Microsoft 365 backup: all you need to know
The beginning of a security mindset is to acknowledge that there is no such thing as 100 percent security in the cloud. When you operate from that understanding, then your defenses are up, and your offense game is on.
Here is a summary of actions you can take to get started on a path to better data protection in Office 365. They are not listed in order of priority, so use them as you see fit in your awareness campaigns, budget discussions, and backup vendor conversations.
Microsoft is not responsible for backup — you are
A common misconception people have about the value of using Office 365 is that there is no need to back up data because Microsoft does all that work.
In a software-as-a-service (SaaS) solution like Office 365, Microsoft is responsible for maintaining the global infrastructure to keep its services running. You, on the other hand, are responsible for maintaining and protecting the data you store in Office 365. You don’t own, nor do you have access to, the replicas Microsoft creates for redundancy purposes. To make copies of your data and store those copies in a separate location, you need to implement a backup and recovery strategy using a third-party solution.
Data loss is costly
When people you talk to start balking at the cost of implementing a third-party backup solution, remind them that a Verizon report suggests that “small” data breaches can cost as much as half a million dollars while “large” data breaches can top at $200 million.
If your business comes to a standstill because of data loss, then you also must think about the cost of downtime. A study from Information Technology Intelligence Consulting Research concluded that the average cost of a one-hour downtime is $100,000. That is assuming you are not one of the 33 percent of survey respondents who reported that a one-hour downtime costs them $1–5 million!
Beyond dollars and cents, data loss harms your organization’s reputation. It is hard to quantify the monetary impacts of reputation damage, but I’m sure you don’t want to find out.
For such high stakes, it does not take much to avoid the pitfalls of data loss. There is no shortage of backup solution vendors today, so engage one of them and save yourself a lot of grief.
Office 365 has backup gaps
You cannot do much about the tendency of human beings to make mistakes, but you can help ensure that when mistakes happen, you’ll recover quickly and minimize the harm done.
More disturbing than human error, however, is the malicious intent of bad actors, internally and externally, to wreak havoc in your environment. Stolen data is much more insidious than deleted data, so make sure you have controls in place to prevent that from happening.
Understand the purpose of retention policies (Hint: It is not to make backup copies) so you can address this gap. If you must meet compliance requirements regarding retention, data protection, and data privacy, then that is even more reason to start vetting your backup vendors today.
Finally, do not forget data in on-premises environments. That is usually a forgotten data source but may just be as important as data in Office 365.
Compliance is real and should be taken seriously
Thompson Reuters, in its 2019 “Cost of Compliance” report, states that there are now more than 1,000 regulatory bodies worldwide that send out more than 200 regulatory updates every day.
Predictions for the next ten years related to compliance point to continuing regulatory changes and an enhanced role for compliance in business. Undoubtedly, the IT team will play a role in this new normal. So, if you are still fighting the compliance mandate, give it up and fall in line. It is your responsibility as a data owner to govern your company data and ensure they meet compliance requirements.
One of the most anticipated changes in the compliance world is the automation of compliance activities. While that is evolving, there is something you can do today to enhance your compliance strategy: Use a third-party backup solution to protect your data in Office 365. For starters, you can increase the scope of your eDiscovery content without spending a ton of money integrating other eDiscovery tools or ingesting content into Office 365. The way to do that is to leverage third-party backup tools.
Bad actors want to enlist your end-users
Pixel-perfect fake login screens, socially-engineered phishing emails, and malicious links embedded in an innocent document or email are just a few of the tricks hackers use to get your end-users to give up their credentials and compromise your environment. What that means, then, is that the effort to build a culture of security and ongoing awareness campaigns need not stop either. Phishing and spoofing campaigns are successful only if end-users fall for them, so help your end-users not play a part in breaching your environment. Remember, even IT professionals fall for these scams. No one is immune.