How much do you really know about how your Office 365 data is stored? Microsoft provides a great service to its customers, but their main focus is on maintaining uptime and the cloud infrastructure. The implication is that you are given responsibility for your data – and there’s a common misconception that Microsoft fully backs up your data for you. Ignore this, and it could have big repercussions for any regulated business.
What does Office 365 offer?
Office 365 uses ‘geo redundancy’ – the common myth being that it’s the same as backup. Backups involve taking a historical copy of data and then storing it in another location – and you, as a business, should have full visibility and control over what’s there. If data is deleted, hacked or lost, backups mean you can quickly recover. Geo redundancy protects against system faults – infrastructure outages or crashes – meaning Office 365 users can remain productive.
In short, it provides continuity so your users never notice issues, but it can’t protect as well as independent backups against some of the biggest security threats. Here are three major reasons to use a third-party backup:
1. Accidental deletion
The average time between data loss and its discovery is over 140 days, according to Microsoft. That’s well beyond the usual length of time data is held in the recycle bin or Office 365’s version histories, for example. Worse still, if you accidentally delete a user, their account will be removed across the network, including their SharePoint site and any OneDrive data – something which, without backups, is often unrecoverable.
2. Compliance requirements
We work mainly with regulated City firms, so we know how important it is to find solutions that ensure productivity and scope, but will meet regulators’ requirements. In the event of legal action or an official complaint, you’ll need to produce evidence – emails and files. Microsoft has a couple of built-in features for this (including Litigation Hold), but they might not be enough to ensure your firm stays out of trouble. For instance, if you’ve deleted a user’s account in the meantime, you’ll have lost their on-hold mailbox, personal SharePoint and OneDrive files.
3. Security threats
It’s not always enough to educate your staff on what to look out for – suspicious emails and attachments – when it comes to cybersecurity. Phishing attacks have become commonplace and are getting increasingly harder to identify. Exchange Online’s recovery functions are limited, and shouldn’t be relied upon as your only way of restoring business data should an attack happen. Regular backups remain the fail-safe way to keep a separate copy of your data, uninfected.
We are Cybersecurity experts, specialising in helping regulated businesses manage risk. Neos-IT were one of the first licensed Veeam Cloud Service Providers in the UK, offering our clients independent backups and disaster recovery which in most cases exceeds the storage requirements imposed by industry regulators. Contact us to find out more about Office 365, Veeam and backups.