Does your Microsoft 365 need to be protected?
As organizations move to fully embrace cloud, the significant benefits of running IT infrastructure via cloud services are becoming even more evident. Not only do cloud-based services come at a far lower cost than physical platforms and deployments, IT leaders are also able to side-step much of the risk and 'heavy lifting' around tech investment and maintenance by moving this out of local data centers. They can also enjoy expert third-party systems management and reliable service delivery, without having to give up much of the control for end users.
Microsoft 365 is a great case in point. The procurement model for this ever-expanding suite of high-quality IT services is based around a price per user. It is easily scalable as teams and organizations grow and can therefore help to optimise budgets, avoiding payment for infrastructure that may go unused. It’s also growing, with new features and functionality added every day that will keep IT departments at the cutting edge of optimal business processes.
What exactly does Microsoft back up?
Where some SaaS providers cover everything in terms of data back-up and recovery, others leave the responsibility entirely, or at least in part, to the customer. So, it is important to be aware of the shared responsibility model of cloud services like Microsoft 365 and to understand the customer’s role in data protection and in ensuring a solid strategy for optimal business continuity. Also, organizations need to be aware of what they can expect if some or all of their data is deleted or lost.
In the case of Microsoft, the service extends to providing global infrastructure, data replication, recycle bin, infrastructure level security and undertaking the central role as 'data processor'. Here, the role of the customer is 'data ownership', where it is the customer’s responsibility to ensure adequate access and control of their Microsoft 365 data and to maintain retention and backup of that data.
Essentially this is all about business continuity planning and understanding roles and responsibilities of the customer versus the vendor. It is the responsibility of the business to understand the gaps that Microsoft does not cover and to have solid back up provisions in place to ensure vital resources are protected for optimal recovery.
To ensure adequate protection, many businesses are turning to data protection experts who provide comprehensive mitigation planning and the fastest, most reliable, data protection service available. By adopting a secure infrastructure platform for hosting, protection and recovery, IT leaders can simplify security and ensure optimal connectivity and cloud services that will drive growth and take the business to the next level.
So, what are the top five reasons to back-up your business?
1. Accidental deletion
Incidents involving insider threats have increased 44 percent since 2020, according to Ponemon Institute's 2022 Cost of Insider Threats report. The average cost per breach was $15.38 million.
If a user is deleted accidentally, the deletion is replicated network-wide. Here, a back-up can restore the user, either to the on-premises Exchange or Microsoft 365.
Customization is an important part of the service of any SaaS provider. Back-up can cover for Exchange, SharePoint, One Drive and Teams. An ideal default is to back-up every 24 hours at least, but IT leaders should assess and customize this according to their unique organizational needs and timings, and even tailor it for a specific subset of users within the business.
2. Internal Security Threats
Many businesses unwittingly experience threats from the inside, as users of Microsoft 365 tend to have broader data access than they do in a normal infrastructure environment, opening business to the vulnerability of 'malicious insiders'.
In fact, 'privilege misuse' is the second-most prevalent cause of cyber security incidents today. Often, employee misuse of personal laptops for work and professional laptops for other purposes can create room for error and data loss.
3. Retention gaps
Often organizations are unaware that they can’t access critical data until some time down the line. This is more prevalent in Microsoft 365 than it is on other providers and it’s important to remember that Microsoft 365 offers retention not back-up.
The average length of time from data compromise to discovery is over 140 days on Microsoft 365, yet default settings only protect for 30-90 days.
Here it is crucial for IT leaders to plan ahead -- to ensure multiple copies of data so this can be restored to the point in time required and to test the DR and back-up regularly to see how successful it is for the organization. A back-up provides longer, more accessible retention, all protected and stored in one place for easy recovery.
In terms of SaaS providers, always look into storage and retention policies. The ideal partner will offer unlimited encrypted storage and retention.
4. External Security Threats
Malware and viruses have done serious damage to organizations globally and ransomware attacks have doubled in the UK in the past year alone. This extends to Microsoft 365, where brand impersonation emails can trick users into sharing personal information which permit their emails to then be encrypted.
A back-up can simplify recovery, easily restoring mailboxes to a specific instance before the attack.
5. Legal & Compliance
It is critical for organizations to be able to access vital data as it is required, be it to meet compliance needs or for other legal reasons. If a lawsuit occurs and an employee has left the company with that data, the ability to access old data will be essential.
Having a high-grade recovery solution mitigates the risk of critical data being lost or destroyed. The right kind of provider will enable organizations to restore Microsoft 365 data for a specific user in place or to keep a copy. It will also enable organizations to access a specific inbox to export an entire inbox as a PST file to share with the relevant people.
Microsoft 365 is helping businesses to work far better for less, and cloud-based services are driving transformation. But with cyberattacks now commonplace, the move to cloud, the continual expansion of networks to remote workforces and varying levels of user capability and access, there are key questions around data protection, disaster recovery and back-up that must be considered.
After the last two years of turmoil, business continuity has today become a pertinent consideration for every organization. With the right partners and providers, IT leaders can minimize the threat of data loss and optimise the high-quality business tools and systems that are driving competitive advantage and digital transformation at pace.
Sam Woodcock is Senior Director of Cloud Strategy, iland