It’s getting riskier every year to give employees access to SaaS data. While people still need to access data to do their jobs, the majority of all data loss incidents are caused by human error. Other causes (technical issues, cyber attacks, malicious actors) can also be attributed to human incidents.
Human error is inevitable, and it is impractical to expect perfection. Most companies use rigorous backup and recovery procedures, effective for data center applications. But workers prefer SaaS applications. Most people use nine or more SaaS apps to do their jobs every day.
With 70% of software used by companies being SaaS, more business-critical data is being stored with SaaS vendors. There’s a large faction of organizational leaders who believe their SaaS vendor protects their data for them. Unfortunately, due to shared responsibility policies, that’s not the case. So how can businesses account for the human factor when it comes to protecting their SaaS data?
How much SaaS data loss is caused by human error?
Debate exists over annual data loss in SaaS services, as vendors seldom share this metric. However, data from a report commissioned by our organization from the ESG group (“SaaS Data Protection: A Work in Progress”) indicates the second most common cause of data loss in SaaS environments is accidental deletion, accounting for 33% of incidents.
Other causes include account closure (29% – also considered human error if the IT team didn’t think to reassign the data to another user), malicious deletion by an employee (23%), and “schema” misconfiguration (20%). Gartner predicts 70% of businesses will suffer an unrecoverable loss of data in their SaaS applications. And currently 60% of business data is stored in the cloud.
Data loss events are either “big” events or “small” events. A big event can be a service outage, a data integration error, or a malicious attack — someone deleting an entire account. Small events are individual user issues, like deleting a customer contact in a CRM. While big events are what get our attention, it’s the small events that make up the majority of incidents and cause the greatest daily aggravation for users and IT teams.
What are the common causes of SaaS data loss from human error?
We know people make mistakes, but what are the root causes? According to research, there are a few common causes that contribute to people making more errors than they should.
- Baseline Human Error Rate
- The typical human error rate for anything is around 4%. Quick fact: people will make between 3–6 errors per hour! Anyone doing any activity with enough time is bound to make an error every now and then. This can increase with fatigue, emotional stress, pressure, multitasking, and more.
- Repetitive manual processes
- Repetitive processes increase the likelihood of mistakes. Repetitive work can make people bored, it can be fatiguing, and that can lead to the mind wandering and being distracted.
- Overcomplicated workflows
- If data entry or manipulation tasks are complex, and require a lot of mental bandwidth, again, errors are likely to increase. Examples might be organizing a folder of data for a government contract bid, or preparing a code release that has to be organized on a project management tool. The more fields of data that have to be managed, the more complex the task.
- User Design Errors
- Some services and workflows are more prone to error due to the way they’ve been designed. A user might click on a button or a menu item that permanently deletes an item when they thought it was going to duplicate it. Or they might overwrite important information in a notes column thinking the system was going to save previous notes. Poorly designed software and workflows can increase error rates.
- Integration errors
- One of the powers of SaaS apps is how easy they can connect to and share data with other SaaS apps. However, this also presents a significant downside. Improperly misconfigured integrations are a large source of SaaS data loss errors, as one service can overwrite data in another.
- Social engineering
- Sometimes, the error the person makes is that they’ve been tricked into providing access to their company’s SaaS data through social engineering and phishing campaigns. An email cleverly disguised to request a ‘login’ or ‘reconnect’ action for integration can be mistakenly perceived as a legitimate request.
The Impact of SaaS Data Loss
SaaS data loss impacts vary from a minor annoyance to a total business shutdown. Should a developer inadvertently delete their task card in Jira, it may result in a minor inconvenience. However, deleting an entire company’s Git repository would be catastrophic – erasing months of development work. The result? Delayed product launches, upset customers, frustrated coworkers, and downgraded financial results.
In the worst case scenario, it can cause downtime, costing the average small business $427 per minute or $9000 per minute for large enterprises. Additionally, data recovery incurs costs, and if impossible, rebuilding and replacing data is time-consuming.
Companies often overlook SaaS data protection in their business continuity plans, despite storing valuable information in SaaS services. That’s something every IT leader needs to address.
How can SaaS data loss be prevented?
Preventing SaaS data loss in the first place is better than being in the position of having to recover it. Part of the responsibility of prevention is on the user, and part of that is an organizational requirement. Here are three proven ways to help people avoid errors.
- Training and Education
Better training is needed for users when it comes to SaaS apps. Many organizations believe the user is responsible for their own training when it comes to SaaS applications. Provide training on proper information entry and error prevention to avoid data loss.
- User Design and Data Validation
Training cannot prevent all errors. In those cases, user design should be looked at to see how it may contribute to user error. Some user design flaws are caused by SaaS vendors themselves, but others are caused by the SaaS customer’s configurations and settings. Even something as simple as the design of a field can help improve data quality. Setting data validation rules restricting user choice or creating pop-ups before a deletion event can help users be more accurate.
- User Access Control
Wherever possible, users’ rights to make destructive choices to data should be limited. Preventing users from deleting records or files without approval should be the default setting. In principle the lowest level of access should be provided unless deemed necessary.
How can lost SaaS data be recovered?
When SaaS data is lost, having options to recover data is vital. Some SaaS vendors have limited built-in recovery options like an undo button, but most changes are usually permanent. Despite vendor policies, shared responsibility means customers must protect their own data. Most SaaS vendor’s terms and conditions recommend customers have a way of protecting their data.
The majority of SaaS apps do allow exports of data from their accounts, but they aren’t true backups. They aren’t too useful for data recovery efforts, they can’t be automatically run, and they are delivered as .CSV files that are sent unencrypted. (A security no-no).
A 3rd party data protection service, like SaaSAssure℠ powered by Asigra, is a better option. SaaSAssure automates data backup, performing it regularly and securely. It provides easy access to account-level data and granular user records, facilitating quick recovery when needed.
Securing Business Viability in a SaaS-Dominated Landscape
In conclusion, addressing the human element in SaaS data protection is critical. With the majority of data loss incidents rooted in human error, businesses must prioritize robust training, intuitive user design, and stringent access controls. Implementing these measures alongside effective recovery strategies, like third-party data protection services, can mitigate risks, ensuring data integrity and continuity. It’s not just about safeguarding data; it’s about securing business viability in a SaaS-dominated landscape.
