How are folks backing up SaaS applications?  Office365, Veeva, Netsuite, etc. Do you just trust SOC II reports and assume the SaaS vendor is backing up your data regionally across data centers? I don't trust it. I am trying to build a rock solid DR plan, however we are stuck on this point. thanks

1.3k views2 Comments

Principal Information Security Officer in Education, 10,001+ employees
In the case of highly critical SaaS & PaaS applications, we have extracts from database and back them up in case of catastrophic failure (or in the event we may need to restore and transfer the data -- e.g. to a different ERP system, etc.).    

Don't backup Office365 e-mail, calendaring, etc as we have a contract, SLAs, guarantees, a Business Associates Agreement (BAA), SOC II, etc with Microsoft.  Similarly with

We do have backups performed explicitly of IaaS systems (VMs) in AWS and Azure and backed up across regions.
Senior Information Security Manager in Software, 501 - 1,000 employees
There something important to understand about SOC 2 reports, that most people do not realize.


When you see PCI, ISO 27001 or similar logo on a vendors web site, that means that are complaint with that specific standard or regulation.


But when you see a SOC 2 logo, all that means is that they have undergone a SOC 2 attestation. Their SOC 2 report could be filled with critical exceptions that you may have significant issues with.


With SOC 2, the expectation is that you will read the report and make a decision.  Think of it like a report card. You want to see if the grades are good, or failing.

Content you might like

Cost structure26%

Lack of in-house skills to migrate / deploy / manage workloads on cloud51%

Security / governance compliance concerns18%

Lack of performance or features that you have on-prem but not the cloud4%


3.1k views1 Comment

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
44.6k views132 Upvotes320 Comments

Director of IT in Software, 201 - 500 employees
We provide a BaaS solution for our customers.
At the same time, we are exploring BaaS solutions for our office 365 to see if it will make more sense than having it in-house

845 views2 Upvotes1 Comment




Non-production DBs (Dev, Training, QA, etc.)30%


1.5k views1 Upvote