Applications such as Exchange, Sharepoint and OneDrive are the oil that keeps the wheels of commerce turning. Adoption of Office 365 is growing at such a rate that even Microsoft has been taken by surprise. The company estimates that during FY2019 it will reach the point where two-thirds of its Office business customers will have migrated to the software-as-a-service platform which, it says, is about a year ahead of expectations.
Businesses are understandably looking for the agility and scalability of cloud-based applications, but in the rush to migrate for convenience and efficiency, the balance of responsibility for security and backup is also shifting and as such requires close examination. Organisations need to be aware that, while they can now rely on Microsoft to protect and guarantee availability for these mission-critical applications and underlying infrastructure instead of having to carry out that activity themselves, responsibility for protecting the sensitive company data that resides in those systems remains firmly in-house. This means businesses need to ensure that their data is fully backed up against common threats to security and productivity, and that any backup gaps resulting from the hand-off between themselves and the platform provider, are closed.
Given the rapid penetration of Office 365, we're seeing more businesses looking closely into their backup situation as they strive to balance productivity, data protection, security and compliance. It's therefore worth examining some of the key reasons that additional backup for Office 365 is essential.
Millions use Microsoft's products, including Office 365, every day. (Image: Tadas Sar, Unsplash)
Office 365 offers backup – to a point
Unsurprisingly, Microsoft knows its users pretty well, and Office 365 does have a number of backup safety nets built in to spare users' blushes. Accidentally deleted mailboxes in Exchange can be recovered, and files in OneDrive that have been deleted, encrypted by ransomware or inadvertently overwritten can be restored to a point in time prior to the incident. However, in both these cases data recovery has a time limit, and 30 days is the magic number. If the user doesn't notice the error for a month, then those emails and files are gone for good.
Fixing the issue for users who've owned up to genuine mistakes in time is one thing, but how about users who don't have the business's best interests at heart? According to the Verizon Data Breach Investigations report, the second most common cause of cybersecurity breaches is privileged misuse, or insider threat. A disgruntled employee who decides to delete mission-critical files and data won't be publicizing the fact and if 30 days pass before the crime is discovered, there'll be no way of restoring those files unless that data is protected elsewhere.
A further issue lies around standard events, such as an employee leaving the company. Office 365 will keep their emails for 30 days, but after that all the valuable historical intelligence left behind by that employee will be lost.
Potentially, the most compelling argument for creating independent backups is compliance. Companies that are subject to regulations requiring them to retain deleted data for extended time periods will not be able to comply if that data resides only in Office 365.
Ultimately, the data managed, shared and stored via Office 365 is mission-critical, so it is common sense to back that data up to the same level that you back up all your systems, rather than risk a gap that could result in damaging data loss.
Microsoft recently introduced new icons for the Office 365 apps, including Word, Excel and PowerPoint.
Protecting born-in-the-cloud data – modifying the 3-2-1 rule
Once organisations have identified the need to backup Office 365 data, they face the decision of how best to tackle this.
I mentioned at the beginning that the balance of responsibility for security and backup is shifting, and that's also true of the best-practice approach to backups. Previously, the accepted rule was that organisations should retain three copies of their data in two different media, one of which is typically kept on-premises, with one copy stored off-site. The cloud has changed all that. With data that's born in the cloud it no longer makes sense to keep a backup copy on-premises for two key reasons. Firstly, bandwidth is at a premium and streaming backup data to your own data center causes unnecessary congestion. Secondly, restore times could prove unacceptably long. Instead, it's logical to create backup copies in two different cloud locations, with each copy stored in a different geographic region as proof against regional disasters.
An Office 365 backup solution needs to overcome the shortcomings of the native backup features. Unlimited storage and retention, point in time recoverability for all data, including email, and full visibility for ease of management, as well as audit and compliance purposes, are all critical features. Plus, it goes without saying that, should the worst happen, you must be able to find and restore the data you need quickly and easily.
Since businesses first started looking for Office 365 backups, there has been an issue around finding a single solution that comprehensively covers Exchange, SharePoint Online and OneDrive for Business. It's therefore important, though seemingly obvious, to check that the solutions you're evaluating cover all the applications to the same degree.
At iland we're seeing growing numbers of organisations who are looking to close the gaps in Office 365 backup with a single solution. This single solution gives peace of mind that the data keeping their business in action is backed up to the same high standards they apply to other systems and data.
The balance of responsibility for security and backup may have changed, but the importance of protecting mission-critical data is as high, if not higher, than ever before.