Cloud Data Protection: The Key to Digital Transformation and Compliance

Digital transformation has become a mantra for government agencies, as federal, state, and local levels look to digitize their data and processes to enhance efficiencies and accuracies. The pandemic pushed many organizations to accelerate these efforts and move more quickly into the cloud. A recent FedRAMP study found that 49 percent of state and local governments now have most of their systems and solutions in the cloud, while 56 percent of federal government offices use some cloud-based solutions and systems.

The Importance of SaaS Applications

Cloud, or Software-As-A-Service (SaaS), applications are becoming increasingly integral to daily operations. They’re where interactions take place, actions happen, and history is made. According to ESG, SaaS accounts for 32 percent of an organization’s mission-critical applications. Perhaps this is one reason the General Services Administration is considering a multiple-award blanket purchase agreement that would make SaaS, Platform-As-A-Service (PaaS), and Infrastructure-As-A-Service (IaaS) available to all levels of government.

The historical information SaaS apps contain is so vital that many government employees and contractors need access to it for purposes outside of the app itself. To enable data reuse, IT teams create and maintain APIs that allow for direct access to the app. However, this is time-consuming and costly — and can degrade app performance overtime.

Safeguarding SaaS Application Data

As reliance on SaaS applications, such as Salesforce, grows, agencies must pay special attention to protecting the data that resides in them. Federal and state acts and regulations shine a spotlight on this. For example, the Federal Data Strategy framework lists “Governing, Managing, and Protecting Data” as a major focus.

Where data is stored is critical to how accessible, secure, and auditable it is. With SaaS applications, agencies’ data resides in the vendor’s infrastructure. The agency pays for access to the app and the data. In this situation, SaaS vendors own their customers’ data. Many organizations think SaaS vendors are, therefore, responsible for protecting it, but that’s not really the case. Vendors are obligated to protect the app itself and keep it up and running. And generally, customers are responsible for protecting their data residing inside the app.

To improve data protection, compliance and reuse, agencies can bring storage under their own umbrella instead of relying on SaaS vendors’ applications, where they have less control and visibility, and where more hops are required by users who need to access the data. When an organization owns their data and stores it in their cloud, they can set appropriate access controls and better trace their data’s digital chain of custody.

This can be accomplished by backing up SaaS app data directly from the app into an organization’s own secure cloud infrastructure, such as AWS or Microsoft Azure. The data should be backed up at high frequencies so that all changes made, whether intentional or by error, are captured. Data about who made each change, when and from what system should also be captured.

Having this level of information readily and securely available in an agency’s own cloud data lake makes it easier, and less costly, to maintain a digital chain of custody for security and compliance/auditability purposes. It also sets the stage for true digital transformation, where the more complete data there is for feeding into other systems and analytics, AI and ML tools, the more strategic value agencies can derive from it.

Joe Gaska is CEO of GRAX.