What is SaaS backup and recovery?
Explore IBM Storage as a Service
Person's hands at a laptop computer

Published: 20 February 2024
Contributors: Phill Powell, Ian Smalley

What is SaaS backup and recovery?

SaaS backup and recovery is a two-part data management process that includes successfully backing up Software-as-a-Service (SaaS) application data and recovering it in the event of a data loss.

SaaS, or software-as-a-service, is application software hosted on the cloud and used over an internet connection via a web browser, mobile app or thin client. In fact, very few business applications have not used SaaS as a delivery model at some point. Some of the most popular application categories that utilize SaaS include the following:

  • Messaging software
  • Office software
  • Development software
  • Payroll processing software
  • Learning management systems
  • Human resource management
  • Accounting

Each of these types of apps benefits from a SaaS platform’s flexibility and ability to support data retention goals through the steady functionality of a cloud service (whether via a dedicated, private cloud, over a public cloud, or through a combination in a hybrid cloud), including the use of regular cloud backups.

How Can I Use Storage as a Service to Reduce IT Spend?

Many organizations are pivoting their IT infrastructure toward flexible consumption models in which they only pay for the resources they consume.

Related content

Subscribe to the IBM Newsletter

Cybercrime’s growing threat

Cybercrime is becoming a larger and more prevalent problem in the world, and no one understands that better than those tasked with ensuring an organization’s ongoing data protection. There was once a simpler time when a data security staffer would mostly wrestle with lost data issues resulting from on-premises issues, such as power-supply outages, disaster recovery and human error (accidental deletion).

Now data recovery is significantly more problematic because it must be able to withstand the efforts of some of the most technically sophisticated criminals to ever operate. The most recent findings show that 2023 ransomware attacks rose to USD 1.1 billion—a new record high. 1 Further, these same figures indicate that despite law enforcement’s best efforts, criminal innovation is proving more robust and resilient.

A quick look at these same figures shows how they can shift dramatically from year to year. For example, it’s been calculated that ransomware attacks generated USD 983 million for the year 2021, but the next year saw a substantial drop in those illicit revenues, with 2022 only generating USD 567 million. 2 Then, in 2023, cybercriminals bounced back strongly by posting their largest ransoms ever.

Beyond financial losses, organizations can lose plenty of other valuable assets due to cyberattacks, including efficiency sacrificed to increased downtime and a potential loss of their company reputation as a responsible steward of customer data. Similarly, SaaS providers to those companies can also forfeit customer trust, if service providers come to be seen as supporting a vulnerable platform or supplying SaaS products and SaaS solutions that can’t protect an organization’s data or its workloads.

Types of cyber threats

To ensure business continuity, the modern backup and recovery solution needs to counter numerous threats and damage inflicted by various bad actors, who use an ever-expanding number of techniques to extort and/or paralyze companies around the world:

  • Malware: Malware is piece of software containing one or more viruses that infect(s) an organization’s computer system from within.
  • Data breaches: A data breach is when all or part of an organization’s holdings are revealed to the public, including critical data (which is a company’s most sensitive and important information). Data breaches can include granular data (which is sliced into subcategories and studied at a “granular” level). In an IBM study about the cost of data breaches, the figures for the year studied (2021) demonstrated a marked difference in the amount of costs suffered by companies that used security artificial intelligence (AI) and automation versus companies that did not.
  • Ransomware: With ransomware, a criminal enterprise gains control of a company, freezes part of its business operations and then demands a ransom be paid before the organization’s computer functionality is returned to normal.
  • Cyberattacks: A cyberattack can refer to any intentional outside disruption of a company’s business. Although it’s generally assumed that most cyberattacks are driven by the lure of criminal profit, that’s not always the case. Cyberattacks can be rooted in extreme philosophical differences or other non-monetary motivations. Cyberattacks can also come from foreign interests who wish to disrupt commerce and other normal operations (such as power-grid functionality) within other countries.

Proper data security measures begin with effective authentication protocols and access controls, to ensure only authorized personnel have access to the organization’s site and its data.

What is SaaS backup?

