Back when the acronym for how software was delivered was COTS (commercial off-the-shelf software), everyone understood that shrink-wrapped software had limitations. But now that we have SaaS (software as a service), the shrink-wrap is invisible and it’s easy to forget. Whether COTS or SaaS, software you purchase that isn’t built specifically for you never provides all the features you need.

It’s important to check for omissions, particularly in the areas of security and data management. Even when your data is hosted and stored in the SaaS application, it remains your data and your responsibility. That means ensuring data is secured and protected in accordance with company policies and regulatory requirements.

As an example, take a look at Microsoft 365 (abbreviated M365 and formerly known as Office 365). M365 delivers many of the fundamental software capabilities businesses need, including email, file sharing, collaboration tools, office productivity software, and other key services. As a cloud-based service, Microsoft provides support for the physical infrastructure on which these services run. That greatly reduces the demand on a business’s own IT team.

But as with all SaaS services, you may find you need to take additional steps to make sure your M365 data is protected to the level you need.

The potential gaps to explore include:

1. Availability.

Like all cloud services, M365 is highly available. Nevertheless, there are occasional cloud outages that can prevent you from accessing critical data. To ensure you have access to data even when M365 is down, you need to backup data and store it out of the Microsoft cloud. The 3-2-1 backup rule applies to SaaS, too.

2. Data loss.

Users can accidentally delete files. Data can be damaged by malware or malicious users. While Microsoft may enable recovery of the file, this depends on when the loss is detected. Although OneDrive retains older versions of files, it’s possible for historic versions to be corrupted. The only way to ensure you can recover data successfully is to have your own copy of the data. In addition, you can use Microsoft’s Advanced Threat Protection for a higher level of security against malware.

3. Retention and compliance.

M365 provides some retention features, but these may not match the needs of your specific industry or business. Retaining files in M365 uses storage and can result in higher expenses. Storing data from former employees can incur licensing costs. Data that needs to be retained only for compliance, rather than routine business use, can often be stored more cheaply elsewhere. Another regulatory concern, data residency, may be hard to meet.

COTS software was never a complete, out of the box solution, and as the Microsoft 365 example shows, neither is SaaS. Prescient Solutions offers complete support for Microsoft 365, including email migration to get you set up, along with ongoing Microsoft Office 365 services to ensure your configuration meets all your business needs.

Contact us to evaluate your requirements and build a complete solution for your M365 and other SaaS environments.