You weighed your options; you considered the alternatives. But when it came to choosing the right solution for your organization, the choice was an easy one: Microsoft Office 365, or O365.
With its complete platform offering, robust content sharing options, industry-leading security measures, and attention to privacy and compliance, it’s become the go-to product suite for many organizations migrating to the cloud. But, did you stop to consider your backup in the case of a disaster?
When it comes to cloud-based applications, there can be confusion over how backup works. And because O365 operates within the cloud, it’s easy to assume it’s already backed up; isn’t that what the cloud is all about? That’s a common misconception. The cloud does not free your organization from all data maintenance, and that includes backups.
Equipment fails, humans make errors, hackers are always looking to exploit your weaknesses, and Mother Nature can wreak havoc. And while Microsoft has got you covered for some data protection, you’re not completely off the hook; there are responsibilities on your end too. Microsoft itself even acknowledges this on their site: “With Office 365, it’s your data. You own it. You control it.” Armed with this knowledge, let’s look at four ways data can be lost in the cloud forever without proper backup for disaster recovery.
Using deleted items as backup.
Ever been quick to hit delete, only to discover you needed that item after all? As you know, it’s easy to just go into your deleted items and drag it back in order to restore it. Or maybe you’re one of those people who use their deleted items for storage—it’s easier than moving it to a set of organized folders, right? Wrong. This is the equivalent to keeping your important paperwork in the office garbage can; eventually, someone’s going to take out the trash! That’s just what can happen with O365. After a specified retention period, items are permanently deleted and generally irretrievable. For this reason, using deleted items as storage is not a secure backup plan that any responsible organization should be employing.
Relying on Exchange archiving tools.
Archiving and backup are often thought of interchangeably, but they are inherently different. Archiving, a feature offered with O365 for the enterprise E3 and E5, basically provides users with additional mailbox storage space.
When enabled in the Security & Compliance Center, users can access and store messages as well as move or copy messages between their primary mailbox and archive mailbox. This is primarily used for eDiscovery as it applies to organizational policy, compliance, or lawsuits. But an archive is not immune to disaster; that’s where data backup comes in. Backup allows for the recovery or restoration of lost or corrupted files. Say your files were accidentally deleted, or hacked—rendering them useless. Backup allows you to restore them to the condition they were in prior to the disaster.
Some organizations utilizing O365 may think all mailbox content is preserved in Recoverable Items because they’ve placed mailboxes on Litigation Hold. While this does have a high storage quota, storing all items can cause it to reach capacity quickly meaning these mailboxes should be monitored weekly.
Failing to backup Sharepoint.
Backing up Sharepoint, the collaborative platform that integrates with MS Office, is just as important as backing up your email. One reason organizations love O365 is that it increases mobility; employees can easily work and collaborate with one another remotely. But, this increases the chance of data loss or theft which back ups can help protect against.
Consider the 2016 Cerber ransomware attack on O365; before Microsoft could contain the malicious file, many subscribers had already been infected. Organizations with backup were able to simply restore their files to the moment before the attack occurred, while those without backup had to pay the ransom (it’s estimated that these criminals earned $2.3 million from just the .3% of organizations that paid) or attempt to move on.
Not testing your backup plan.
If you’ve already got a backup plan in place, you’re off to a good start. However, too many organizations fail to properly understand and test their plan. For example, do you know what your RTO and RPO is? If you’ve properly tested your backup plan, these numbers should roll off your tongue. If not, here’s a refresher:
- RTO is your Recovery Time Objective. This is the targeted duration of time within which a business process must be restored (for example, within 24 hours)
- RPO is your Recovery Point Objective. It refers to the amount of data at risk, meaning the amount of data that could potentially be lost. (for example, a RPO of 15 minutes, means that a maximum of 15 minutes would pass between a backup and a disastrous event)
A good backup DR plan will have aggressive recovery speeds and follow a Continuous Data Protection (CDP) model versus periodic backups.
Backup is the core of an effective disaster recovery plan. Today, over 50 percent of small businesses report that it would take three or more months to recover following a disaster; it’s probably not a coincidence, then, that approximately 50 percent of small businesses also never reopen in the aftermath of a disaster. Don’t make the mistake of thinking your data is safe just because you’ve invested in Microsoft Office 365; you still need a proper disaster recovery plan to ensure the safety and security of your most critical data.