We are in a digital age. An age where more than half of the industries, as well as the governments, are embracing a cloud-first approach to drive innovation, performance, optimize cost and enhance security. Yet, with this modern data-driven approach comes the challenge of data protection.
In my 24 years of experience in IT wearing different hats – ranging from Technical Support, Network Administration, Consulting and Infrastructure Architecture and now a Senior Engineer, I have gained experience in dealing with the most critical situations when it comes to backup and recovery – ones that have been nerve-wracking and exposed organizations to the risk of losing revenue as well as reputation in the industry.
While some organizations acknowledge this as an impending issue that requires attention, sometimes they lack the education to execute a data protection strategy that can save them from potential data loss. According to ‘Veeam’s Cloud Data Management Report, lost data from mission-critical application downtime costs organizations $102,450 per hour, on average.
On a similar note, most businesses have opted for SaaS products simply because this modern approach offers several advantages over the traditional software systems and the consumption models associated with them. The increased availability of cloud infrastructure and resources has eliminated the need to set-up, maintain and support infrastructure and brought the concept of resiliency to light. One such technology that delivers immense value to an organization is Microsoft Office 365.
Did you know that by the end of Q3 FY19, there were 180 Million Monthly Active Office 365 users? I don’t think any corporation can imagine a day without Office 365. Neither do I. Hands down, this data is huge. According to 451 research, Office 365 emails and documents shared and stored in SharePoint, OneDrive and Teams are the “New business-critical data.”
But the real question is, in the event of a disaster such as accidental deletion, malicious attacks including ransomware or internal security threats:
Does Office 365 include backup?
Yes and no. Just like any other SaaS vendor focuses on protecting its infrastructure to meet its contractual service level agreements, Microsoft follows the same route. This protection, however, does not extend to the customer, and it’s the customers’ responsibility to be proactive in backing up data. While Office 365’s SharePoint and OneDrive offer data archiving workflows, this is not a complete solution to address the problem of accidental deletion. Once a file is permanently deleted, there is no way of recovering it again.
Let me explain to you this BIG misconception in more detail.
There is an assumption that if the data is in SaaS, we don’t have to worry about it simply because we rely on the vendor for backing it up. But that is not the case. And neither it is with Office 365.
With a Microsoft Office 365 license, here’s what you get:
- Access to the suite of Office 365 business apps on infrastructure, that you ‘don’t have to maintain at all. Good one – check!
- Access to a recycle bin with a retention period of 30 days in Exchange Online, 93 days for SharePoint Online. So, if you delete a file – it goes directly into the recycle repository from where you can restore it. Another good one – at least you have some days to save it back.
- Full infrastructure level security – meaning, application level, logical and user/admin-level access control. Not bad because it saves you the pain of managing these apps on-premise.
- In-Geo data redundancy and replication in at least two geographically distributed data center locations – often mistaken for backup.
Now here’s what you miss with Microsoft Office 365:
- Data level security which means, that in the event of accidental permanent deletion ‘it’s your responsibility.
- Full data retention, which exceeds the temporary recycle bin allocation of 30/93 days based on your subscription. This means – hyper availability is simply what your organization must manage. If you miss the window, you cannot recover in time.
Do you need to backup O365?
Yes, you need to backup Office 365. Despite the recovery options that Microsoft provides, you need to have full control of your data. With a backup, your data is independent of the cloud platform and managed by a set of tools that offer more sophisticated and granular recovery, security and governance around e-discovery and privacy-based laws with new ground rules in place.
This post covers even more detail around the need to backup Office 365 for your organization.
The Road Ahead
Fast access, fast recovery and hyper-availability are not just trends or jargon. They are every ‘organizations’ concern, period. Backups ensure peace of mind in an unforeseen event. Here are my two cents on this situation:
- Security and compliance drive the need to keep a copy of your data. Most businesses can be left unprotected due to misinterpretation of the safety of data on the cloud.
- Backup consistency will streamline organizational efficiency and minimize any overhead.
- The ability to airgap a backup repository that stores Office 365 data will take security to the next level. This means no one other than your service provider can have access to these backups – making them safe from ransomware.