How are folks backing up SaaS applications? Office365, Veeva, Netsuite, etc. Do you just trust SOC II reports and assume the SaaS vendor is backing up your data regionally across data centers? I don't trust it. I am trying to build a rock solid DR plan, however we are stuck on this point. thanks
Senior Information Security Manager in Software, 501 - 1,000 employees
There something important to understand about SOC 2 reports, that most people do not realize.When you see PCI, ISO 27001 or similar logo on a vendors web site, that means that are complaint with that specific standard or regulation.
But when you see a SOC 2 logo, all that means is that they have undergone a SOC 2 attestation. Their SOC 2 report could be filled with critical exceptions that you may have significant issues with.
With SOC 2, the expectation is that you will read the report and make a decision. Think of it like a report card. You want to see if the grades are good, or failing.
Content you might like
Cost structure26%
Lack of in-house skills to migrate / deploy / manage workloads on cloud51%
Security / governance compliance concerns18%
Lack of performance or features that you have on-prem but not the cloud4%
771 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.GVP in Software, 10,001+ employees
and would love your thoughtsDirector of IT in Software, 201 - 500 employees
We provide a BaaS solution for our customers.At the same time, we are exploring BaaS solutions for our office 365 to see if it will make more sense than having it in-house
Production45%
Backup65%
Replication33%
Non-production DBs (Dev, Training, QA, etc.)30%
215 PARTICIPANTS
Don't backup Office365 e-mail, calendaring, etc as we have a contract, SLAs, guarantees, a Business Associates Agreement (BAA), SOC II, etc with Microsoft. Similarly with Box.com.
We do have backups performed explicitly of IaaS systems (VMs) in AWS and Azure and backed up across regions.