Among SaaS application users, 40% have lost data stored in their online tools, according to a report from Rewind published Thursday, which surveyed 631 SaaS application users.
While 43% of workers say they use four or more SaaS tools as part of their work processes, 45% are unaware of the SaaS application shared responsibility model.
Nearly half (47%) of respondents say the data stored in their SaaS applications was at least "somewhat" critical to do their work.
After a year of redefining business processes, more company data is landing in the cloud through SaaS applications — in some cases after hurried deployments. 2021 brings with it further risk to business data, such as insider threats and data breaches from malicious actors.
It's critical for businesses to understand the associated risks of SaaS application use and how to manage data loss, according to Mike Potter, CEO and co-founder of data protection software company Rewind. Preventing data loss while relying on SaaS applications suggests a three-pronged approach:
Make it difficult for unauthorized people to access business SaaS tools: Businesses should be using complex passwords and two-factor authentication, "yet there are still thousands and thousands of companies not taking the time to put these systems in place," said Potter.
Limit user access based on roles and responsibilities: "Your HR manager should not have access to your source code," said Potter.
Have a backup plan to restore lost data: Businesses often fail to fully understand how SaaS tools save data, and "the misunderstanding can cripple a business for days, sometimes weeks."
Preventing data loss drives essential digital strategies for organizations, which rank advanced data and analytics capabilities atop their priority list.
But first, companies should audit the digital content currently stored in and shared via SaaS applications, according to Tony Pepper, CEO at Egress.
"Particularly when it comes to sharing data, they need to identify where both human error and intentional actions … can put sensitive content at risk," said Pepper in an email. "Organizations also need to assess whether the security measures, if any, built into the applications can really mitigate these risks to ensure that content is shared with the correct recipients and with the appropriate level of security applied to protect data in transit and at rest."