In response to the accelerated requirement to mobilise workforces, many businesses have swiftly migrated their users to Microsoft’s Office 365 platform, but what measures have been taken to enhance the level of data protection from the physical infrastructure out to the cloud?
The greatest concern any business should have when making the move to a cloud platform is the integrity and safety of their data. Whilst Microsoft Office 365 provides a highly available and stable platform, with an extensive range of features, it is ultimately the responsibility of the customer to ensure that their data is adequately protected in the cloud. Microsoft is not alone with this, all of the major Software as a Service (SaaS) providers unequivocally state that whilst they will provide a resilient platform, it is the client who is responsible for the protection of their business data.
Office 365 is quickly becoming the centre of business productivity for both SME and Enterprise organisations, with businesses sharing, accessing, and storing their critical data in Office 365, however, organisations that have not implemented a complete backup and recovery solution alongside it are exposing themselves to multiple data loss risks. Relying on Microsoft’s built-in backup capabilities in Office 365 is a risky approach; in a recent survey of 1,000 IT Professionals, 81% confirmed that they had experienced data loss in Office 365, this could be from a simple user error to major data security threat like ransomware.
Office 365 Backup – Common Misconceptions
It is a common misconception that Microsoft Office 365 has adequate built-in data protection features, with clients believing that features such as geo-redundancy and data retention will adequately protect their Office 365 data, with this misinterpretation many Office 365 users are not extending their Microsoft O365 backup and data protection outside of the native O365 toolset. This common mistake often leads to unexpected issues when data has been either accidentally or maliciously deleted and can no longer be accessed or restored.
With cloud computing being inherently complex, Microsoft has designed their Office 365 solution to maximise the reliability of its cloud services, they have built-in redundancy directly into the cloud system to minimise any negative effects on the customer when things inevitably go wrong. These systems however protect against specific platform outages and hardware failures, these will keep the service running, enabling users to remain online and working but they are not designed to act as a comprehensive data protection measure.
If you have already invested in Microsoft Office 365, you will probably by now understand the resilience of the platform and the built-in redundancy features it has, but have you considered what happens when there is a data loss or breach, how do you effectively retrieve this critical business data to ensure minimal disruption to business?
How can data be lost in Office 365?
The risk of data loss, both in the cloud and in a physical environment, remain similar, whilst Microsoft will ensure their networks are secure, not all data breaches can be prevented:
Accidental Loss – Someone in your business has accidentally deleted an important email or purged an entire email folder, or perhaps a mobile user has tried to sync their OneDrive for Business or Teams folder but has accidentally deleted the data entirely, without realising. If your files are stored in OneDrive or SharePoint, and the data is accidentally deleted, the data will reside in the recycling bin for a period of 93 days, should the recycle bin exceed its quota it will start to purge the oldest item first. If you were aware of the deletion during this time and you had adequate space in your recycle bin, the data could be retrieved using the standard built-in functionality available in Microsoft. Following this retention period, however, the data will be purged and will become irretrievable.
Overwriting Data – It is possible for users to mistakenly overwrite critical business documents in O365, meaning that the original information has been replaced, Microsoft does however provide a built-in versioning functionality where up to 100 versions of a file are saved as standard, whilst this can cause a storage quota issue for some administrators, it does mean that individual files can be effectively restored in this scenario, providing the admin hasn’t disabled the feature to save space.
Insider Threats/Ex-Employees –With 34% of data breaches reportedly coming from insider threats, you also need to consider the risks of permanent data deletion as a result of a disgruntled or departing employee. What if someone from inside your organisation attempted to maliciously exploit your systems, perhaps deleting critical information in an attempt to cause damage or to steal data? How long would it take for you to realise? Could your data be retrieved?
