More than a million businesses worldwide use Microsoft’s suite of productivity applications, Microsoft 365. Applications like Teams, OneDrive and SharePoint not only help employees collaborate more efficiently and effectively, they enable a global workforce to work from anywhere.
Being hosted in the cloud, Microsoft 365 absolves organizations of the responsibility for maintaining a complex infrastructure of hardware and interdependencies; however, business organizations are still responsible for ensuring end user compliance with data security and preservation of data in accordance with their compliance regimes. As such, organizations should back up their data in the Microsoft cloud just as they would with on-premises data.
Here are 10 reasons why.
1. It’s your responsibility
Having your data saved in the cloud is not the solution to your backup problems. Forrester states that backing up software as a service (SaaS) application data is the responsibility of the organizations that use it, not the software vendor. SaaS providers, like Microsoft, are only responsible for the availability of their infrastructure and services, not the data their customers keep in the cloud.
2. We’re only human
Data loss happens for a lot of reasons. For the majority of them, there’s a human being involved. Whether it’s a malicious hacking attempt or accidental deletion of a file, most data loss incidents are caused by humans, not computers.
Should an end user fall for a phishing email, the ultimate result may be a disruption to critical systems, lost revenue, reputational damage and, in many cases, the payment of a large ransom. Internal threats are also potential causes of data loss and breach.
The biggest threat of all is human error. This includes accidental file deletions and overwriting of permissions and security configurations. SaaS providers like Microsoft can’t and won’t confirm if a request to delete is hasty or malicious.
Administrative error is also common. With great power comes great responsibility. Anyone with access to powerful tools for streamlining business processes can also be responsible for a sync error that overwrites critical business data in a single keystroke. Without the right tools, there is no easy way to reverse the damage caused by these data loss scenarios.
3. Granular restores
Microsoft 365 enables you to restore an entire site collection, mailbox or user, but it does not include the ability to perform granular restore. Having the flexibility to restore exactly what you need exactly at the point in time you need it can save significant time and resources when performing disaster recovery. It can also reduce the time it takes to recover data, also known as the recovery time objective or “RTO.”
4. Prevent destructive restores
Microsoft gives OneDrive users the ability to roll back files to a previous point in time within the last 30 days (for data that has not already been deleted). For the data that does still exist in OneDrive, this feature is an “all or nothing” destructive restore, which means a user may have to roll back all changes made in OneDrive to the selected time (even the intended changes) – instead of being able to limit the changes to certain files or folders. Being able to granularly determine what is restored – and prevent destructive restore – grants administrators the freedom to service a broad number of use cases.
5. Rapid restore
A disaster recovery strategy would be incomplete without the determination of recovery objectives, specifically, recovery time and recovery point. These are referred to as Recovery Time Objective (RTO) and Recovery Point Objective (RPO), where RTO indicates the time it takes to recover and RPO indicates how much data loss is acceptable.
As previously mentioned, recovery time is highly dependent upon having flexible recovery options for recovering exactly what needs to be recovered; no more, no less. Recovery point, on the other hand, is dependent upon backup frequency.
For both RTO and RPO, it’s necessary to have a purpose-built backup tool to achieve your organization’s objectives, since control over RTO requires flexible recovery options, and control over RPO requires flexible backup scheduling.
6. Customizable policies
Microsoft 365 data can be removed from the system through either active or passive deletion. Active deletion occurs when an administrator or user takes it upon themselves to delete data. In some cases, that data may still be recoverable from the recycle bin. But if the recycle bin retention period has expired, or if the user also actively deletes the data from the recycle bin, it is not recoverable. Passive deletion occurs when the tenant subscription ends and, after 180 days, the data is automatically purged from Microsoft’s infrastructure.
It’s important to note that, while there are default retention periods (93 days) for OneDrive and SharePoint, retention policies can vary from service to service. And, as services are introduced, they do not always have similar safeguards available. Without complete control over retention policies, critical data can fall through the cracks.
Customizable policies also enable granular policy creation for different groups and users within the organization. C-level executives can have different backup policies than managers or individual contributors. Only a purpose-built backup tool can provide this level of control and customization.
7. Sync issues
Many people and organizations make the mistake of thinking they don’t need backup because they have OneDrive. But OneDrive is actually a sync and share tool that’s designed more for collaboration than it is for backup. With OneDrive, whatever happens to a document on a local machine is synced to the cloud. So, if a file is deleted or infected on that local drive, the change is automatically synced in OneDrive.
8. Central management
No matter how big or small the business, there’s a good chance that IT resources are stretched thin. Help desk requests can pull IT staff away from other strategic priorities. That’s why, when it’s time to help a user recover a lost file, folder or SharePoint site, it’s essential for IT to be able to perform the recovery remotely, preferably from a central console. Central management can speed recovery times, getting users back on task and freeing up valuable IT resources for other strategic initiatives.
9. It’s not backup
It’s been stated previously but deserves to be repeated: Microsoft 365 is designed for collaboration and productivity, not backup. Specifically, it’s not designed for the everyday data loss scenarios that IT administrators deal with on a regular basis. Accidental file and folder deletion, ransomware, permissions overwriting – these are the types of data loss businesses are most likely to face. Microsoft is not responsible for any of them; they’re the responsibility of the organization whose data lives in Microsoft 365.
With Microsoft 365, file versions are not immutable or isolated recovery points. For example, if an active file is deleted, all older versions of the file are deleted as well. If they are deleted permanently from the recycle bin, then no viable recovery points are available.
Confidence comes from having the right tools for the job. That means having control over backup and retention, and not being subject to uncertain default policies. It also means flexible recovery options, so there’s no need to recover more than what’s necessary. And it means being able to implement recovery objectives that have been established based on business requirements.
About Carbonite and Webroot
Carbonite and Webroot, OpenText companies, harness the cloud and artificial intelligence to provide comprehensive cyber resilience solutions for businesses, individuals, and managed service providers. Cyber resilience means being able to stay up and running, even in the face of cyberattacks and data loss. That’s why we’ve combined forces to provide endpoint protection, network protection, security awareness training, and data backup and disaster recovery solutions, as well as threat intelligence services used by market leading technology providers worldwide. Leveraging the power of machine learning to protect millions of businesses and individuals.
Carbonite Helps Resellers and MSPs Add Resilience to Customer Environments
Carbonite Data Protection & Cyber Resilience
10 Reasons MSPs Should Add Security Awareness Training to Their Offering
Disaster Recovery as a Managed Service
Carbonite Data Protection & Cyber Resilience