There is a common misconception that Microsoft takes care of its clients’ data backups. Therefore, the automatic response, when most clients when asked if their Microsoft 365 data is backed up, is, “of course it is.”
However, if you really think about it, are you sure? Do you recall Microsoft guaranteeing they would backup up your data for you?
Unfortunately, very few Microsoft clients will be certain that their data is backed up and none will remember Microsoft making any promises to do so. Microsoft provides an excellent service, but its focus is on managing the Microsoft 365 infrastructure and maintaining up-time. Backing up data is considered a clients’ responsibility.
However, many clients do not know this and few organisations realise that they must ensure they have access to and control over their SharePoint Online, Microsoft Teams, OneDrive for Business and Exchange Online data.
How did this misconception arise?
At this root of this issue are two separate concepts that often cause confusion:
1. Microsoft 365 backup.
2. Georedundancy.
A Microsoft 365 backup takes a copy of an organisation’s data and stores it in an off-site location. Georedundancy, on the other hand, guarantees protection in the event of a site or hardware failure and allows users to remain productive even if an infrastructure outage or crash occurs. It is important not to confuse these two separate ideas and it is vital that organisations understand that georedundancy is not synonymous with backup.
Nevertheless, this still does not explain why Microsoft 365 backups are so important. So, we have broken it down into 6 critical reasons:
1. Accidental deletion.
2. Retention policy gaps and confusion.
3. Internal security threats.
4. External security threats.
5. Legal and compliance requirements.
6. Managing hybrid email deployments and migrations to Microsoft 365.
1. Accidental deletion
Making mistakes is part of human nature. Everybody clicks the wrong button from time to time and accidentally deletes a file or an email. But what if that wrong click causes your organisation to permanently lose import data?
When users perform a simple action, like accidentally deleting another user, that deletion is replicated across the network and could lead to the loss of their OneDrive data and personal SharePoint site.
Two forms of deletion that can occur are:
1. Hard delete
2. Soft delete
A soft delete is, for example, when the items from the deleted items folder are emptied and “permanently deleted.” These items are actually not permanently deleted but can be recovered from the recoverable items folder. On the other hand, a hard delete is when an item is tagged to be deleted completely from the mailbox database. The items that are deleted with this action are completely unrecoverable.
2. Retention policy gaps and confusion
Just like with accidental deletion, Microsoft does offer a very limited data backup and retention policy. However, these policies are only suitable for situational data loss and do not provide an all-encompassing backup solution. Moreover, these policies do not provide point-in-time restoration of items within a mailbox.
Point-in-time restoration offers protection if a catastrophic event occurs. This form of backup allows users to go back in time to a previously saved copy of their data before it was deleted. Without a Microsoft 365 backup solution, this form of restoration is not possible and organisations cannot be assured that their data can be quickly, easily and reliably restored.
3. Internal security threats
The phrase “cybersecurity threats” usually conjures up an image of a hacker, accessing company information and using it maliciously. However, often companies fail to consider the threats that come from within their own organisation
Employees too can pose a threat to the security posture of a business, either intentionally or unintentionally. Microsoft provides an excellent service but it cannot tell whether a user is a trusted employee or a disgruntled terminated user looking to cause havoc and delete files before they leave.
Of course, a regular user can also unintentionally pose a threat to an organisation’s security by, for example, downloading infected files or accidentally leaking usernames and passwords. Another, perhaps more extreme example, is evidence tampering. An employee may be strategically deleting incriminating files to protect themselves without their organisation realising.
4. External security threats
Viruses and malware also pose a massive threat to organisations. They run the risk of jeopardizing a company’s reputation as well as exposing sensitive employee and customer information. External threats are often sent through emails or attachments, therefore, while it is important to educate users on good practices, organisations cannot rely solely on this for protection.
Exchange Online does offer limited backup and recovery functions but these are inadequate when dealing with serious attacks. Having a Microsoft 365 backup solution ensures that organisations always have access to a separate, uninfected copy of company data that is easily recoverable.
5. Legal and compliance requirements
Amid legal action, companies can also be required to retrieve specific data, emails or files.
Although Microsoft does offer some services to help with these issues, such as Litigation Hold, these services are not a robust solution that can minimise stress and keep organisations out of legal trouble.
Although legal requirements, access regulations and compliance measures vary from jurisdiction to jurisdiction, legal disputes, fines and penalties are something all organisations want to keep out of, regardless of where they are based.
6. Managing hybrid email deployments and migrations to Microsoft 365
When transitioning from on-premise Exchange to Microsoft 365 Exchange Online, most organisations leave a window of time to facilitate their adoption of Microsoft 365. Some customers may even decide to leave a small portion of their legacy solution in place to allow for increased control and flexibility.
Although these hybrid email deployments are common, they do require additional management and can present challenges. A Microsoft 365 backup solution can handle these deployments, treat exchange data the same and enable clients to store data wherever they choose.
How often do the issues stated above occur?
Unfortunately, companies are forced to confront these issues more often than most people realise. A Customer Survey by Stryve partner Veeam, in September 2019, estimated that 76% of sensitive data stored in Microsoft documents are not being backed up. Moreover, according to the IDC, 6 out of every 10 organisations still do not have any form of Microsoft 365 protection.
How can Stryve help?
Backing up Microsoft 365 data is no longer a luxury, but a necessity. Most Microsoft clients do not realise that they are responsible for protecting their data and, consequently, many are unaware of the risks they may be exposed to. Thankfully, Stryve provides a simple and cost-effective solution to this issue. We offer customers peace of mind, 24/7 support and a guarantee that their Microsoft 365 data is protected no matter what.
About Stryve
At the core of our mission is a desire to bring Fortune 500 levels of security and expertise at a price point that is affordable for small and medium businesses. We are a dedicated cybersecurity provider and not a reseller which enables us to configure your cybersecurity requirements based on what is best for your specific context. We work closely with clients to develop relationships and ensure that our solutions not only meet but exceed their expectations. We offer 24/7/365 support and our clients know that if ever have an issue or concern, we are always only a phone call away.