Microsoft Office 365 prides itself on enabling dynamic, collaborative workplaces for its customers. Industry-leading security measures and attention to privacy, compliance, and accessibility support the robust functionality of the cloud productivity suite. Even so, research shows that data loss and protection are still major concerns for most businesses migrating to the cloud.
Part of that worry can be alleviated by having secure backups of SaaS data and the ability to quickly restore that data to an application in the event of data loss. This post will examine a few important backup policies offered by Office 365 so that you can determine where Microsoft’s responsibilities regarding backup and recovery end—and where yours begin. Equipped with this knowledge, you can feel confident that you can fully protect Office 365 data and wield the power of the cloud without worry over data loss.
Understanding Microsoft’s backup and retention policies.
Data loss is often a major concern for Office 365 customers because Microsoft’s backup policies cannot guarantee a complete and speedy restore of lost data. Even when data is retrievable, the process is long and complicated, and retention policies vary for each application included in the cloud platform.
Applications like OneDrive and SharePoint power much of the collaboration capabilities within Office 365. However, that collaboration can be put in jeopardy when user error, hacking, sync issues, or malicious insiders cause data loss. Both apps leverage a primary and secondary recycle bin with 93-day retention periods, but these can also be emptied at any time which means that data is unretrievable.
Microsoft also recently released a OneDrive restore feature, which enables end users to roll back all of their files to a previous point in time within 30 days, but there are major limitations. Most importantly, it adds no new protection – if the data has been deleted, it cannot be restored. For the data that does still exist in OneDrive, it is an “all or none” destructive restore – which means a user has to roll back all changes made in their OneDrive account to the selected time (even the intended changes) — instead of being able to limit the changes to certain files and folders.
Exchange Online also has its own retention policies. By default, deleted emails go into the Deleted Items folder. Once they are purged from this (or if a customer hard- deletes Exchange items), they are sent to a secondary “Recoverable Items” folder, which has a 14-day default retention period (can be extended to 30 days). And while this may sound like the answer to all your backup and retention hopes and dreams, consider this:
- Retention policies and capabilities vary from service to service within Office 365, and new services like Microsoft Teams often don’t have similar safeguards available.
- Policies are always evolving and tend to be very complicated. If you aren’t constantly monitoring your organization’s data and investing time to understand the complex landscape, it’s easy for things – like critical data – to fall through the cracks.
- Office 365 backup and retention policies can only protect you from data loss in very limited scenarios, and can’t take the place of 3rd party backup solutions.
Backup and retention policies are not a substitute for a complete backup and restore solution.
Even more importantly, Microsoft’s policies are not designed so that customers have direct access to backed up data with the ability to easily restore it. According to Microsoft MVP Brien Posey:
“The sad truth is that you might not have as many options for restoring your data as you might think. As such, it is critically important to understand your options for disaster recovery in an Office 365 environment...Microsoft’s primary mechanisms for protecting Office 365-based Exchange Servers are geographically distributed Database Availability Groups. Microsoft says they also perform traditional backups of Office 365 servers. However, those backups are used for internal purposes only if they experienced a catastrophic event that wiped out large volumes of customer data…This can be a bit disheartening, because item-level recovery alone is often inadequate. Item-level recovery protects an organization against deleting items such as messages or mailboxes, but it does not allow for the recovery of a corrupt mailbox. Neither is there a provision for reverting a mailbox server to an earlier point in time (such as might be necessary if a virus corrupted all the mailboxes on a server). The Office 365 service-level agreement addresses availability, not recoverability.”
Microsoft does all they can to put safeguards in place so that their customers don’t lose data. But the bottom line is, Microsoft Office 365 does not specialize in data backup and recovery. Ultimately, you are responsible for these activities in order to keep your organization’s data safe in the cloud.
Get fully protected with Spanning Backup for Office 365.
A staggering 60% of companies that lose critical data shut down within six months of the loss. Data loss, and the worry that surrounds it, can be easily avoided by pairing Office 365 with a complete backup and recovery solution.
Instead of spending countless hours searching for a misplaced file or attempting to recreate a deleted document, why not just restore the data with a simple tool and get back to work in a matter of clicks? Instead of managing and configuring several settings for deleted items, recoverable items, and more for each application within Office 365, you can easily ensure that all data in Office 365 is backed up (for good) and recoverable with a complete cloud-to-cloud backup solution like Spanning Backup.
Automated, daily backup; free, unlimited storage; and simple search and restore mean you never have to risk data loss due to an unexpected purge or top causes of SaaS data loss, including human error, sync error, malicious insiders, and hacking.
For more information, read Four Key Facts About Office 365 and Sharepoint Backup and Data Protection for Office 365 now Available for SharePoint Online.
This is a Security Bloggers Network syndicated blog post authored by Andy Rouse. Read the original post at: Spanning