News/Trends, Tech/Engineering

5 Ways Cloud Apps Put Enterprise Data At Risk

We all love cloud apps. At their best, they make every aspect of our work faster and easier. Your team relies on collaborative tools like Google Drive, Office 365, and Box every day. SalesForce provides one central home for your CRM tools & client database. Projects are accessible anywhere, anytime. For the most part, these apps are inexpensive and intuitive – reducing costs for training and operations.

You may think that because your data lives in the cloud, it’s fully secured. Nothing to worry about, right? But the reality is, these cloud suites are built for data accessibility, not data protection. Deleted data can be lost forever. Cloud data can be vulnerable to ransomware attack. When lost or corrupted data can be recovered, there’s often a hefty price tag for restoring even a small amount of data. Worse still, these apps’ data retention tools often aren’t sufficient to meet regulations or cover you in case of a lawsuit.

Risks in the Cloud

By now it’s clear that cloud SaaS solutions have data policies that are designed for collaboration, not enterprise-level data retention. But why does that matter? What’s the risk of using these services without a backup plan in place?

1. No Coverage For User Error

Most cloud solutions automatically delete documents about 30 days after they’re sent to the recycle bin. What’s wrong with that? Project status can fluctuate. Imagine an employee trying to clean up her Google Drive folders after a big project is cancelled – she might move the project folders to the recycle bin to get them out of her way. Then she later learns the project is back on. With no way to retrieve the data, she’ll have to spend hours recreating documents that should be recoverable.

In some cloud apps, data can be instantly, permanently deleted with just a few clicks. A malicious employee could wreak havoc in your SalesForce instance, permanently deleting custom objects. If you’re lucky, you’ll catch it in time to get the data restored – but it’ll cost a minimum of $10,000, plus more in lost productivity while you wait weeks for the data to be restored.

2. Ransomware Can Wreak Havoc

Many organizations think that cloud data isn’t vulnerable to attack. They’re wrong. The truth is, data is just as susceptible to loss, theft, or malicious attack in the cloud as it is anywhere else. Ransomware downtime costs a business around $8,500 an hour, adding up to a total business loss of $75 billion a year in the United States alone. In the event that data is compromised, businesses can also face sizable fines and major damage to reputation.

3. Lost and Stolen Devices Pose a Major Risk

Cloud apps are missing features that come in handy if a device is ever lost or stolen. Complete data protection solutions have geolocation features, so businesses can trace lost or stolen devices. Data can even be deleted remotely, preventing serious security breaches. Skipping third-party protection means missing out on these important features.

4. Corrupted Data Is Ruined Forever

Many cloud apps offer at least some limited protection for accidentally deleted data. But what about corrupted data? A mishandled or corrupted bulk upload to SalesForce could ruin the database that your organization has been carefully building for years. A misconfigured integration could overwrite data faster than you can imagine. In many cases, the damage is irreversible. You need to be able to restore your data to a previous version anytime, without relying on users to remember to manually back things up.

5. They Don’t Meet Legal Requirements

Throughout the litigation process, the courts will require you to provide data as part of the eDiscovery process. This data has to be readily available, fully recoverable, indexed, searchable, and demonstrably unspoiled. And the courts don’t care if the data in question is on your servers or in a deleted Google Drive folder. Failure to meet these requirements could result in fines or court penalties, and ultimately undermine the fundamental merits of your case, triggering a ruling in the other party’s favor.

Gaps in Cloud Data Protection

Obscure or second-tier SaaS solutions may make you (rightly) nervous about your data and eager to protect it. But you may not realize that even best-of-breed cloud solutions carry data risks. These solutions leave critical gaps in data protections.

Google Drive

Documents, emails, contacts, and accounts themselves are gone for good within 30 days after being moved to the recycle bin. Emails can even be permanently deleted with the click of a button. Imagine a malicious employee clearing out all of their emails on their way out – you can see why this is a problem. Built-in backup options, such as manually exporting documents, are impractical and not scalable.

Office 365 and OneDrive

Deleted files are permanently removed 45 to 90 days after being moved to the trash. Even Exchange Online Archiving, an add-on archiving solution for Outlook, only protects emails – leaving out calendars, contacts, and tasks. And although it can be used to recover individual emails, it doesn’t provide the ability to restore a mailbox from a specific point in time.


While SalesForce has an Admin Export feature to backup a full database, it has to be run manually and can only be run once a week. Meanwhile, records are permanently lost 15 days after being deleted – or sooner if the recycle bin storage limits have been reached. Deleted custom objects are immediately unrecoverable. A recovery service is available if the data was deleted in the last three months, but it costs a minimum of $10,000 and can take weeks.


By default, any files stored in Box are permanently deleted 30 days after being placed in the recycle bin. Box also fails to provide visibility into information stored on endpoints unless it’s shared, so it can’t satisfy compliance and eDiscovery challenges for information outside of Box.

Now What?

We’ve seen that relying on cloud solutions for data protection means putting your organization at risk. But all is not lost: data protection platforms offer solutions to cover these gaps. With a data protection solution in place, databases can be restored to exactly how they looked at a specific time – whether it’s to recover deleted files or to provide materials for eDiscovery. User error can be undone. Data can be remotely deleted from lost devices, and databases are fully backed up and recoverable in case of malicious attack. Better yet, a good data protection platform will give a centralized view of data, letting you backup and manage data regardless of its device, service or location. With a top-notch backup plan in place, you can rest easy knowing that your data is fully protected.

Recommended Reading