Tyrone Kleynhans
Technologist - Data Management
Microsoft 365 – Backing up your data securely
According to Microsoft’s Digital Defense Report 2022, cybercrime continued to rise with increases in random and targeted ransomware attacks. The report also revealed that 44 percent of organisations compromised lacked immutable backups and 92 percent failed to implement effective data loss prevention controls to mitigate risks, leading to critical data loss.
Cybersecurity Ventures estimates that organisations suffered a ransomware attack every 11 seconds in 2021- and predict there will be a new attack on a consumer or organisation every two seconds by 2031.
To protect themselves, organisations must maintain a strong security posture by strengthening identity controls, security operations, and by implementing effective data protection strategies.
Microsoft 365 is a prime target for cyberattacks, so here’s an overview of what to consider, how to backup your data securely, and why it is of critical importance…
Why backup Microsoft 365
Microsoft 365 is a cloud-based subscription service that provides users with access to a range of productivity tools and services, including Word, Excel, PowerPoint, OneNote, Outlook, OneDrive, and Microsoft Teams.
Due to the mass adoption of Microsoft 365, along with the criticality and sensitivity of much of the content and data generated on the platform, it’s imperative to protect the data by backing it up properly.
Today, many organisations rely solely on the native capabilities of the platform, such as OneDrive, which can store and sync data. While this is part of the Microsoft 365 package and part of a file management strategy, it’s not a backup solution. If data becomes corrupted or deleted, OneDrive will simply syncronise the corruption or delete the file in real time, unlike an immutable backup service that can be configured to meet specific recovery needs.
Microsoft’s Shared Responsibility Policy states that it is the user's responsibility to protect the security of data within the cloud, recommending that you use a third-party backup solution.
Protecting critical data
When backing up data, it’s important to back up more than just user files. You’ll want to backup mailboxes, user lists, configuration data, setup and system data and anything valuable to your organisation. But before you initiate backing it up, consider conducting an internal audit of all your data.
Here are some key considerations:
3-2-1 – Storing three copies in two locations with one off-site is a sensible solution, allowing for several backups to recover missing data. This can be done annually, quarterly, weekly or daily – depending on your organisation’s needs.
Granular backup and restore– Allows users to recover a single file, email message or user data.
Compliance - specific SLAs, regulations & legislation – Keeps a record of backups and restorations, so you can prove you’re compliant.
Test restores regularly – Ensure your backups are not corrupted and data is restored correctly.
Potential risks
Not backing up your organisation's Microsoft 365 data could be damaging:
1. Lost time - Time is money, so when data isn't backed up or recoverable - you will have to start from scratch. Unrecoverable data loss in a cloud-based application can cause operational and service disruption that can impact revenue, customer confidence, and perception.
2. Cost - It’s not impossible to recover lost data, but restoring deleted, corrupted, or damaged data can be complex and expensive. While accidental deletion is the cheapest and most straightforward, logical failure or hardware damage requires special software, equipment and expertise to access and recover data. Meanwhile, victims of malware or ransomware attacks require decryption and will require professional help.
3. Financial loss - The British Chamber of Commerce found that 93% of organisations which suffer data loss for more than 10 days, file for bankruptcy within one year, with half filing immediately. Plus, research recently revealed that UK firms will pay an average cost of £4.56 million.
4. Reputational damage - It's vital your customers, patients, students or clients trust you, especially when handling their data. One survey found 46 percent of organisations suffered reputational damage as a result of a data breach.
How this is achieved
When exploring your options for a backup solution, you should consider the following features:
Air-gapped and immutable storage - This will ensure all files are stored separately and remain unchanged, protecting them from accidental or malicious deletion.
Data deduplication & encryption - This eliminates redundant data and reduces storage needs. With limited file versions available, it's easier to encrypt them and protect sensitive data from attackers.
Simplified & automated restoration process - This improves incident response, addressing security issues with little manual effort, allowing you to prioritise threats and reduce time to resolution, resulting in a clean state.
Flexible long-term retention (public and private cloud) - This provides you with more options around recovery points, allowing you to recover and restore data more successfully, reducing costs and the impact of losses.
Observability and detection of anomalous behaviours - Enables you to expertly identify a broad spectrum of complex data issues in real time.
Legal and regulatory compliance - This provides additional proof to help you avoid fines and penalties.
Granular restoration and recovery point - This helps you to choose which specific files you want to recover, reducing time, effort, and improving the user experience.
Consistent management plane - The single-pane-of-glass approach unifies the on-premises, co-location and SaaS instances, making your security more efficient and decreasing the likelihood of a breach.
Additionally, here are the main considerations when selecting a solution:
1. Protection for SaaS environment on Microsoft 365 only - In this scenario, a 3rd party backup solution independently hosted on the Microsoft Azure platform starts to make sense.
2. Protecting SaaS plus other cloud services – multi-cloud - This scenario requires a solution which supports Microsoft 365 requirements as well as other services such as Salesforce or Workday. This solution may also require storage instances hosted on separate cloud services such as AWS, Azure, or Google Cloud Platform.
3. Protection for on-premises workloads as well as SaaS and multi-cloud - Mixed workload environments are still common in most organisations today. Many organisations have succeeded in migrating to IaaS, PaaS and SaaS platforms already. Most are in the process of modernising and moving their workloads, while others cannot and will not be able to move some workloads to a hosted platform or service.
Webinar and next steps
Speak to your Softcat Account Team to arrange a discussion with one of our experienced specialists, who can assist and support you in assessing the available technologies and solutions to fit your requirements.
Join us for our Microsoft 365 webinar on 16th February where our Technologists will dive deeper into the world of backup for Microsoft 365. Click here to find out more and register.