Over 80% of organisations worldwide have switched at least some of their core IT to the cloud, and approximately half of these use Microsoft 365.
Some organisations conflate Microsoft 365 and other cloud services with backup solutions. Their assumption is that because the data is stored offsite from their own premises, this means it is protected.
As this article will detail, doing so can be a costly mistake both from the perspective of regulatory compliance, and business continuity. Increasing numbers of organisations now keep some or all of their critical data in the 365 suite including SharePoint, Teams, OneDrive and Outlook.
In the event of a ransomware attack, accidental deletion, overwriting of files, or even a compliance audit, it is vital to be able to return to a specific point in time prior to an incident occurring. The inbuilt tools within Microsoft 365 do not provide this ability.
‘Data retention’ versus ‘data backup’
According to Microsoft’s user license agreement, it provides ‘data retention’ – there is no mention of backup. In the vendor’s own words, its data retention policy does not provide backup.
The implication of this is that if data is deleted, Microsoft only retains it for a 90 day period before it is permanently erased with no potential for recovery. Worse, if files or folders are overwritten by users either in error or deliberately, then crucial data objects can be instantly lost.
Microsoft 365 and backup
The best way to think of Microsoft 365 is as a suite of collaboration tools. It allows users to efficiently share work, ensure availability, and create logical folders in SharePoint.
The crucial point to note when talking about backup is that although SharePoint and Teams files may look like archives, they are not automatically backed up to provide historical snapshots.
Compliance considerations
As well as the internal disruption that can be caused by data being overwritten, other implications can be even more undesirable. Because it is not methodically backed up or archived, files and folders hosted in Microsoft 365 do not satisfy many regional, national, or regional data retention policies.
As a consequence, a failure to backup Microsoft 365 can leave organisations exposed to data erasure or loss, either as a result of genuine user error or malicious intent. This can mean vital data cannot be provided for an audit or to satisfy a regulatory obligation. Similarly, it can lead to the loss of key financial data, contracts or product development documentation.
How to properly backup data in Microsoft 365
Because of the way Microsoft provides ‘data retention’ as opposed to backup, additional measures are required to properly backup 365 data. This ensures key documentation is not overwritten, and that compliance obligations can be met.
To plug these gaps in Microsoft 365’s native functionality, ORIIUM SaaS integrates directly with the Microsoft 365 to backup to a variety of storage targets. It can also carry out full or granular restores of protected data to protect against threats such as accidental deletion, user deletion, ransom attacks, and other service interruptions.
The solution provides further protection against Microsoft 365 or Azure outages by using an organisation’s own cloud targets or on-premise storage destinations. The process is also fully automated with no manual configuration required to setup new users – offering simple, policy-based, automatic backup. ORIIUM SaaS reduces customers’ reliance on Microsoft Azure which can experience periodic outages resulting in data being completely inaccessible.
As an additional safeguard to protect against accidental deletion, users cannot access the backup data. This ensures no accidental deletion or malicious purges can take place.
A complete solution
ORIIUM SaaS provides comprehensive protection for all Microsoft 365 data reducing cost and complexity by eliminating the need for multiple backup protection platforms.
It also provides a complete vision of all data sources including Microsoft 365, G Suite and Salesforce. To satisfy regulatory compliance obligations, it also enables long-term retention policies to be created. In the event of data loss or a ransomware attack, the solution provides a granular search, specified point-in-time recovery, and out-of-place data restore options to enable data to be redeployed out of place if required.
LEARN MORE about how ORIIUM SaaS can protect and backup your Microsoft 365 data.
