data may fall on your shoulders. Microsoft calls this the Shared Responsibility Model. As an MSP your credibility is on the line to be sure that you're protecting your clients’ data no matter who is responsible for a data loss. In your clients’ eyes you are solely responsible for protecting their data.
This is why Datto developed SaaS Protection, so you can take full control of protecting data stored within Microsoft 365 and Google Workspace.
One of the major benefits of SaaS apps is that your data is available anywhere. However, this can also make your data vulnerable to social engineering attacks which attempt to gain your login credentials.
There are a few ways to mitigate this threat. One method is to train end users and your own employees about what to look for in social engineering attacks, such as phishing emails. Another is to activate 2FA, or Two Factor Authentication, login on all SaaS applications — more and more businesses are making this login authentication a requirement for access as attack vectors grow and risks to data increase.
Be cautious of SaaS integrations
On the surface, data integration and streamlining the flow of data across business applications seem like obvious steps. However, as you improve data flow you may also be easing access for hackers or increasing possible vulnerabilities from cyberattacks.
It’s essential to always test and verify every application that you integrate to ensure that you're not increasing exposure to threats.
Advanced Threat Protection for SaaS platforms
Another great way to protect users is with an advanced threat protection (ATP) solution such as Datto SaaS Defense. ATP solutions are designed to stop attacks/malicious emails before users even have a chance to interact with them.
Protecting SaaS data with Datto SaaS Protection and SaaS Defense
With Datto SaaS Defense, MSPs can proactively defend against malware, business email compromise (BEC), and phishing attacks that target Microsoft Exchange, OneDrive, SharePoint, and Teams. With Datto SaaS Protection working alongside SaaS Defense, you are able to backup, protect and recover SaaS data whenever necessary.