Data Backups with SaaS Applications

When evaluating SaaS applications for use within your business, one of the questions that you should be concerned with is backup and availability of data. There are two sides to this when you look at SaaS applications: On one hand you want to know, does the SaaS vendor backup your data and have a disaster recovery plan? And on the other hand you need to know if you have access to that backup data or the ability to export all of your data?

Since these applications are hosted in data-centers that are managed by someone other than you, and that company is focused on running a great hosted application it is pretty much a given that they are backing up their data centers and including your data. They most certainly also have a decent disaster recovery plan where they can be back up and running in short time. It is pretty likely that many SaaS vendors can do a much better job of backing up and restoring data and applications as well as recovering from a disaster than most small and medium sized businesses could do themselves. It is something that SaaS vendors live and breathe and their business models are dependent on doing it well. When looking into this in more detail you will find backup policies listed in the FAQ's or Service Contracts for these applications, for example a quick search on Salesforce.com reveals the following backup policy:

3 global data centers & disaster recovery

Salesforce.com’s three state-of-the-art data centers feature carrier-class bandwidth and the latest infrastructure already configured to serve 1.5+ million subscribers. The facilities are linked through a dedicated OC-48 backbone, providing real-time failover and point-to-multipoint replication as well as disk-to-disk-to-tape backups. They include biometric scanning, "lights out"/opaque cages, video and infrared surveillance, intrusion-detection scanning and security audits.

The salesforce.com backup policy

· All networking components, SSL accelerators, load balancers, Web servers, and application servers are configured in a redundant configuration.

· All customer data is stored on a primary database server that is clustered with a backup database server for redundancy.

· All customer data is stored on disk storage that is mirrored across different storage cabinets and controllers.

· All customer data, up to the last committed transaction, is automatically backed up to a primary tape library on a nightly basis.

· Backup tapes are immediately cloned to a second tape library to verify their integrity, and the clones are moved to secure, fire-resistant, off-site storage on a regular basis.

· Disaster recovery plans are in place.

- http://www.salesforce.com/platform/cloud-infrastructure/recovery.jsp

This gives you a good feeling that Salesforce is taking good care of your data and not too much is going to happen to it. If something goes down you're probably not even going to notice. 37Signals has something similar for their well known products Basecamp and Highrise. They want you to feel comfortable with their backups as well as the security of your data:

We protect your data

All data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

Sophisticated physical security

Our state-of-the-art servers are protected by biometric locks and round-the-clock interior and exterior surveillance monitoring. Only authorized personnel have access to the data center. 24/7/365 onsite staff provides additional protection against unauthorized entry and security breaches.

Full redundancy for all major systems

Our servers — from power supplies to the internet connection to the air purifying systems — operate at full redundancy. Our systems are engineered to stay up even if multiple servers fail.\

- 37 Signals Website

You'll find these same types of descriptions on almost all SaaS vendor sites for their products, touting how well they manage your data and security for you and how well they have planned for disasters of their data centers.

The thing that is consistently missing from all of the SaaS vendors sites is information on how you as a customer can access these backups in the event that you need to. Things as simple as accidentally deleting files or data from their site, or just the need for a bulk data download so that you can access data and files offline while you're on the plane. If you are needing to do integration between these online applications and other internal IT infrastructure, can you get at that data or do you have to write custom integrations for everything? And what do you do if you just want to clear out some older, stale data and files that are taking up space in your account, you can't just delete them as you may need them for future reference or in case of an audit. This is not the core business of these SaaS vendors and it is not something that is in any standard contract that will be offered, so if you need this type of service it is something you need to negotiate with the vendor (and pay handsomely for), or you will need to do a custom integration yourself to get at the data and files you want. Or investigate 3rd party tools that can provide these data extraction integrations for you.