Imagine losing everything in an instant. Not because of a catastrophic hack, but because of a simple click, an AI mistake, or an accidental bulk delete. This isn’t a hypothetical scenario—it’s happening to businesses every day, and most CISOs don’t even realize the risk. Mike Potter, co-founder and CEO of Rewind, wants to shatter a dangerous misconception: Just because your data is in the cloud doesn’t mean it’s safe.
“I’m going to tell you something you’re not going to believe,” Potter says with a knowing smile. “When you move to cloud-based SaaS applications, your data is not automatically protected—and most companies are completely unaware of this critical vulnerability.”
The Shared Responsibility Model
For years, technology leaders have operated under a false sense of security. SaaS platforms trumpet their robust infrastructure, leading many to believe that data protection is automatically included. The reality? It’s not. Potter explains the harsh truth: SaaS providers backup their entire system, not individual accounts.
“It’s an all-or-nothing approach,” he says. “If a massive disaster strikes their data center, they can recover everything. But if you accidentally delete a critical project or a rogue employee wipes out important data? You’re on your own.”
The numbers are startling. Third-party application bugs, AI-driven bulk changes, and human error can devastate your organization’s digital assets in seconds. And when that happens, support isn’t coming to save you.
The 3-2-1 Cloud Backup Rule
To combat this risk, Potter and Rewind have developed a new approach they call the “3-2-1 Cloud Backup Rule”:
- Three copies of your data
- Two different cloud locations
- One backup that is NOT managed by your SaaS provider
“Think of it like insurance for your digital assets,” Potter explains. “You wouldn’t leave your most valuable physical assets unprotected, so why would you do that with your digital information?”
Real-World Consequences
Potter shares a compelling story that illustrates the very real stakes. Just weeks before the critical Christmas shopping season, a small children’s shoe store in England was on the brink of disaster. A third-party app had deleted every single product from their Shopify store. “The store owner called me directly,” Potter recalls. “He had just installed Rewind weeks earlier. When we restored his entire inventory, you could hear the pure joy in his voice. We quite literally saved his business.”
This isn’t an isolated incident. From major retailers losing product images before launch to businesses facing potential bankruptcy from data loss, the risks are everywhere. The Market is Awakening Recent developments suggest the industry is finally recognizing this critical gap.
Gartner began covering SaaS backups in September 2024. Salesforce acquired OwnBackup for $2 billion. Microsoft launched dedicated backup services for Office 365. “These aren’t just coincidences,” Potter emphasizes. “They’re acknowledgments of a fundamental shift in how we must approach data protection in the cloud era.”
A Call to Action for CISOs
For technology leaders, the message is clear: Your reputation is on the line. When a SaaS tool fails, clients won’t blame the platform—they’ll blame you. “If you recommend a tool to a client and they lose critical data, you’re the one they’ll hold responsible,” Potter warns. “It’s about protecting not just data, but your professional credibility.”
Practical Steps Forward
- Audit your current SaaS backup strategies
- Implement independent backup solutions
- Train teams on data protection risks
- Consider solutions like Rewind that offer comprehensive, application-specific protection
The Future of Cloud Data Protection
As AI and cloud technologies evolve, the complexity of data protection will only increase. CISOs must be proactive, not reactive.
“We’re not just selling a backup solution,” Potter says. “We’re offering peace of mind in an increasingly unpredictable digital landscape.”
The era of assuming cloud platforms will protect you is over. In 2025 and beyond, successful organizations will be those who take a holistic, strategic approach to data protection. Your move, CISOs.
Want to learn more? Visit www.rewind.com.
About the Author
Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.
Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
