Understanding the Shared Responsibility Model

Education is a critical component of your role as a managed service provider (MSP). Your client base, typically small and midsize businesses (SMBs), aren’t often aware of IT trends, risks, policies, etc. As advisors in all things technology–including the issue of shared responsibility–you are responsible for keeping your clients in the know.

Datto’s latest research indicates that MSPs are migrating clients to Microsoft 365 SaaS applications at a rapid rate. Respondents to our annual State of the MSP survey said cloud migration was a top business driver for 2020, and that the COVID-19 pandemic only increased demand for SaaS apps. Sixty-two percent said their clients are currently using Microsoft 365 cloud services, and they expect that 70% will be using them within two years.

As more businesses migrate their data and business operations to the cloud, one piece of education many MSPs find they need to iterate to their clients is the need for third-party backup. Often, businesses using software-as-as-service (SaaS) solutions like Microsoft 365 or G Suite assume that the SaaS provider is responsible for their data security, but that’s not always the case. Just recently, Microsoft was faced with outages that impacted businesses all over the globe.

Data stored in the cloud is still susceptible to cyberattacks, human error and malicious deletions. When those incidents happen, it’s end users’ responsibility to recover their data, making it essential for businesses to understand who is responsible for data loss in different scenarios.

Under the Microsoft Shared Responsibility Model, the following holds:

The SaaS provider protects data against:

• Service interruptions due to hardware or software failure
• Loss of service due to natural disaster or power outage

Users must protect data against:

• Accidental deletion
• Hackers, ransomware attacks, other malware
• Malicious insiders

If you have clients on cloud productivity apps or plan to migrate them soon, it is essential to communicate the need for SaaS backup—to reduce risk to their business and yours. That’s why some MSPs bundle SaaS protection with Microsoft services. In other words, it’s not a separate line item. If MSPs deliver Microsoft services, backup is bundled with it and built into their fee. It’s an approach worth considering, and can even be a margin-building opportunity.

Visit Datto’s website, download our infographic on the Shared Responsibility Model, and share it with your clients to educate them on how shared responsibility could impact their business and the importance of having SaaS Protection.

This guest blog is part of a Channel Futures sponsorship.