Balancing Office 365 Vulnerabilities with the cloud and a human touch

Data is the lifeblood of the modern enterprise. It is an abundant and essential resource, which never depletes nor wears out, yet it is becoming increasingly valuable over time. Every day, thousands of organisations place their trust in Microsoft Office 365 to be the guardian of business-critical data, from vital emails to customer data and sensitive documents. Whilst Office 365 is a robust and sophisticated software, its limitations are widely acknowledged. Where the Microsoft technology falters, human input and third-party solutions are needed to achieve maximum data security.

Regardless of how accustomed we are to seeing Office docs on our desktops, we often forget that Office 365 is a cloud-based set of applications. On average, more than half a company’s sensitive data is present in Office documents, which are broadly shared by employees over a variety of devices. In response, the market is flooded with Office 365 back-up products to choose.

A point in time saves nine  

Because it’s based in the cloud, Office 365 is frequently updated with new security features such as it point-in-time recovery. If business files or documents hosted on OneDrive are wrongly deleted, they can be recovered within a 30-day time frame. However, while point-in-time recovery is able to resurrect server files and documents, it is extremely difficult to salvage email chains and restore Exchange mailboxeOffs back to their original state.

While Microsoft makes copies of these documents and mailboxes, the duplicates are only in place to serve in a major catastrophic data loss, such as a natural disaster or widespread power outage. This means Microsoft doesn’t typically restore files if the loss is the customer’s fault. Microsoft classifies human error, problematic error, malicious insiders, external hackers and viruses all as the customers responsibility.  Unfortunately, these threats contribute to the majority of cases for data loss.

In reality, a 30-day recovery period is insufficient for organizations that retain non-critical data for a period of two years as company policy. This is in addition to ATO’s requirements for businesses to keep taxation records on file for five years after creation.

Get into the weeds of your back-up plan

In its infancy Office 365 back-up capabilities were limited. Still to this day, its backup features don’t effectively protect all aspects of an application, leaving it up to customers identify what’s vulnerable.  Most organisations require full backup protection for Exchange Online, SharePoint Online and OneDrive for Business as the main locations for their data.  In the event of a loss, these programs may retain the data in a recycling bin for users to “dumpster dive” and manually fish out thousands of files one at a time.

3-2-1 recover

Knowing where data resides is a critical aspect when selecting a data platform.  Some products will directly funnel back-ups to an on-premise data centre. Others will leverage cloud resources. Because so many applications live in public clouds, many  back-ups are fast-tracked to an on-premise data centre where latency lives. It is important that individuals back up data to a separate cloud, keeping traffic away from the network and freeing organisations from the cost and hassle of the maintenance of on-premise servers.

One way to solve this problem and others is to follow by the 3-2-1 rule. This means making two copies of the data leaving the original data plus two back-ups, one of which should be saved on-premise for ease of access, with the other two being saved off-site in case of a data centre disaster. Not only does this approach ensure optimum protection, it also eliminates congestion and accelerates network speed.

The contribution of Microsoft Office 365 to many organisations cannot be underestimated. Despite its stability and consistency, businesses need to be aware that this is not a box-ready, once-size-fits-all solution and should be backed up consistently. Evaluating the solutions to these problems can be tricky as the market is becoming more saturated with back-up products, in response, business owners must become data managers to maintain a secure and compliant business environment.