By Miles Scott, Sr. Partner Solutions Architect – AWS
By Mat Kennedy, Sr. Director of Partner Enablement – Own
By Matt Potts, Pre-Sales Technical Architect – Own

Own Company
Own-Company-APN-Blog-CTA-2024-1

The 3-2-1 backup strategy was originally introduced in 2005 as guidance to photographers on how to store their digital assets; since then, it has become widely accepted as best practice in the realm of data protection. Its use of multiple copies of data, discrete media types, and physical separation of at least one copy of the data provides a robust risk mitigation strategy for safeguarding data that cannot be regenerated, or recreated with ease.

With the ever-growing adoption of software-as-a-service (SaaS) applications, customers need to understand their responsibilities in protecting their data stored in SaaS applications and how they can leverage the same risk-based strategies proposed in 3-2-1 to ensure their data is available and secure.

In this post, we will discuss how Own Company (formerly OwnBackup) enables customers to perform backups of their critical SaaS data and store it securely inside of Amazon Web Services (AWS). With Own, companies can achieve data autonomy, meet their recovery time objectives (RTO) and recovery point objectives (RPO), and extract additional value from that data through their Export to Amazon S3 feature and Own Discover product.

Own is an AWS Specialization Partner and AWS Marketplace Seller with the Storage Competency. It offers leading solutions to help customers back up, secure, and archive data stored in SaaS applications such as Salesforce, Microsoft Dynamics 365, and ServiceNow.

Many SaaS applications, like the three mentioned above, store mission-critical data that could heavily impact businesses if it becomes unavailable or inaccessible. Everything from customer contact info and sales leads to IT service tickets and asset/device management, SaaS data is now more important than ever.

Shared Responsibility in Cloud Security

While it seems obvious that risks are associated with all aspects of information technology, it’s not always understood whose responsibility it is to manage those risks, especially when shared between service providers and consumers.

SaaS providers will often outline the responsibilities of both the provider and the customers in their knowledge base articles or best practices documentation. AWS developed a Shared Responsibility Model for both security and resiliency that helps customers understand what actions they need to take to secure their environment and ensure it’s highly available.

A diagram showing what responsibilities AWS has to ensure security of the cloud and what responsibilities customers have to ensure security in the cloud.

Figure 1 – AWS Shared Responsibility Model for Security.

Some risks to data are managed directly by the SaaS provider as a part of the service they offer. Risks such as infrastructure failure, security patching, and periodic software updates are commonly the responsibility of SaaS providers to protect against. The remaining risks are the responsibility of the end customer to identify, plan for, and develop a mitigation strategy.

One commonly overlooked customer responsibility is the backup of critical data. Typically, SaaS providers do not automatically perform backups of customer data, and customers can choose from low-cost (or sometimes even free) manual data exports, add-on services that the hosting provider charges extra for, or third-party solutions, such as Own.

SaaS Data Recovery Challenges

No matter which solution you choose to leverage, there are a few common challenges you should be aware of when recovering data from or to a SaaS solution.

SaaS solutions often generate large quantities of data that need to be protected. With datasets sometimes reaching multi-TB sizes, for a single point-in-time copy of the data the time it can take to move the data back to the platform needs to be planned for when selecting your approach to SaaS data protection.

In addition to the time aspect, ensuring your backup architecture has a logical understanding of the data schema is another overlooked area. When we think about leveraging a basic data export for a time-sensitive recovery, we often think about trying to reconstruct a database from a bunch of exported spreadsheets.

While it can be used in a pinch to recover a single record, it may not always be an efficient way to bring an entire environment back online, especially when we think about the millions of records and thousands of tables that make up large, complex SaaS applications.

On top of all that, enterprise SaaS applications can be heavily customized to optimize specific business processes. This customization, however, can lead to additional obstacles in recovery using custom fields and attributes, further complicating and delaying recovery.

Another major challenge is how your backup architecture will work with global regulations, such as the European Union’s General Data Protection Regulation (GDPR). Under the GDPR, individuals have the right to be forgotten, allowing them to request their personal information be removed from an organization’s records. If one of these requests is deemed valid, organizations are required to act quickly and remove customers’ data within weeks of the request.

With retention periods for most critical data backups lasting longer than expectations set under regulations like GDPR, companies need to understand not only how backup systems store, process, and recover data, but also how specific data can be purged ahead of its scheduled retention cycle.

