Views, News & more
If your business runs Office 365 (O365), then you’ll know that it’s the centre of your company’s email communications, collaboration and, ultimately, productivity. Similarly, if you’re considering using O365 for your company, you’ll probably know that it will become the hub of your business.
You’ll know, then, that O365 hosts sensitive data that is absolutely vital to your business and that you definitely don’t want to be vulnerable to cyberattack. However, what you might not know is that O365 provider Microsoft is only responsible for the infrastructure end of the service (that is, uptime, cloud service availability, basic retention and physical and logical infrastructure security.)
Ultimately, the data owner is responsible for areas such as data security, privacy, compliance and recovery. However, one poll suggests that around 6 out of 10 O365 users do not have a third-party data protection plan for their O365 estates, leaving critical data vulnerable.
As a business owner, then, it is imperative that you ensure you have protection for your O365 estate, to ensure security, compliance and business continuity. Here are six reasons why you need Office 365 backup and what to look for from your backup provider.
If a user is deleted from your system, accidentally or not, this will be replicated across the network. O365 only offers limited protection from such data loss, meaning that what should be a simple recovery can become impossible, once O365 has deleted the data permanently, or the retention period is over.
O365 has “soft delete” and “hard delete” options. “Soft delete” items can be salvaged from the Recoverable Items mailbox, but items that have been “hard deleted” are completely unrecoverable if you’re only relying on O365.
Retention policies can be difficult to keep up with and confusion and mistakes can be common. Again, O365 offers limited backup and retention policies that aren’t intended to be an all-encompassing solution.
It doesn’t offer, for instance, a point-in-time restoration option. This kind of service is offered by many backup providers and can be vital in the event of a catastrophic misstep, allowing you to roll back to a previous point in time and resolve the problem.
An attack from outside, such as a ransomware attack, can be devastating for your business, internal data, customer data and, ultimately, your reputation. Such attacks are commonly conducted via email and, while the fundamental defence is to educate your workforce on how to spot such threats, this doesn’t provide absolute protection.
Microsoft’s Exchange Online is not built to handle such attacks, so choosing a system with regular backups can ensure you keep an uninfected copy of your data, allowing you to quickly recover.
Perhaps not as infamous a security issue as external attacks, but just as much of a threat and just as damaging. Microsoft can’t track the difference between legitimate users and terminated employees who may be looking to delete data before leaving the company.
Other internal threats also need to be defended against, such as an employee strategically deleting files or emails that may land them in hot water with legal or HR, or even employees unknowingly creating threats through infected file downloads or leaking critical security information to a party they erroneously trusted.
If you need to retrieve emails or files in the event of unexpected legal action, you might find that Microsoft’s in-built safety solutions are not sufficient to offer you full protection.
As mentioned earlier, once a user is deleted, this includes their Sharepoint site and OneDrive account, potentially robbing you of a vital file or email. A third-party provider can offer you protection from fines, penalties and legal action.
When a company moves to O365, they typically require a period of transition between their on-premise Exchange system and O365 Exchange Online, with some even leaving part of their legacy system in place to allow for flexibility and a greater degree of control.
While such hybrid systems are common, they pose some management challenges that a good O365 backup system should be able to handle. Such a backup will also treat exchange data the same, meaning that the source location is irrelevant, and will enable you to store data wherever you choose.
Flexibility – A provider should offer you the flexibility to utilise existing on-premise capacity for your O365 backup, or to leverage another cloud for cloud backup.
A range of features – Your provider should offer features such as: incremental backups; granular recovery; automation; policy-based retention capability.
Scalability – Your backup service should enable you to scale up or down, without incurring capex, as your business and data demands fluctuate and as the system is rolled out across your company.
Breadth of service – It should be capable of managing and protecting hybrid deployments as well as easing full adoption.
Integrated with O365 – Needless to say, your backup should have deep integration with O365 and your existing data protection environment.
Innovation – Additional security features, from access control and usage metrics to multifactor authentication, should be provided.