Data Retention Gaps – There is also the data retention policy gap for leavers to consider, if an employee leaves your company, Microsoft will only hold that data for 90 days, what happens if you need to recover a mailbox or a specific mail item of an ex-employee years after their departure? Once the data has been through the short data retention period it is permanently deleted from the Office 365 cloud platform it is not retrievable. Microsoft Office 365 does have a feature called “litigation hold”, which suspends any retention policy or automatic deletion on a specific mailbox, however, litigation hold is not an alternative to backup, it is designed to preserve the data just for discovery purposes, it is not able to restore lost data. Enabling litigation hold for all of your mailbox data will vastly increase your cloud storage requirements and costs.
Malicious Outside Threats – There is of course always the concern of an external malicious attack, with Malware, Phishing attacks and viruses such as Ransomware on the rise, you need to ensure that you have adequate measures in place to protect your business data, and your reputation. For example, should your root-level access of Office 365 be compromised, you could be locked out of your entire Office 365 environment, suffering huge data loss and a potential blackmailing scenario. With a complete backup of your Office 365 data, you could easily and quickly retrieve your information with minimal disruption.
Unfortunately, the data retention and protection features built into Microsoft Office 365 are just not comprehensive enough to protect your business from every type of data loss, it gives you a very limited level of protection meaning a basic restore of purged data can become a complex, if not impossible task.
So how do you take back control of your Office 365 data?
Invest in Office 365 Backup from Veeam.
Veeam Backup for Microsoft Office 365 eradicates the risk of losing access and control over your Microsoft Office 365 data including Exchange Online, SharePoint Online, Microsoft Teams and OneDrive for Business, so that your data is always protected and accessible when you need it. With Veeam you can select the data retention period required for each individual data set.
In all of the scenarios listed above, Office 365 Backup from Veeam would deliver you an easy to navigate simple solution to quickly restore the data right back to where it came from, protecting you against any permanent data loss.
Microsoft Office 365 Backup from Veeam allows administrators to backup all of their Office 365 email messages and files to their Veeam Backup & Replication repository for long-term archival, search and restore. With a familiar Windows-based interface, Veeam Backup for Office 365 is incredibly easy to navigate, with just a few clicks you can rapidly locate a document and restore it to where it originated from with all of the Metadata intact, returning it with its original time and date stamp.
When restoring an email, or a mailbox you can restore it straight back into the individual’s mailbox. The email will be returned to the exact same folder it was deleted from. When restoring OneDrive or Sharepoint information you can use the latest point in time or you can select a time period to roll back to, if you are overwriting the original it can leave a note on the file that it was restored.
Using the advanced search functionality in Veeam Office 365 Backup you can also be very specific, if for example you have been requested to present emails that were originally received perhaps many years ago, you can locate that point in time, launch a search query on subject or sender and you can gather up all of the specified emails to restore, you can highlight only the required items rather than restoring the whole mailbox. Office 365 Backup from Veeam also offers you the ability to report on mailboxes, consumption usage, and licensing.
Microsoft Office 365 Backup from Veeam gives you the control to securely backup Office 365 to any location, including on-premise, a public cloud, or a managed service provider such as Krome:
- Protect your Office 365 data from accidental deletion, security threats and retention policy gaps
- Quickly restore individual Office 365 email, files and sites with industry-leading recovery flexibility
- Meet legal and compliance requirements with efficient eDiscovery of Office 365 items
To learn more about how Veeam’s Microsoft Office 365 Backup gives you back the control and data protection that you require to protect your business-critical data, on-premise and in the cloud, please contact a member the team today on 01932 232345.
28 Day Free Trial of Veeam Backup for Microsoft Office 365!
As a Veeam Cloud Service provider Krome is able to offer you a 28-day free trial of Veeam Backup for Office 365, hosted within one of our geographically diverse, fully secure, ISO 27001 datacentres.
Our resilient platform combined with the powerful features and functionality delivered by Veeam provides you with a world-class data-protection solution. To request start your trial please complete the form below and we will be in touch with the credentials you need to start backing your data up to the cloud.