SaaS data protection measures begin with a properly implemented SaaS backup solution. This involves archiving all the data a company may get and have within its SaaS apps, including data backup created while using any of the following:

  • Jira
  • Microsoft SharePoint
  • Salesforce
  • Dropbox
  • Microsoft Office 365
  • AWS
  • Box
  • Google Workspace (formerly G Suite)
  • Microsoft Azure Batch

Backup schedules may vary according to individual company needs and their own unique retention policies, but overall, maintaining the frequency of daily backups of essential data is key to a well-coordinated backup strategy. For this reason, most organizations opt to apply automation to backup data to facilitate regularly automated backups. They may even enlist the help of a dedicated backup service like Dropbox Backup, CrashPlan or Microsoft OneDrive if they’re not already backing up their cloud data in established data centers.

There’s now considerably more legal pressure on companies to protect their data, including stricter new guidelines that protect consumer rights as they relate to data. In the United States, the State of California’s sweeping California Consumer Privacy Act (CCPA) gives teeth to data privacy enforcement protocols. The CCPA (enacted into law in 2020) was based on the General Data Protection Regulation (GDPR) of 2018, implemented to protect European citizens and their data privacy rights. Both of these measures apply hefty fines to breaches of data security protocols.

What to look for in a SaaS backup solution

There are numerous vendors offering SaaS backup solutions. Regardless of which vendor you select, however, the following qualities should be on your SaaS backup solution wish list:

Daily backups

The backbone of your backup solution, daily backups are essential. Having daily backups is your best defense against both external disruptions (ransomware attack) as well as internal problems (such as an accidental deletion that occurs through human error).

Point-in-time backups

Designate an exact time in the past and recover everything to that point. Point-in-time backups are usually data engineers’ first destination following data loss events.

Granular-level data recovery

Your organization will likely benefit from a SaaS backup solution that offers granular data recovery, which lets you zero in on focus areas of particular interest.

Fair pricing

As stated, there are many vendors offering SaaS solutions, so it’s in your best interest to shop around. With any luck, your organization can find the right blend of functionality at a reasonable price. Key question: Will your backup service ensure that your SaaS data is always accessible and/or recoverable?

Ease of use

SaaS backup solutions vary widely and that includes their complexity. Your organization is developing SaaS backup and recovery solutions in order to make your life easier, so it’s completely counter-productive to invest in a solution you can’t understand. Along with being simple to understand, your backup solutions should be extendable with upgrades.

Data retention and compliance policies

Many of today’s leading companies look for SaaS backup solutions that let them set data retention policies in order to better meet that company’s rules about compliance.

Enterprise cloud data

Your SaaS backup solution should safeguard enterprise cloud data, including business-critical data, on platforms such as Microsoft365 and Google Workspace.

Support for multiple platforms

Imagine finding one solution that can handle all of your data, regardless of platform. Can it handle all your various infrastructure and app needs (including OneDrive, Dropbox, Jira, Salesforce and Microsoft Teams)?

Automated data backups

The greatest thing about automation is that its systems are always paying attention, even when workers aren’t. That’s what makes it a must-have for organizations shopping for SaaS services. The goal: To ensure “set-and-forget” backup schedules.

What is SaaS recovery?

Despite a company’s best intentions and its consistent use of backup software and backup tools, data-loss events can and do still occur. Should these incidents happen, the organization(s) impacted must take immediate action and assume a very proactive security posture.

Hopefully, they will already have taken proper action before it becomes necessary and will have drafted their own SaaS disaster recovery plan. Central to all SaaS recovery operations is creating and perfecting a customized SaaS disaster recovery plan. The term “customized” is used because the plan must reflect that particular organization’s needs and assets as nearly as it can. Disaster recovery solutions are hardly “one-size-fits-all” propositions. They must instead be crafted individually and thoughtfully, or risk being of little value. Meanwhile, the term “perfecting” is offered to underscore the importance of routine testing of SaaS recovery plans.

There are numerous reasons why testing may be the most critically important step in this process. For starters, testing identifies potential problems in the proposed recovery process so that the process can be refined as needed and still be re-implemented before a data disaster strikes.

Likewise, constant testing is the best way to drill employees on the important sequence of procedures that must occur if a data disaster occurs. Regular testing of the plan promotes faster response times by the staff members who must implement aspects of the plan.

Another, almost ancillary, benefit that occurs is that having a well-implemented plan gets everyone in the organization on the same page in terms of data disaster preparation. With a thoughtful plan that’s been thoroughly vetted through constant testing, employees are more likely to know what’s going on during a data emergency—as well as their proscribed roles during such an event.


Among the first things that need to happen is for the company to determine and set its recovery point objective (RPO) and recovery time objective (RTO). These are self-defined limits that the organization (or individual) determines and sets, and they’re likely to be different from one company to another.