Own helps SaaS customers address these challenges and others, through its innovative backup and recovery solution.

How Own and AWS Can Help You

Using Amazon Simple Storage Service (Amazon S3), Own provides customers with independent and durable backup copies of their SaaS data. Designed to provide 11×9’s of data durability, Amazon S3 provides Own and customers an optimal storage location for backups of SaaS data.

Amazon S3 is designed to meet this high level of durability by ensuring all data is created and stored across at least three different AWS Availability Zones (AZs) within any given region.

Restoring SaaS data can be complicated, with relationships between objects and associated automations. Understanding these key elements is critical to performing a restore quickly and carefully, so you don’t make the situation worse. Own’s precision repair capability allows for surgical repair by selecting a subset of records and fields to protect valid changes in the data while repairing mistakes.

Attempting to restore from CSV files requires an understanding of the object model and relationships in the metadata. Restoring individual records does not repair relationships between child records and lookups. Since Own protects both data and metadata, the Recover application will simplify a restore by previewing any parent object with all relationships automatically detected.

The other added benefit of Own is providing a true independent environment for your backups. Getting back to the ‘1’ in 3-2-1, ensuring at least one full copy of your backups are offsite, and truly independent, adds another layer of protection for your data during disaster recovery scenarios.

Having an independent copy of your SaaS backup data also allows you to leverage that data for other business purposes, such as driving insights and decisions.

Because Own has already captured the data via the backup process, you don’t need to re-extract it from the SaaS application. This saves time and resources, including not having to make additional API calls and constraints on the SaaS app.

As Own is backing up every field, for every record, for every object/table, every day, there is a wealth of data that can be used for various analytics scenarios. One such use case is time-series analytics (since there’s a snapshot of the data for each day in Own).

This unlocks the potential to answer questions such as:

  • How has my sales pipeline trended and evolved over time?
  • What did the mix of open/in-progress/closed customer service cases look like on a particular date or time in the past?
  • How has a record changed over time (which fields changed, how, and when)?

Own offers two ways to access the backup snapshots and their data for such use cases.

Export to Amazon S3

With this option, you can schedule the export of data from Own (Own’s Amazon S3 bucket) to your S3 bucket in your AWS account. For example, after each day’s backup is completed, move a copy to your S3 bucket. You can then use the appropriate AWS services to access, transform and visualize the data in your S3 bucket as required.

This could include Amazon Athena and AWS Glue to query the S3 data and then visualize it in Amazon QuickSight.

A diagram describing Own Recover's 'Export to S3' feature and data workflow.

Figure 2 – Own Export to Amazon S3.

Own Discover

An alternative to the previous option is to use Own Discover, which is a fully managed service to directly query the backup snapshots with zero development effort or infrastructure needed. Discover offers common SQL and OData endpoints to connect to your data in analytics tools such as Amazon QuickSight.

A diagram showing how Own Discover can integrate with AWS services for data analytics use-cases.

Figure 3 – Own Discover.

The other major benefit of accessing the repository of data snapshots in your backup is that it acts as a rich source for artificial intelligence (AI) and machine learning (ML) model training, such as in Amazon SageMaker and Amazon SageMaker JumpStart.

With Amazon SageMaker and Own Discover, you can unlock your historical SaaS data to build models to provide probabilistic based guidance on things such as customer churn, sales revenue, and potential growth areas. You can also experiment with generative AI technology through SageMaker JumpStart, with access to pre-trained foundational models and hundreds of built-in ML algorithms that support common use cases.

Conclusion

With the ever-growing adoption and business importance of SaaS, now is a great time to reassess your SaaS backup strategy. Own’s product line can help protect your SaaS data by enabling data autonomy, reducing barriers for you to meet your RPOs and RTOs, and uncovering business insights with the help of Amazon’s artificial intelligence and machine learning services.

To learn more, visit owndata.com/solutions-aws or check out a free trial of Own for Salesforce, which is available in AWS Marketplace.

.
Own-Company-APN-Blog-Connect-2024
.


Own Company – AWS Partner Spotlight

Own is an AWS Specialization Partner that offers leading solutions to help customers back up, secure, and archive data stored in SaaS applications such as Salesforce, Microsoft Dynamics 365, and ServiceNow.

Contact Own | Partner Overview | AWS Marketplace