Keepit, a vendor-independent cloud dedicated to SaaS data protection, recently announced new survey results, which found that 37 percent of senior IT decision-makers rely solely on native backup capabilities– leaving organizations at risk of data loss and disruptions.
Gaps in SaaS backup are putting companies at risk
The survey, “Overlooked and Under-Protected: How the SaaS Data Gap Threatens Resilience,” was sponsored by Keepit and conducted by Foundry in April and May 2025, involving more than 300 senior IT decision-makers from the U.S., Europe, and the Asia-Pacific region.
The IT leaders were questioned on the state of their businesses’ SaaS data protection. Their responses underscore the importance of having immutable, independent backups to ensure business continuity.
Among the key findings of the survey are:
- 37 percent of respondents rely solely on their SaaS application native backup capabilities, revealing risks of data loss.
- 11 percent of respondents said it would take a month or longer to recover data after a loss incident or possibly not fully recover at all.
- 61 percent of respondents highlighted physically segregated storage as a key requirement for modern SaaS backup.
- 49 percent said they had experienced a major data loss event in the past year.
“It’s surprising– and concerning– that in 2025, 37 percent still rely solely on their SaaS application’s native backup,” said Niels van Ingen, senior vice president of business development and strategy at Keepit. “First, most SaaS applications don’t have native backup. SaaS vendors follow a ‘shared responsibility’ model: they’re responsible for the systems and controls, while customers are responsible for their own data, accounts, and identities. Second, even when native backup is available, it’s tied to the SaaS application itself– so if you lose access to the vendor or your account, you lose access to your data. That’s why SaaS vendors themselves recommend using a third-party backup.”
Modern data resilience requires encryption, immutable storage, granular controls
According to the survey, SaaS resilience requires infrastructure that’s purpose-built to withstand the currently complex threat environment. Respondents to the survey said that requirements for modern backup now include:
- 62 percent said that data should be physically segregated from the SaaS provider’s environment to ensure true independence in case of platform or region-level failure.
- 59 percent said that end-to-end encryption and immutable storage are necessary to prevent tampering or unauthorized deletion, with deletion controls built in at the architecture level and not reliant on user roles.
- Granular access and deletion controls will help meet GDPR requirements and new regulations such as DORA.
“As the survey data makes clear, relying on native backup is no longer enough,” said van Ingen. “Organizations need to ensure their data is protected independently, immutably, and in alignment with evolving sovereignty requirements. In today’s environment, control over your data location and architecture isn’t just an IT preference– it’s a business imperative.”
Data governance and security capabilities are becoming increasingly essential for organizations in the channel, driven by the proliferation of AI. Read more about Concentric AI’s new integrations to boost their Semantic Intelligence platform.