February 18, 2019
Microsoft provides a wide array of services within the Office 365 platform and it has now grown to over 155 million monthly active accounts with over 3 million new accounts added every month. The platform has invested in high-quality security measures and attention to privacy and compliance, but this does not include backup of the data.
It is a common misconception that Microsoft provides backup of all your Office 365 data, but what Microsoft actually does, is make sure your data is available in multiple locations using geo-redundancy.
The main differences between geo-redundancy and backups are:
- Geo-redundancy replicates your data to three different locations, providing protection against hardware failure or power issues by failing over to another server.
- Backups are a historical copy of data which is stored in a separate location for a set period of time, based on your retention policy. It is important that backups are stored in a separate location with separate access and control, so that if data is ever lost or subject to a malicious attack then it can be restored from the backup data.
Here are some of the main reasons why you should back up your Office 365 data:
1. External security threats
Email phishing attacks accounted for 90% of data breaches in 2018 and even with the introduction of increased email security and user training, 230,000 new malware variations were detected every day last year so there will always be some that get through.
Microsoft provides in‐geo data residency which means your data is replicated in at least two DataCentres, but if your mailbox is affected by malware then this will also be replicated and there is no way to do a point in time restore of the mailbox.
2. Internal security threats
Organizations face data breaches internally from staff who may unknowingly download an infected file or leak usernames and passwords to sites they thought they could trust, resulting in data being lost. Another example of an internal security threat is terminated employees who may want to delete data before their access is revoked.
Microsoft does provide a recycle bin for most Office 365 services, but usually, people will also have access to this, so it will not stop the data loss.
3. Retention policy confusion
Office 365 retention policies can be set at both the tenant level and the user level and they will set how long an item is kept within a folder on the mailbox. The policies allow account-holders and admins to automatically clear out old data which is no longer needed, but they can also cause data to incorrectly be removed if not setup correctly.
Microsoft will store items in the recoverable items for 14 days by default after they have been deleted by the policy, but after this time they will no longer be recoverable.
4. Accidental deletion
When someone accidentally deletes data from Office 365, then the deletion is also replicated to the other DataCentres and this may not just be a file in OneDrive, but a change to a staff members license may cause data deletion too.
Microsoft provides recycle bins and version history which allows for data to be restored but this is only when the data has been marked as a soft delete, an example of this is a person emptying the deleted items folder. If an item is tagged to be purged from the mailbox then this cannot be restored, and an example of this is if a person purged the recover deleted items.
Ultimately it is Microsoft’s responsibility to make sure that the Office 365 service is available and can be accessed, but it is the responsibility of the organisation to provide protection and long‐term retention of the Office 365 data. It’s your Data, Microsoft only provide the infrastructure to store it!
The average length of time from data compromise to discovery is over 140 days, yet the default settings from Office 365 only protect your data for 30‐93 days.
Backup for Office365 provides Complete protection of your Office 365 data;
• Protection of Exchange Online, SharePoint Online & OneDrive data in Office 365.
• Granular selection for backup jobs, individuals or entire tenant.
• Customisable backup schedule, from weekly through to hourly backups.
• Backup Retention from 1 day through to unlimited.
• Granular Restores of email data, entire mailboxes through to individual emails, calendar items and tasks.
• Granular restores of SharePoint and OneDrive, entire sites through to individual list items.
• Restore to the original location or chose alternate locations.
To discuss your cloud requirements further please contact us on 0113 387 1070 or [email protected].