How are folks backing up SaaS applications?  Office365, Veeva, Netsuite, etc. Do you just trust SOC II reports and assume the SaaS vendor is backing up your data regionally across data centers? I don't trust it. I am trying to build a rock solid DR plan, however we are stuck on this point. thanks

Backup & Disaster Recovery
1.3k views2 Comments
Principal Information Security Officer in Education, 10,001+ employees
In the case of highly critical SaaS & PaaS applications, we have extracts from database and back them up in case of catastrophic failure (or in the event we may need to restore and transfer the data -- e.g. to a different ERP system, etc.).    

Don't backup Office365 e-mail, calendaring, etc as we have a contract, SLAs, guarantees, a Business Associates Agreement (BAA), SOC II, etc with Microsoft.  Similarly with Box.com.

We do have backups performed explicitly of IaaS systems (VMs) in AWS and Azure and backed up across regions.
Senior Information Security Manager in Software, 501 - 1,000 employees
There something important to understand about SOC 2 reports, that most people do not realize.

 

When you see PCI, ISO 27001 or similar logo on a vendors web site, that means that are complaint with that specific standard or regulation.

 

But when you see a SOC 2 logo, all that means is that they have undergone a SOC 2 attestation. Their SOC 2 report could be filled with critical exceptions that you may have significant issues with.

 

With SOC 2, the expectation is that you will read the report and make a decision.  Think of it like a report card. You want to see if the grades are good, or failing.

Content you might like

What's the top friction point to move to the cloud in your enterprise?

CloudApplications & PlatformsGovernance, Risk & Compliance+25 more

Cost structure26%

Lack of in-house skills to migrate / deploy / manage workloads on cloud51%

Security / governance compliance concerns18%

Lack of performance or features that you have on-prem but not the cloud4%


771 PARTICIPANTS
3.1k views1 Comment

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
44.6k views132 Upvotes320 Comments

From a customer perspective, how does an IPO or fundraising event change your perception or expectations of a vendor? Are there certain thresholds (i.e. Series C) that you take into account?

People & LeadershipStrategy & ArchitectureCloud+37 more
GVP in Software, 10,001+ employees
 and  would love your thoughts
Read More Comments
2.4k views4 Upvotes3 Comments

Do any of you use Backup as a service (BaaS) solution?  If yes, who is your partner & is the vendor part of your BCP plan?  How do you define RTO & RPO if you are using BaaS service? Note: We are totally into serverless computing. 

Vendor/Product AssessmentBackup & Disaster RecoveryServerless
Director of IT in Software, 201 - 500 employees
We provide a BaaS solution for our customers.
At the same time, we are exploring BaaS solutions for our office 365 to see if it will make more sense than having it in-house
1
845 views2 Upvotes1 Comment

Which components of the Oracle Database environment do you plan to move to the cloud? (Select all that apply)

CloudApplications & PlatformsData & Analytics+7 more

Production45%

Backup65%

Replication33%

Non-production DBs (Dev, Training, QA, etc.)30%


215 PARTICIPANTS
1.5k views1 Upvote