Study reveals the importance of unalterable and separate data storage systems

In the rapidly evolving digital landscape, control over data location and architecture has become a business-critical necessity, according to Niels van Ingen, Senior Vice President of Business Development and Strategy at Keepit. This sentiment is backed by a recent survey, "Overlooked and unprotected: How SaaS data gaps threaten resilience," sponsored by Keepit and conducted by Foundry for CIO MarketPulse in April and May 2025.

The survey polled over 300 senior IT decision-makers in the US, Europe, and the Asia-Pacific region, revealing some concerning trends. A significant 49% of the respondents have experienced a significant data loss event in the past year, underscoring the need for robust backup solutions.

Interestingly, 37% of the respondents rely solely on the native backup functions of their SaaS applications. Niels van Ingen finds this alarming, stating that relying solely on native backup is no longer sufficient. Companies must ensure their data is independent, immutable, and compliant with sovereignty requirements.

A majority of IT decision-makers, 61%, consider physically separate storage solutions a critical factor for modern SaaS backup. This preference for data storage outside the SaaS provider's environment, as chosen by 62% of the respondents, is a clear indication of the need for true independence in case of a platform or regional outage.

SaaS providers themselves recommend using a third-party backup, recognising the importance of having a backup system that is independent of the primary service. To meet the requirements of GDPR and new regulations like the Digital Operational Resilience Act (DORA), businesses must have granular access and deletion controls. Deletion controls at the architectural level, not just user rights, are considered important by 59% of the surveyed IT decision-makers.

Today, SaaS resilience requires infrastructure designed to withstand increasingly complex threats. End-to-end encryption and immutability of data storage, preventing manipulation or unauthorized deletion, are priorities for 59% of the respondents. The growing concerns about data and digital sovereignty lead companies to scrutinize architecture, dependencies on global hyperscalers, supply chain, use of sub-processors, and compliance.

In today's environment, a month or longer data recovery after a loss event, or recovery that may not be possible at all, is a risk 11% of the respondents are willing to take. This highlights the need for reliable and swift data recovery solutions.

The source image for this article is from depositphotos.com. The report discussed can be downloaded here. You can follow this article on X, Bluesky, Mastodon, Reddit, Facebook, and via email.

As trends of cloud repatriation and adoption of immutable backup technologies by providers like Veeam show, especially in Europe, particularly in Germany, a significant portion of firms are actively seeking or planning to implement physically separated, immutable, and encrypted backup systems to reduce dependence on US-based cloud services and improve data resilience and compliance. In 2025, many companies in the USA, Europe, and Asia-Pacific still rely on a single native backup of their SaaS applications, but the tide is changing.