How secure is your data?
To what extent do Microsoft’s native tools support backup and recovery?
It would be very dangerous to assume that a SaaS vendor like Microsoft will always be able to recover deleted data. Organisations are typically at their most vulnerable if the data has been deleted a while ago, but this has only just been noticed. Here’s seven reasons why it’s important to have a diverse backup strategy
1) Avoid dependency
It is a big mistake for an organization to be wholly dependent on a single cloud vendor. If organizations do not have control of their data, they will struggle to act immediately once an issue becomes apparent. Even when data is retrievable, the process could end up being long and complicated, and there is the added problem of all-or-nothing destructive restores
2) Set your own retention policies
Microsoft 365 has limited backup and retention policies that are hard to keep up with, let alone manage and it is not intended to be an all-encompassing backup solution. A simple recovery can be a massive problem if data has fallen out of the retention period and Microsoft 365 has deleted it forever. You can easily avoid this with a data management service that will provide retention periods from months to years and whose sole purpose is to ensure that your data can be recovered directly back to Microsoft 365, regardless of the state of your live data.
3) Address compliance issues
If employees leave a company, can you prevent their files leaving with them? When someone deletes a user or users from Active Directory – intentionally or otherwise – once they are outside of retention their Sharepoint sites and OneDrive data are also deleted. What if you need those files during legal action in months or years to come? If you are to retain access to data after a user has been removed from Microsoft’s Active Directory, it’s imperative to have a backup to a third-party backup provider, not least for compliance purposes.
4) Recover everything in the event of deletion
What happens when users accidentally or intentionally delete or overwrite files? Recycle bins and version histories in Microsoft 365 provide only limited protection. If you delete a user, whether you meant to or not, that deletion is replicated across the network. Once an item is purged from the mailbox database, it is unrecoverable. This could have far-reaching effects if a rogue employee decided to delete incriminating emails or files. Microsoft’s backup and retention policies can only protect you from data loss up to a certain point, and can’t take the place of third-party data management solutions.
5) Prevent delays due to data loss
When data is deleted or corrupted, businesses face three major problems – loss of data, loss of time and loss of money. Microsoft provides exceptional availability and cannot be expected to focus elsewhere on extended retention or old user data. Being solely reliant on Microsoft Support for help recovering lost data can be very time consuming. The best way to avoid an issue impacting severely on business continuity is to find a third party that offers streamed, on-demand access to data at a moment’s notice.
6) Protect against ransomware attacks
How can organisations be protected from app outages, misconfigured workflows or ransomware attacks? Microsoft explicitly states that point-in-time restores of data are not in the scope of the Exchange service. Regular backups will help ensure a separate copy of your data is uninfected and that you can recover mailboxes quickly to an instance before the attack. The best data management providers offer streamed, on-demand access to all data instantly.
7) Separate roles as security standard
Companies nowadays require a separation of roles as a security standard. Having your backup in the production platform allows for a single point of failure. Microsoft 365 administrators could also potentially assign themselves full access to search and export from Exchange mailboxes, SharePoint folders, and OneDrive locations. This would enable them to delete a file. Without third-party backup, that file, depending on the retention policy, may be irretrievable.