Why Should I not Rely on Microsoft Office 365 for Backup and Recovery?
To function, your organization relies on an infrastructure of systems, applications, and data. What happens if you instantly lose access to any of these things? For many companies, it would lead to a domino effect of profit loss, compliance issues, PR nightmares, and customer churn. Nonetheless, disasters are unpredictable.
At a minimum, you face an immediate crisis that will negatively impact your productivity and profitability. At the other extreme, depending upon the level of your protection and availability of recovered data, your business may have to cease operations permanently.
What about data loss?
Anyone who has ever used a computer of any kind fears these dirty words: Data loss. If only—as discussed in more detail below—your computer would scream that at you or flash it across the screen when it occurs.
There are several potential causes of data loss, to which even the most cautious, responsible, and proactive businesses are susceptible.
Regardless of how careful and conscientious you may be in protecting your IT resources, no one out there can control the consequences of a natural disaster. One massive storm, a flood, a lightning strike resulting in a fire, and your data/hardware/IT are at risk.
Another genuine threat to your data and systems are threat actors. According to Verizon’s 2019 Data Breach Investigations Report, cyberattacks on small businesses represented the largest share of all the attacks. And do you want to hear an even more disturbing stat? According to the U.S. National Cyber Security Alliance, approximately 60% of small businesses that suffer a cyber attack are out of business within six months.
It is not just cyber-attackers who can wreak havoc. There are two categories:
- Disgruntled former employees who may decide to steal or leak company data.
- Well-meaning, otherwise-responsible employees who inadvertently fall victim to a phishing attack.
- Physical theft of devices.
What about a hardware failure or system crash? As mentioned above, in this day and age, most of you are prepared for that, and already have—or think you have—systems in place, not just to protect against hardware failure (such as surge protectors, cooling systems, and the like), but also for backup and recovery in the event of a loss. With cloud-based storage, substantial technological advances have been made in this arena. But depending on what applications you are using, you may not be nearly as covered as you think.
Typically, you may already have a general understanding of backup. However, just as a refresher, the purpose of backup (as opposed to recovery) is to create copies of data so that when your primary data fails/is lost, you can recover the copied data (i.e., the backup). It would be best if you did this via a different medium using a device as simple as a thumb drive (USB stick) or an external drive to something designed for more significant amounts of data, such as tape storage, LAN (Local Area Network) storage, and cloud storage.
There are three main types of backup methods:
Full backup is as the name implies: A complete copy of all files and folders. This requires the most storage, as well as uses much network bandwidth. Further, it also provides for the quickest restore time in the event of a loss.
This method of backup requires that at least one full backup is made initially. After that, though, only data that has changed will be backed up again. Incremental backups take up the least amount of space and network bandwidth, but if called upon to restore an entire system, are the most time-consuming.
As you may have suspected, differential backup represents the middle ground of backups. It backs up changes since the most recent full backup (as opposed to the most recent incremental backup). To restore, you need only the latest full backup and the latest differential backup. Differential backup takes up less space than total but more than full backup. And differential backup takes less time to restore than incremental, but a bit longer than full backup.
Disaster Recovery (DR)
In the world of IT, disaster recovery has a much different meaning than, say, cleaning up after a hurricane or earthquake. Understanding disaster recovery—and its tremendous importance for every business of any size—is critical. According to Technopedia, backup and recovery is defined as follows:
Backup and recovery refers to the process of backing up data in case of a loss and setting up systems that allow that data recovery due to data loss. Backing up data requires copying and archiving computer data, so that it is accessible in case of data deletion or corruption. Data from an earlier time may only be recovered if it has been backed up.
Consider a disaster recovery plan as a type of insurance policy. Yet, as with insurance, you have to have it in place before disaster strikes. Insurance cannot replace data and applications that are already lost.
What about the customer experience?
Your customers have a set of expectations that are important to meet. If you do not have proven backup and recovery services in place, if your company has a prolonged system shutdown, you could lose your clients to a competitor. The quicker you can get up and running, the more satisfied your customers will be.
There isn’t an organization completely immune to the potential risk of losing access to their systems and data. Deploying the right backup and recovery procedures can ensure the loss is a minor or temporary issue, and restore your normal operations rapidly. There are three things to keep in mind:
- Any system can crash.
- Any human can make errors.
- Disasters can occur unexpectedly.
Therefore, backup and recovery are critical aspects of running a successful and efficient organization. Plan head before the worst happens. If you don’t have the right backup systems in place, backup and recovery becomes challenging and can result in data loss if an unexpected disaster takes place.
Why you should not rely on Microsoft Office 365 for backup or recovery
In October of 2019, Office 365 reached the 200 million mark in monthly active users. And by 2020, over a million companies were using Office 365, with over 650,000 of those being in the U.S. As evidenced by these kinds of numbers, there is no doubt that Microsoft is a great product, both for individuals as well as large businesses and small. Just think of how often you access one or more of the following in your personal and work-life: Word, Outlook, Excel, PowerPoint, Microsoft Teams, OneDrive, OneNote, or SharePoint.
But many consumers assume that Microsoft’s backup and recovery guarantees it will prevent data loss with backup and facilitate data recovery. Many users assume that every tidbit of their Office 365 data is safe and sound in the cloud, and if/when disaster strikes; it can be readily and easily recovered. That is not necessarily true. And even if you can retrieve your data, the process may not be that simple without the aid of Office 365 services.
It is vital to understand that there are retention expiration dates with Office 365. For instance, Microsoft maintains a backup of your Office 365 data for 14 days and your mailboxes for thirty. Research indicates that the average time it takes a company to discover a data breach is over six months.
Office 365 does now offer the option of incorporating retention policies, wherein you can use an optional feature called Preservation Lock. What does Preservation Lock mean? It means that once your retention policies are set, the following rules occur:
- No one can modify or delete your retention policies.
- No one can change or add locations.
- You cannot decrease the retention time, but you can create an extension.
Still, the overview alone is twenty-five pages. And with the variety of options in this tool--misconfigure just one, and you may not attain the intended added protection after all.
Next, let’s consider the standard “3-2-1” backup rules. This is a widely-accepted recovery methodology designed to ensure that your data is adequately backed up and protected, including that your backup data is available when needed. In fact, the “3-2-1” rules are depicted as follows:
- Three copies of data—the original and at least two backups.
- Two different storage types for the backed-up data (i.e., removable storage drive, internal hard drive, external hard drive, or cloud backup).
- One copy offsite (i.e., in an offsite or remote location to ensure that any geographical disaster does not affect all data copies).
Perhaps most telling is Microsoft’s verbiage in their Service Agreement as quoted below:
The Services, Third-Party Apps and Services, or material or products offered through the Services may be unavailable from time to time, maybe offered for a limited time, or may vary depending on your region or device.
We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages. Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you hold on the Services or store using Third-Party Apps and Services.
To ensure your business continuity in the event of a natural or human-induced disaster, it is imperative to implement a disaster recovery plan in place now. You can accomplish this quickly, easily, and cost-effectively by partnering with a reliable backup and recovery services vendor like SSI.