DevOps teams automate deployments and monitor applications. They scale infrastructure and manage CI/CD pipelines. But walking through AWS re:Inforce 2025 in Philadelphia, a pattern emerged across sessions like “Code to cloud risk management” and “Beyond shift-left: Embedding controls in infrastructure pipelines.”
Teams focus on application resilience. They ignore SaaS data resilience.
This blind spot creates real business risk.
Understanding your role: The security champion model
“Scaling security with Sportsbet’s Security Guardians program” and “Upskill your team with the AWS Security Champion Learning Plan” revealed the importance of taking responsibility for data security. These programs don’t wait for centralized security teams to handle everything. Instead, they embed security expertise directly into development teams.
Sportsbet’s program creates security expertise in application teams. They don’t wait for security teams to review every decision. Guardians make security decisions during development, understanding their role in the broader security picture.
This same principle exposes the first gap in SaaS data resilience: teams don’t understand their role in protecting critical SaaS data.
While AWS security champions know they’re responsible for infrastructure security, most DevOps teams assume SaaS vendors handle all data protection. They shouldn’t discover data protection gaps after Confluence suffers an outage or an AI agent corrupts a Jira project affecting developer productivity. Understanding your responsibility starts with recognizing that SaaS vendors provide the platform, while you own the data and are responsible for its protection.
Identifying what matters: The detection vs protection problem
Conference sessions revealed a critical imbalance. Talks like “Detection and response on AWS for partners” and “Multi-stage threat detection using Amazon GuardDuty” dominated the agenda. Organizations are implored to invest heavily in threat detection for their AWS infrastructure.
But here’s what these detection-focused sessions actually revealed about the second challenge: most teams can’t identify the critical data that will interrupt operations if it becomes unavailable.
Teams detect threats quickly in their cloud environments. They respond to AWS security incidents fast. But when SaaS data corruption occurs, whether in Jira, GitHub, or other critical business applications, there are no detection tools that alert users to problems with their data. More fundamentally, teams haven’t mapped which SaaS data is actually critical to operations.
AWS security sessions focused on infrastructure because teams understand infrastructure dependencies. The same mapping exercise needs to happen for SaaS platforms. Which GitHub repositories would halt development? Which Jira projects would stop releases? Which Confluence spaces would interrupt customer research?
Without this mapping, organizations invest in detecting threats to systems they understand while remaining blind to data loss in systems they depend on but don’t control.
Building your strategy: The infrastructure-as-code gap
“Coding for proactive controls with AWS CloudFormation” and “Beyond shift-left: Embedding controls in infrastructure pipelines” highlighted infrastructure automation. Teams define infrastructure through code and they standardize and automate wherever possible.
This automation success reveals the third critical gap: many organizations haven’t built backup and recovery strategies that meet their business continuity requirements for SaaS data.
SaaS backup processes are often non-existent, or at best, manual. While infrastructure management consistently gets special attention, SaaS data protection depends on manual processes, or worse, the assumption that SaaS vendors handle everything. Both premises fail under pressure.
“Build and scale a security-first engineering culture” and “Security and infrastructure unite: Breaking down cloud adoption silos” showed how successful organizations approach security at scale. They don’t treat security as an afterthought, they build it into engineering practices from the start.
Teams that succeed have a verified and automated backup and recovery strategy for business-critical SaaS vendors. They apply the same rigor to SaaS data protection that they apply to AWS infrastructure: automated deployment, version control, and tested recovery procedures.
Lessons from scale
“How CISOs think strategically about cloud security” emphasized strategic thinking over tactical solutions. Your SaaS data resilience strategy should align with business continuity requirements, recognizing that business operations increasingly depend on data housed in third-party SaaS platforms.
SaaS data resilience requires the same cultural shift that made AWS security successful. Teams must treat SaaS data protection as infrastructure, not as someone else’s responsibility.
The path forward
The sessions at AWS re:Inforce 2025 made one thing clear: organizations have mastered infrastructure resilience but failed to extend that discipline to their SaaS tools. This gap represents a critical business risk as companies become increasingly dependent on SaaS vendors for core operations.
The solution isn’t just technical, it’s cultural. Just as DevOps teams learned to treat security as code, they must now treat SaaS data protection as infrastructure. This means moving beyond the assumption that SaaS vendors handle everything and taking ownership of data resilience across your entire technology stack.
The question isn’t whether your organization will face SaaS data loss, it’s whether you’ll be prepared when it happens. The principles demonstrated in re:Inforce security sessions provide the blueprint: understand the role you play in protecting critical SaaS data, identify the critical data that will interrupt operations were it to become unavailable for any reason, and build a backup and recovery strategy that meets your business continuity requirements.
Your AWS infrastructure is already protected by the practices you’ve built. Your SaaS data deserves the same level of attention.
Take proactive measures to safeguard your SaaS data
With a trusted backup and recovery solution like Rewind in your back pocket, you’ll be able to quickly recover from costly data loss incidents and future-proof your SaaS data—ultimately strengthening your organization’s resilience against threats and disasters.
James Ciesielski">
