The importance of independent SaaS data protection

Keepit, renowned for its vendor-independent, cloud-based data protection solutions, recently unveiled the findings of its survey titled "Overlooked and under-protected: How the SaaS data gap threatens resilience". The research underscores a significant concern: a staggering 37% of senior IT decision-makers depend purely on native SaaS backup solutions, potentially exposing their organisations to data loss and operational disruptions.

The survey, conducted in April and May 2025 by Foundry for CIO MarketPulse, received responses from over 300 IT leaders across the US, Europe, and Asia-Pacific. Their insights reveal an imperative for independent, immutable backups to ensure business resilience, highlighting potential vulnerabilities within current data protection strategies.

Key findings of the report include:

• 37% of businesses rely solely on SaaS applications' native backup capabilities, exposing them to risks.
• 11% could face recovery periods extending to a month or more, or even permanent data losses.
• 61% recognise the necessity for physically segregated storage for modern SaaS data protection.
• Nearly half (49%) experienced a major data loss event within the last year.

The alarming reliance on native SaaS backups—which typically operate under a "shared responsibility" framework—emphasises the need for third-party solutions. This approach ensures data remains protected even if access to the vendor or the user's account is lost, marking it as a recommendation by the SaaS vendors themselves.

The increasing complexity of today's threat landscape demands robust, resilient infrastructure. Data and digital sovereignty are becoming central to this conversation, prompting organisations to scrutinise vendor architecture, reliance on global hyperscalers, supply chains, and compliance with regulations.

Surveyed IT leaders pinpointed several critical requirements for effective modern backups:

• Physically segregated storage (62%): This ensures data independence from the SaaS provider's environment, safeguarding against platform or regional disruptions.
• Immutable, encrypted storage (59%): With end-to-end encryption, immutability offers protection from tampering or unauthorised deletion, integrated at the architecture level.
• Advanced granular access and deletion controls: Essential for compliance with GDPR and regulations like the Digital Operations Resilience Act (DORA), ensuring precise retention and deletion practices.

As emphasised by industry experts, relying solely on native backup solutions falls short in today's digital environment. Protecting data independently and immutably, while adhering to sovereignty standards, is imperative. This control isn't merely an IT choice—it's a business necessity.