5 Critical Questions to Understanding Office 365 Data Backup

5 Critical Questions to Understanding Office 365 Data Backup


5 Critical Questions to Understanding Office 365 Data Backup

By Scott Cooper

Microsoft Office 365 is built on the premise of offering a highly reliable, available anywhere and collaborative workplace for companies of one to hundreds of thousands. Email, SharePoint, Office Suite, Teams and other tools are all available now on a subscription basis including storage and access to data via OneDrive.

Office 365 is currently being used by more than 180 Million active monthly users and in a survey of 135,000 companies by Bitglass in its 2018 Cloud Adoption Report found that 56.3% were users of Office 365. These numbers are powering Microsoft’s growth in both revenue and stock market valuation however, one not so bright spot in the Office 365 is the lack of user data backup.

  1. What is the difference between Data Protection and Data Backup?
    • Data backup is a subset of data protection. Data protection encompasses the integrity and availability of data by making sure that hardware, software and network is all in place and available to serve up data to users via applications. Data backup is a combination of frequency and retention for copies of data which can be restored if data is lost due to a myriad of circumstances.
    • In the Office 365 ecosystem, Microsoft provides data protection by providing highly redundant systems of the application, operating systems, virtualization, hardware and the network to mitigate risk to data availability due to failure, natural disaster or power related issues. While they provide data protection, they do not provide extensive data backup.
  2. What are the risks to my data in Office 365?
    • Several threats to data include human error, bad actors (hackers), malicious insiders and malware including ransomware and viruses. These threats are the reason for needing data backup in Office 365. Microsoft has already hedged the risks associated with hardware, software, network and power. It is the human related risks that they are not addressing in their offering.
  3. What options does Microsoft offer for Data Backup?
    • Microsoft Exchange Online offers some basic retention of deleted files, not including hard deleted files, which move to a Deleted Items folder. From there they are moved to Recoverable Items folder which can have retention set up to 30-days.
    • Microsoft offers a restore feature for OneDrive, but this will not restore individual files but will restore all data, not a specific item and it is only available for a rolling 30-days.
    • Microsoft offers some preservation settings which are related to archiving/retention for compliance reasons, but this is not data backup as defined above.
  4. Where does responsibility lie for Office 365?
    • As shown in the below infographic the customer is responsible for users, their data and administrating the Office 365 application including setting security.
    • img-blog-office365-customer

    • Microsoft is delivering the platform and manages the below items including redundant items to insure high availability.
    • img-blog-office365-microsoft

  5. What specific features should I be looking for in an Office 365 Data Backup solution?
    • The solution should provide for automated backups to be set for specific frequency and retention periods. These should be consistent with data governance objectives of your company and meet any legal or compliance regulations.
    • One of the limits of the Office 365 data protection plan is predominantly an all-or-nothing-approach to restoring data. The data backup solution should allow for granular, point-in-time restores of data. This will allow for quick recovery from ransomware or user error.
    • Security of the data backup solution is highly important. Data should be encrypted an allow for multiple copies in multiple locations.

Microsoft Office 365 is a great productivity tool which is more than just email. Organizations will need to make sure they understand and limit the risks associated with data protection and backup to insure their data is available to remain productive. If you have any questions about your current data backup, please don’t hesitate to contact us.

Scott Cooper is the President of Tower 23 IT, an IT outsource solution for small to medium businesses specializing in protecting client health and financial data to meet privacy, compliance and security requirements in the healthcare, legal, financial, real estate and insurance industries. Scott can be reached at scottc@Tower23IT.com or 858.877.6219.