Do You Really Need to Backup Office 365?
The advent of cloud software as a service (SaaS) applications such as Microsoft Office 365 led many to believe that regular data backups were no longer necessary. While it’s true that the cloud implements a distributed server network which can be safer than local servers, it doesn’t eliminate many common ways that data can be lost.
In a study conducted in 2013 by Aberdeen Group, 32% of respondents reported that they experienced data loss from a SaaS application. The three most common causes were users accidentally deleting (47%) or overwriting data (17%), and hackers destroying it maliciously (13%).
Given that the data stored in the cloud is often critical to a business and its customers, or required for regulatory compliance, it’s important to assess the need to back it up. Here are three essential questions to ask during the assessment:
1. Which Office 365 Applications Do We Use?
The first step is to take stock of the Office 365 applications your organization uses and all the data that currently resides in the cloud. This part of the assessment should consist of accounting for how much storage is needed to back up the data and the reason the backup is needed.
For example, your organization may need to retain all internal communications for regulatory reasons. Emails can be deleted from the cloud just as they can be deleted on local email servers, so periodic backups will ensure they are retained. Other files may contain information which is critical to business processes or customer service.
More complex is the backup of internal software development applications hosted on Microsoft’s cloud like Teams or Office 365 Groups. It’s important to assess the size and complexity of these data stores. It will help backup vendors tailor their service to your situation.
2. Are Office 365’s Protective Features Enabled?
The chances of accidental and malicious deletions can be mitigated by protective features built into Office 365. Therefore, you should also assess whether there are existing safeguards that can be implemented.
One scenario for data loss is an administrator who has privileges to delete data. It is common for the admin to manage the removal of storage space and the deletion of accounts when employees leave the company. However, when it comes to critical data, the chance exists for accidental or malicious deletions. Microsoft’s Privileged Access Management framework can require that administrators obtain approval before deleting critical data.
Another potential problem is hackers gaining access to privileged administrator accounts and destroying data on the cloud. This problem can be mitigated with strong security measures. Multi-factor authentication and products like Cloud App Security can dramatically reduce the chance of this happening.
3. Where Are the Data Security Gaps?
Once the first two steps of the assessment are complete, the next is to determine whether there are still data security gaps in Office 365. Some gaps can be closed by implementing better security and privileges management. While others may only be solved by adding periodic backups.
Any risk which can lead to data loss should be included in the discussion, whether its employee error, vendor failure, or external attacks. The importance of data should also be weighed. Data needed to comply with regulations or support critical business processes will need to be backed up.
Office 365 Backups
If the assessment reveals that Office 365 backups are necessary, the most practical solution is a third-party cloud-to-cloud backup service. Barracuda Essentials for Office 365 is a good example of such a backup and recovery solution. With these services, organizations can schedule periodic backups of records and critical data like emails and customer information. They enable the implementation of a recovery process that suits the organization, including downloads and re-installations. As an Office 365-wide service, they also bundle together the retention of Exchange emails, OneDrive backups, and SharePoint mirrors.
Create Recovery Plans
Backing up Office 365 data to a third-party cloud service is just one step in the process of protecting against data loss. It’s also important to carefully craft recovery plans for different events that can trigger the restoration of data from a backup.
Scenarios can include isolated deletions by employees of critical files, or a failure of Microsoft’s Office 365 service which leads to a large loss of data. Recovery plans should include both an authorization and deployment process to ensure critical data isn’t overwritten or overlooked.
The Future of Cloud Backups
Every business organization should periodically assess the need to backup data that resides on cloud services like Microsoft Office 365. Ideally, an assessment should be made whenever a new application is added to the company’s processes. It’s also important to reassess whether data needs backup protection in the future. Data that isn’t critical today may become critical tomorrow.
A good example of a recent event which impacted data retention policies was the implementation of data privacy regulations in Europe. Establishing solid practices around data management which go beyond current needs, makes more sense than simply meeting the industry or legislated minimum.
Thanks to flexible third-party cloud services, these issues are much easier to manage today. Organizations can contract out the storage and automation needed to backup large and complex data sets.
Outsource IT can help in this regard. Contact us today to discuss how we can build and implement a solid cloud data protection strategy for your organization.