TDWI | Training & Research | Business Intelligence, Analytics, Big Data, Data Warehousing

How to Address the Ransomware Threat to SaaS Data

Protecting SaaS data is no easy task, but these three simple steps will help you get started.

• By Rémy Claret
• November 18, 2022

Modern businesses depend on digital technologies and increasingly the software and data they depend on to run even their day-to-day operations is no longer on premises but rather in software-as-a-service (SaaS) solutions. Critical SaaS applications now include everything from CRM platforms to office suites and even ERP platforms.

For Further Reading: Top 5 Security Actions Every CEO Should Take Why Data Protection Requires a New Level of Resolution Executive Q&A: Data Management Best Practices for Changing Times

However, despite how much even very large organizations rely on these SaaS platforms and the data they hold, there’s still a large gap in data protection vis-à-vis traditional, on-premises data. It’s shocking, but a significant number of large organizations assume—not without reason—that the SaaS provider will protect their data from cybercriminals. SaaS vendors have a vested interest in providing a secure infrastructure, and most invest heavily to ensure that their services are not compromised.

Nearly all SaaS providers operate on a shared responsibility model in which the provider takes responsibility for the infrastructure, but customers are ultimately responsible for their data. With so much enterprise data moving into SaaS platforms, cybercriminals -- who are ultimately opportunists -- are now frequently targeting SaaS data.

Survey: More Than Half of Ransomware Attacks Target SaaS Data

Odaseva recently conducted a global survey of decision makers who work with enterprise data, and 51 percent of them said their SaaS data had been targeted in a ransomware attack within the last year. What’s more, in more than half (52 percent) of these attacks, cybercriminals succeeded in encrypting SaaS data, a higher success rate than they had for on-premises, cloud, and endpoint data.

The survey results show that organizations are not protecting SaaS data as strongly as they are other categories, given that SaaS data was encrypted more often. That’s not all the results show -- there’s also a huge gap in how much data organizations were able to recover. Organizations were least likely to be able to recover all of their SaaS data following a successful ransomware attack, with just 50 percent saying they were able to do so. With traditional on-premises data, 81 percent said they were able to fully recover everything.

Given that less than three in 10 (28 percent) of the data decision makers surveyed said they were “very confident” that they could recover after a successful ransomware attack on their SaaS data, these results are not surprising. In fact, just 43 percent of respondents said that their organizations backed up all their SaaS data. That leaves 57 percent of respondents with unprotected SaaS data, which is far, far too many.

Defending Against Ransomware Attacks on SaaS Data

Protecting SaaS data, however, is not a simple task. Unlike on-premises data, IT does not control the software or systems in which their SaaS data is housed, so they must rely on APIs to back up and restore. These APIs have different functions and capabilities; some data can only be read by one API, and can only be written by another. These APIs have hard caps on how much they can be used by a single customer over a 24-hour period to ensure that everyone has access, and, of course, they’re vital for many other functions aside from data protection. Managing their use is extremely complex, and this is just one of the many intricacies of SaaS data protection.

The first step is to ensure that access to SaaS data is properly secured. It’s extremely unlikely that SaaS data will be successfully compromised by cybercriminals via an attack on the SaaS infrastructure itself. More likely, it will involve compromised credentials, API leaks, or malware. Do not rely on a simple username and password for access. Passwords can be cracked by brute force tactics or even guessed, if a user has created one that is particularly weak. They can also be compromised through malware and phishing attacks. Simply put, they are a single point of failure. Instead, organizations should use multifactor authentication for SaaS data access.

Next, organizations need to audit their SaaS applications and data so they have a clear understanding of what’s mission-critical and what needs to be protected. With this understanding, organizations can find a secure service that meets their recovery time and recovery point objectives (RTOs and RPOs).

There are three basic options.

• Free solutions do exist, but these can be time-consuming to implement, typically come with either minimal or no support, and are meant to handle low volumes and simple data structures.


• Developing a solution in-house is also not a good choice for most organizations if a market solution exists. Certainly, this option provides maximum flexibility and control, but very few organizations have the skills and expertise to build a solution that can protect all the data while meeting RPOs and RTOs. Even if they do possess the requisite skills, building the data protection solution will still be a complex, expensive task. It may be difficult to justify dedicating the necessary internal resources if a strong market solution is already available.


• A market solution from a third-party with specific expertise in the SaaS platform enables internal resources to focus on projects that increase value to both customers and employees while providing strong protection.

Finally, SaaS data backups must be encrypted, both in transit and at rest. After all, the information contained within these backups is valuable or the organization wouldn’t likely bother protecting it. Encryption will protect that data in the event an unauthorized party is able to gain access to the backups.

A Final Thought

Ransomware is no longer just a threat to on-premises data. The more organizations depend on SaaS platforms, the more cybercriminals will target them for attack. IT must take stronger measures to protect it.