Data brings insight and shapes meaning in business, and data itself is increasingly regulated and subject to compliance.
UK-based companies dealing with US companies need to take Sarbanes-Oxley into account, as well as industry-specific legislation such as The Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), the Federal Financial Institutions Examination Council (FFIEC), and the Federal Information Security Management Act (FISMA).
Post-Brexit, Euro-zone regulations (especially GDPR) still need to be complied with when dealing with countries across the Channel. At the same time, specific local regulations – like the Health and Social Care Network (HSCN) and IASME – add their own complexity.
When it comes to digital assets, industry regulations demand reliable backup, prevention of tampering, and ease of recovery. Legally, companies need to allow for e-discovery, and this could include email trails that go back decades. This is why more and more companies are looking for better solutions than manual processes on legacy or ad-hoc cloud systems to protect their data.
The main threats inside your organisation are:
- Accidental deletion
- Malicious insiders
- Employee retaliation
- Evidence tampering
And externally, you need to guard against:
- Rogue apps, backdoors and compromised upgrades
Microsoft 365 is a valuable service, but most IT professionals are not aware that backup and disaster recovery is not part of it.
In 2019, IDC1 interviewed Microsoft 365 users; six in ten said that they do not have a data protection plan, or that they rely on Microsoft’s native capabilities. The report says: “Without data protection extended to SaaS, enterprises are exposing O365 data to compliance issues, data loss, security vulnerabilities, and business continuity risks. In addition, integrating SaaS into enterprise data protection can help unify data management and develop a foundation to become data-driven.”
The chief recommendation? Users of Microsoft 365 should:
- Deploy a third-party backup tool for faster and more flexible recovery and damage control after serious attacks.
- For heavily regulated and litigated organisations, adopt a third-party email archiving tool to recover from potential extended Exchange Online outages.
THE CANCOM SOLUTION
CANCOM recommends Veeam Backup for Microsoft Windows because Veeam delivers advanced solutions that ensure compliance and security, and that:
- Perform security scans before exposing data back into production environments, ensuring all workloads are free of viruses or ransomware.
- Isolate testing for new patches and upgrades to enable hassle-free testing without production impact.
- Assure compliance mandates are adhered to, including GDPR and CCPA, through Staged Restore capabilities.
- Ensure compliance requirements, with rigorous reporting and actionable documentation.
THE BOTTOM LINE?
"While O365 is fast becoming the center of business productivity, a backup and recovery strategy is an afterthought. Relying on Microsoft's native backup capabilities and infrastructure-level uptime features is a risky strategy because, regardless of where the data is, it is the company's responsibility,"
– Archana Venkatraman, research manager, IDC European Datacenter.
WANT TO KNOW MORE?