“With 2020 marking an accelerated migration to cloud, the reliance on services such as O365 has become almost ubiquitous. Microsoft Teams alone has grown 475% to 115 million active daily users at the start of 2021.
In the rush to the cloud, however, there seems to have been a clear oversight in protecting the data that is sent to the cloud. Companies seem to trust that the data they put into cloud services is safe. However, this is not the case.
Accidental deletion as well as malicious and ex-employee deletion of data is a real thing. Over more than a decade of being a backup engineer I could not tell you the amount of times we have needed to restore data for a customer where an employee went on a deletion spree on the way out the door. Then add in the fact that 69% percent of companies in 2018 suffered some sort of malware attack according to IDC research.
Company managers need to keep in mind that they are the owners of their company data. Putting it in the cloud only changes its storage location – not the responsibility of data compliance. As more and more data is sent to the cloud, this becomes more of a problem. With SharePoint and OneDrive becoming the de facto “File Servers” for many companies, Managers and compliance officers need to remember their retention policy and apply it to data in the cloud, as they would for on-site data. Microsoft will only keep retention for 30-90 days so the question becomes:
Would 90 days of onsite backups have been ok for your Exchange server and file server when you ran them on-site, with no month-end or year-end backups?
The reply I would have received had I proposed such short retention to my customers would be 100% “No that is not ok” – it would not meet the vast majority of data retention policies.
Does Microsoft back up my Office 365 data?
Microsoft’s own documentation shows this shared responsibility model where data is the sole responsibility of the customer:
You can clearly see data is at the top of the list of things Microsoft do not hold accountability for, and rightfully so. Microsoft is not in the wrong here. They should not be responsible for the protection of your data. And they very clearly state this. Microsoft provides a very good service with robust availability of the service and access to the data stored in it. But if your employees delete data or malware encrypts it, then you will find yourself needing a backup to restore your data.
How to back up my Office 365 data
It’s up to you to secure your data, O365 provides a place to store and work with your data. Much like a physical warehouse, but I have never seen a warehouse unsecured without any alarm or insurance in case of loss.
Enterprise backup solutions for O365 such as the Veeam backup offering also covers hybrid solution backup. So mailboxes in the cloud and on-premises can be protected with a single backup job. This allows for restore to both onsite and O365.
This flexibility in restore as well as in backup storage allows the customer to control their own data.
One can restore mailboxes that were previously migrated to O365 into their onsite Exchange server for quick access of a long-deleted mailbox, for example.
Backing up O365 data with Veeam allows for the retention to be stored on local disk or in cloud such as S3 and Azure storage, this allows for a cloud-to-cloud setup to split the backup data out to another provider to give you separation in your data protection.
S3 object storage hosted in service providers such as Evros’ S3 as a service, offer a cost per GB model that gives customers with Veeam deployed on their own site the ability to store the backup in the cloud while a fully managed O365 backup service from Evros based on Veeam Software and in house S3 Cloudian storage provides full backup as a service for O365 data.
This service includes Software, Storage and management in one easy to consume cost per user per month basis.
Mail, SharePoint, One Drive and Teams are supported in Veeam backup for O365.
This gives restore options for all types of data in O365.
In closing I would like to simply remind people that the cloud is just YOUR data in someone else’s datacentre. You need to protect it like any other company data.”