Every organization has sensitive, confidential information in its possession. This includes personally identifiable information (PII), credit card information, transaction records, employee files and protected health information (PHI). This data is supplied by customers, created by business process, kept in a wide range of storage media, retrieved by various enterprise applications, used by employees and accessed by authorized third parties.

Image Source: Pixabay

The challenge for every modern enterprise is to keep this information secure whether the data is at rest, in use or in transit. This challenge grows ever more formidable thanks to the ever-increasing scale and complexity of enterprise data. For many organizations, procuring and recruiting the resources needed to stay on top of this problem eventually becomes out of reach and beyond their budget. This is a key reason for the emergence and growth of data protection as-a-service (DPaaS). One DPaaS market forecast projects an astonishing 30 percent growth year-on-year through 2026.

Among the major cloud-based service delivery options (i.e. Software-as-a-Service, Infrastructure-as-a-Service, Platform-as-a-Service, Database-as-a-Service and DPaaS), DPaaS is a relatively recent entry. As one would expect with a new area of cloud computing, what DPaaS actually comprises isn’t yet universally agreed upon.

One school of thought sees DPaaS as comprising backup-as-a-service (BaaS), disaster recovery-as-a-service (DRaaS) and storage-as-a-service (STaaS). Another theory views DPaaS as a separate concept from disaster recovery and offsite backup. We’ll look at both.

DPaaS as Comprising BaaS + DRaaS + STaaS

In the first school of thought, BaaS, DRaaS and STaaS are the main DPaaS offerings.


BaaS entails third-party operated software that manages the backup of the client organization’s data into a cloud repository. It may rely on an on-premise cache to speed up backup restoration but is primarily designed to stored data via a web-based application.


DRaaS is the replication of entire servers, virtual machines and enterprise applications to the cloud. Ergo, if disaster strikes the client organization’s production environment and on-premise data center, operations can resume without the need to restore the on-premise data center.


STaaS is similar to but not synonymous with BaaS. It supplements conventional backup solutions with cloud-based storage in order to ensure there’s a copy of enterprise data in the cloud that harnesses the advantages of cloud computing.

DPaaS as the Third Pillar of Data Protection

The second school of thought sees DPaaS as the third element of a data protection strategy. The other two pillars are offsite backup and disaster recovery.

Offsite Backup

In this context, offsite backup means making a daily or weekly copy of enterprise data, then storing it elsewhere, such as the organization’s own data center or a third-party data center.

Disaster Recovery

Disaster recovery, on the other hand, means establishing a replica of your production environment in a site remote enough to not be affected by natural disasters, enterprise-wide technology failures or human errors.

When a disruptive event occurs that renders production infrastructure unusable, the organization would fail over its operations to this remote site in order to maintain business continuity. Disaster recovery may be conventional recovery or DRaaS where the cloud is leveraged to speed up the restoration of services.


As the third pillar in this arrangement, DPaaS is devoted to the protection of data within enterprise applications; specifically, at the database and application layers. For instance, if a user makes an error when entering information in a database or unintentionally applies certain changes to a file, DPaaS creates a mechanism for faster data restoration when compared to the other two data protection pillars.

A DPaaS gives the organization the leeway to specify shorter recovery windows (such as hourly as opposed to the daily or weekly regimen of a conventional offsite backup process). As a result, DPaaS delivers more granularity and control.

DPaaS is especially important for mission-critical systems. A business could probably afford to restore a 2 or 3-day old version of their email and web server following a disaster, but that would be catastrophic for a mission-critical system such as a core banking application.

DPaaS, disaster recovery (including DRaaS) and offsite backup are all tools of business continuity. While DRaaS and offsite backup seek to protect infrastructure and data, DPaaS is devoted to maintaining the safety and integrity of the data that rests on business systems. You need all three to guarantee seamless business continuity.

Whereas most modern enterprise environments will have some form of cloud computing as part of their overall technology infrastructure plan, it’s important to remember that cloud-based solutions are simply a means of delivering technology services.

Like any other solution therefore, their suitability and applicability will vary from ‘hardly useful’ in some organizations to ’hugely beneficial’ in others. For that reason, businesses should evaluate DPaaS in the context of their own needs to determine whether and how it can be applied for their maximum gain.