Lessons from the “unprecedented” $135B Google Cloud backup debacle: Don’t put all your eggs in one cloud basket

Miriam Saslove | Last updated on May 27, 2024 | 3 minute read

This is one blunder that we bet Google Cloud wishes it could have swept under the rug.

In an unprecedented event for the provider, an entire customer account was deleted—including all backups stored within Google. The unfortunate customer on the receiving end of the mistake was UniSuper, a $135 billion Australian pension fund. This debacle put services on hold for over 640,000 members for nearly two weeks.

While it is still unclear how exactly the deletion happened, what matters here is that UniSuper didn’t just rely on Google to back up their data; they smartly had backups stored with a third-party provider as well. Because of their forethought, they could fully restore services (albeit after two weeks), even in the face of what most would call the “worst-case scenario.”

Never rely on the vendor to protect your data

Naturally, we have thoughts on this situation.

In the simplest terms possible, SaaS vendors take no responsibility for your account-level data!

“You never know when disaster might strike, and events like these can be catastrophic,” says Rewind’s CTO & Co-Founder, James Ciesielski. “There’s a good chance that the data you value impacts people and their livelihoods in some way, shape, or form, and that alone underscores the importance of making it resilient to disaster. The most crucial thing to remember is that you can’t rely on the vendor to keep your data safe, or even a physical copy—you need to engage a third-party provider to ensure you’re protected.”

Our CEO & Co-Founder Mike Potter chimes in: “At Rewind, we talk a lot about the Shared Responsibility Model. This means that users share the responsibility of protecting their data with the provider. In the case of UniSuper, they made sure they were covered by a third-party provider in case Google Cloud somehow deleted their account—and that’s exactly what happened here.”

Why don’t SaaS platforms protect your data?

It’s a common question, and one that we hear often. Why don’t Software-as-a-Service providers have data protection built into their platform? Can’t they just…save the data? In theory, yes, but there’s a distinction we need to make. They do “save” it, but it’s done in a format that makes sense to them. 

Every new piece of data or content you create is hosted on the servers of whichever SaaS tool you use. This data gets lumped in with the data from all the users of said tool. You can see all the customer information, reports, project plans, financial statements, or whatever function you use that specific SaaS tool for—but the SaaS provider sees ones and zeros on the other side of the mirror.

This is why the major SaaS apps add stipulations and limitations around what they can restore in their Terms and Conditions:

No matter what tool you use—Trello, QuickBooks Online, Zendesk, Salesforce, and so on—the Shared Responsibility Model is always present. The onus is on the user to understand how much of their data is at risk and how to protect it.  

Don’t get caught without extra backups—use a third-party provider

A third-party backup and recovery service dramatically reduces your odds of losing vital data, because you can always restore your SaaS instance from a clean copy of the data. Plus, by decreasing your time to recovery, you can prevent a flood of support tickets (and save yourself from painstaking manual rebuilding).

You’ll spend more time focused on your work rather than trying to solve the stressful challenge of data loss.

Rewind offers automatic, set-it-and-forget-it data backup and restoration solutions. Our apps integrate directly with your SaaS platform, allowing you to restore individual items of data or your entire file set. Learn more about how Rewind protects your business-critical data.

Profile picture of <a class=Miriam Saslove">
Miriam Saslove
Miriam Saslove is a chronically online storyteller based in Montreal. She loves books, concerts, coffee, and helping brands foster engagement and awareness through impactful multi-channel content. Also puns.