The need for Cloud-to-Cloud Backup for Microsoft 365
It has become apparent that many Microsoft partners and consumers genuinely do not understand the need for backup and recovery services for their Office 365 deployments. Research highlighted that nearly 40% of survey respondents believed that Microsoft provides everything they need to protect their Office 365 environment.
Microsoft can provide email archiving for Office 365, but it may not be the best service in terms of features and functionality, or the most cost effective in terms of value for money.
Email archiving provides eDiscovery, regulatory compliance, and legal protection of your email data. Put simply, it captures every email that has been sent and received by your organisation, and ensures that these messages can be found and retrieved. A good archiving solution also has the following qualities:
- The archived emails and attachments cannot be changed or manipulated.
- Items can be retrieved by using clever searches grouped together or complex searches called “Tags”
- Search results can be placed into Legal Holdso that they are not purged and can be easily retrieved as needed. This feature is most often used for compliance audits, litigation, or related reasons.
- End-users are able to search and retrieve their own messages as needed, according to the policies configured by the System Administrator.
Email archiving is not a backup
Even if you have email archiving services in place, you should still maintain a backup and recovery solution for Office 365. Archiving can hold and retrieve specific messages, but it cannot restore a complete mailbox and all of its contents to a single point in time. Imagine the following scenarios:
- Somebody hacks your Office 365 account, deletes everything in your mailbox, and empties the recycle bin. This type of deletion is common during account takeover attacks, so that there is less evidence of the attack left behind.
- You accidentally delete a sub folder containing important work email and various documents (attachments). You may not notice this straight away as often you have lots of sub folders in your mailbox and this type of thing is easy to do by mistake on your phone.
- A former employee’s account was deleted and you realize you need to restore his mailbox. Using an email archiver for this task would be tedious and require multiple steps outside of the archiver.
- A cyberattack, a human error, or a catastrophic event has caused data loss in OneDrive for Business, SharePoint Online, or Microsoft Teams. Email archiving does not store this content.
Recycle bin is not a backup
Microsoft provides a recycle bin for Exchange Online, SharePoint Online and One Drive for Business – so even without an archiver there is some native protection for these items. However, the recycle bin is not a backup. Similar to a PC recycle bin or a Mac trash can, the Office 365 recycle bin is just a folder that contains items that you have deleted.
What about GDPR?
This is a great question, because even though Microsoft hosts your data in Office 365 and ensures the environment is always on, they are simply custodians of your data. The responsibility of protecting the data lies with you (the customer) because the data belongs to you.
If you have an Exchange email server, SharePoint server, or file server running in your data centre or office, you would almost certainly have it protected with a good data backup solution? You should think of your data in the cloud the same way you think of your data on-premises. Microsoft will keep the lights on and the platform running, but they are not backing up your data or archiving your messages! If you lose the data, you’re the one who will be in breach of GDPR.