  • Recovery point objective (RPO): The RPO is a measurement of how much data an organization (or individual) can afford to lose in a data-loss situation. It’s usually measured using increments of time. For example, a particular company may have decided it can afford to lose access to its data for a period of 30 minutes. It should be stressed that the RPO is not a fixed time for all companies. Instead, it’s a time value that must be decided by each company according to its particular parameters and needs.
  • Recovery time objective (RTO): Likewise, an organization needs to determine its recovery time objective (RTO)—a time value determined by management on how long can pass between the point of failure and the return of standard operations before incurring an unacceptable amount of damage.
Types of recovery solutions

Proper security measures begin with effective authentication protocols and access controls to ensure that only authorized personnel have access to the organization’s site and its data.

There’s a considerable variety of recovery-solution types designed to get your data back up and running in as short a time as possible.

Point-in-time recovery (PITR)

This popular type of recovery sees the data administrator using software to return to the configuration used at a previous point in time deemed safe by the organization (which is usually the last day before a data-loss incident occurred).

Backup snapshot

The other main method of data protection involves snapshots, which are exact and complete copies of data. At routine intervals, data is copied and these copies are transferred to another device, as a safeguarding protection against file corruption or data loss.

Disaster Recovery as a Service (DRaaS)

With DRaaS solutions, a business may choose to outsource its backup and recovery activities to a cloud service provider that then hosts the backup site should a data emergency strike. DRaaS helps ensure continuity of operations and returns the company to a normal working state through the cloud platform.

Disaster recovery in the cloud

Similar to DRaaS, this approach kicks in when the local data center experiences failure. When it cuts out, the cloud backup system becomes operational. Among recovery solutions, disaster recovery in the cloud offers decreased recovery times, cheaper operation and better resource utilization.

Virtualized disaster recovery

Both quick recovery and real-time backups are made possible through virtual technology that you can use to craft backup and recovery plans. Work across compute, network and storage domains. With virtualized disaster recovery, you can move quickly from disaster to recovery.

Related solutions
IBM Storage as a Service

Get the performance, capacity, and agility your data needs, all delivered as a service.

Explore IBM Storage as a Service

IBM storage data backup and recovery solutions

Shift your enterprise backup and recovery processes into overdrive with IBM Storage solutions for on-premises and cloud workloads. Help ensure ongoing business continuity as you safeguard your data with the latest cybersecurity capabilities.

Explore IBM storage data backup and recovery solutions

IBM FlashSystem

Minimize the potential for operational disruptions and isolate workloads from ransomware attacks and other cyber threats. Add speed to your cyber-resilience posture, so your company can suffer less loss and return to normal operations faster.

Explore IBM FlashSystem
IBM Storage Protect

Bring power to data backup and recovery with IBM Storage Protect. Discover software that enhances the data resilience of physical file servers, providing extra efficiencies and a scalable solution for governing billions of objects per backup server.

Explore IBM Storage Protect

Resources What is SaaS?

SaaS, or Software-as-a-Service, is application software hosted on the cloud and used over an internet connection via a web browser, mobile app or thin client.

What is backup and disaster recovery?

Backup and disaster recovery involves periodically creating or updating one or more copies of files, storing them in one or more remote locations, and using the copies to continue or resume business operations in the event of data loss due to file damage, data corruption, cyberattack or natural disaster.

What is flash storage?

Flash storage is a solid-state storage technology that uses flash memory chips for writing and storing data, known as input/output operations per second (IOPS).

What is data storage?

Find out basics of data storage, including types of storage devices and different formats of data storage.

What is a cyberattack?

A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or other assets through unauthorized access to a network, computer system or digital device.

What is data security?

Data security is the practice of protecting digital information from unauthorized access, corruption or theft throughout its entire lifecycle.

Take the next step

To map out a cohesive strategy for implementing SaaS backup and recovery, it’s imperative to have the right tools. IBM Storage as-a-Service can help you reduce IT spend by providing a cost-effective, scalable and reliable storage solution. Reduce the need for expensive hardware and software investments, cut maintenance costs and gain predictable pricing for your data storage needs.

Explore IBM Storage as a Service

1 “Ransomware gangs collected record USD 1.1 billion from attacks in 2023" (link resides outside ibm.com), Sam Sabin, 10 February 2024, Axios

Ransomware gangs collected record USD 1.1 billion from attacks in 2023" (link resides outside ibm.com), Sam Sabin, 10 February 2024, Axios