There’s been a surge in the use of remote working tools in the wake of COVID-19.
Microsoft reported a 775% increase in demand for certain cloud services in regions1 affected by social distancing enforcement. As a new world of work emerges, security becomes critical and cannot be taken for granted. Cloud brings huge benefits in terms of mobility and flexibility, but the first issue to come to terms with is whether your data is secure.
One of the more mature applications is email, particularly web-based mail. Microsoft’s cloud-based suite of productivity applications, Microsoft 365, has gained strong traction in recent years, because it integrates email, document generation and productivity tools. But you remain responsible for disaster recovery and backup of your data.
While dependence on Microsoft 365 has grown, IT specialists are increasingly aware of their responsibility to back up data. Even though your data is housed in the cloud, it is not safe from user error or network failure resulting in accidental deletion or corruption.
The bottom line? Microsoft servers are highly secured – its drives are encrypted with BitLocker technology, and all engineer activity is controlled, logged and audited. But once the data is on your network or machine, it logically becomes your responsibility. By the same token, all the information you gather from your personnel and customers is also your responsibility.
In terms of security, Microsoft accepts responsibility for securing the physical infrastructure, app-level security, logical security and controls for users and administrators, while you are responsible for defending against internal and external threats. These include:
- Accidental deletion
- Malicious insiders
- Employee retaliation
- Evidence tampering
- Rogue apps, backdoors and compromised upgrades
Many users believe that Microsoft 365’s native recycle bins and version histories provide a form of backup. But items in the Outlook’s recoverable items folder are deleted after 30 days, and SharePoint Online and OneDrive for Business items disappear from the recycle bin after 93 days. Version histories depend on the user rather than the internal IT department.
Certain industries, such as financial services, healthcare, retail and government, have stringent data retention regulations, and these differ between Eurozone, the UK, and the US. In a hybrid cloud environment, or a blended environment of on-premises and cloud, as in the case of mergers and acquisitions where different groups use different versions of email and collaboration suites, data protection can be more challenging. Without backup, organisations are locked in to one vendor, and are not in complete control of their data.
The deep insight? Just because Microsoft has availability SLAs, these should not be inferred to provide backup strategies.
The best solution? Global research house IDC recommends all Microsoft 365 users investigate third-party archiving tools that provide a disaster recovery alternative for Microsoft 365 Exchange Online, in addition to email governance and compliance capabilities.
“An enterprise-grade backup strategy can give enterprises an option to recover from security breaches by using granular recovery.”
– IDC white paper “Why Backup Office 365”, publ. 2019.
With decades of experience in backup and recovery, CANCOM recommends Veeam Backup for Microsoft 365. This enterprise-grade software fulfils all the requirements outlined above, including incremental backup, regulatory compliance and ease of reporting.
Speak to a CANCOM backup and recovery expert today for sound advice on how to secure Microsoft 365.
WANT TO KNOW MORE?
1Microsoft: Cloud services demand up; prioritization rules in place due to COVID-19; ZDNet, March 29 2020