Microsoft Office 365 has become the core communications and collaboration service for businesses today. Its bundle of services provides an integrated, single solution for many common workplace functions. With over 180 million users, it offers anytime, anywhere access to your data in a secure manner with an excellent track record of performance.
However, even though Office 365 provides a high degree of security overall, you still need to make sure your data is maintained with the correct controls for your specific circumstances. One area that many companies are supplementing the core Office 365 solution is with a third party back-up of the data.
While cloud as a platform – and Office 365 – is secure, there is still a shared responsibility to keep it secure. Much like on-premise Microsoft Office, Office 365 is similar in its approach to the security of your data – in other words, there is no built-in backup tool for either. Historically, backup for on-premise Microsoft Office has always been provided by a third-party and the same holds true for Office 365. Microsoft’s focus is on operational uptime, illustrated with its 99.99% availability guarantee which it exceeds regularly. Microsoft also goes to great lengths to ensure that it will never lose your data. There are multiple layers of redundancy and mirroring of your data in a way that makes it the most reliable solution on the market.
There are multiple layers of protection of your data in Office 365. Unlimited archiving and very large storage containers allow you to keep as much data as you want. For sensitive data or content that requires special attention, there are multiple features available in some or all of the licenses including:
If Microsoft is securely taking care of your data, you’re good to go, right? Wrong. Microsoft does its part to keep your data safe and offers multiple ways to protect your most sensitive data. But it can only do so much to protect you from your users and their actions.
Here are some of the common scenarios that are not protected within Office 365:
1. Data Deletion
Users delete data all the time, and not necessarily maliciously. We have seen many cases where a user deletes a file, a folder or even a library. The recycle bin will protect you when a deletion is noticed immediately, but after time, that bin is emptied, and data is lost forever.
If a user is infected with ransomware, it’s possible that the malicious code could spread to the synced folders on that user’s machine. If this happens then large amounts of data may be corrupted. Version history can support recovering content in this scenario, but it’s typically a time consuming manual process.
3. Data retention
It’s essential that your Microsoft Office 365 data match your company’s policy on data retention. For example, if your company requires a 7-year data retention policy, your Office 365 settings must meet this requirement. Retention policies and legal hold are available in Office 365, but the deployment can easily overlook critical content.
When it comes to modern compliance requirements, redundant data backups are critical. You’ll want to make sure you know what’s required of your industry’s regulations, and make sure you have backup methods in place to meet them. Some industries mandate a discrete back-up of data which would automatically force a back-up solution.
The key is in finding the right backup solution to augment Microsoft Office 365’s capabilities.
Look for one that includes:
Complete Solution: Make sure your back-up solution supports all of the workloads that you are using in Office 365. This includes Exchange (e-mail), OneDrive, SharePoint, and especially Teams. Support for Teams is relatively and not all providers fully support it yet.
Timely and regular backups: A good back-up solution has the ability to save your files multiple times per day and provide various options for how long you store the data. For example, you may want daily back-ups for up to two weeks, then weekly for up to six months, and then annually for up to five years. Being able to adjust your retention cycles smartly will save storage costs over the long run.
Securely Preserved: Where your backed-up data is kept is important. Most services offer to save data in their cloud and many also allow you to “bring-your-own-storage” enabling you to choose where your data is stored. This is our preference so you always control where your data is, whether it’s in your data center or a public cloud service like Amazon or Azure.
Compliant Services: If you choose to allow your provider to store your data, make sure they disclose where it is and ensure it meets your compliance requirements. For example, companies that have ITAR data must ensure all versions of its data are within the US and are not accessible by non-US persons.
At the end of the day, businesses are responsible for protecting their own Software-as-a-Service (SaaS) data. Cloud-to-cloud backup applications like a Backup Solution for Office 356 is the only way you can be sure that you’ll be able to restore deleted or corrupted cloud-based data.
Bottom line? By shoring up your Office 365 capabilities, you can enjoy the convenience of the Cloud delivered by Microsoft, and keep your data safe. Interested in learning more? Get in touch with our team at (571) 384-7950 or firstname.lastname@example.org today.
In the meantime, keep up with the latest News and Information in IT today. We publish new regularly across a range of IT topics.
Bill Wootton is the Founder and President of C3 Integrated Solutions, a full-service IT provider based in Arlington, VA that specializes in securing our nation’s Defense Industrial Base through cloud-based solutions and industry leading partners. Bill is passionate about bringing cyber-awareness, and cyber-maturity to the nation’s Defense Industrial Base, working with clients to help them achieve CMMC and NIST 800-171 compliance by providing MSP, security and Office 365 integration services.