Well, sort of.
Understanding the nuances of where Microsoft takes care of your data and where it doesn’t could make a huge difference to your business.
Microsoft Office 365 touts data redundancy but this is geo redundancy, which is not the same as a backup.
A backup creates a historical copy of the data, which can be stored in multiple locations. If the production copy is lost or stolen from an attack, there is another copy of the same data protected in another location. Geo redundancy, by contrast, protects against site or hardware failure. In other words, if there is an infrastructure crash or an outage from hardware, any users on the network will remain working without a hiccup.
Maybe you are already seeing the limitations of geo redundancy compared to backup. If not, consider these:
- Internal security threats
- External security threats
- Legal and compliance requirements
- Retention policy gaps and confusion
- Managing hybrid email deployments and migrations to Office 365
First, let's talk about security.
1) Internal security threats (aka employees) might be the most compelling reason for an O365 backup plan. Microsoft does not have access to information regarding the status of the user, whether they are terminated from the business, or whether they are a regular user. Plan for employees who delete critical data before leaving, and remember even the most experienced and cautious users can accidentally leak usernames and passwords. Also consider that users might accidentally delete data as well, and without a backup strategy in place for this recovery, it can be lost forever.
2) External security threats are the most common time to discover the need for an Office 365 backup, as it becomes clear what Microsoft protects and what needs extra security. Unfortunately, it is already too late at this point to implement a plan for the disaster. External threats, like malware and viruses, can be hiding in emails and attachments, and as hackers’ methods are always changing it can be almost impossible at times to detect what is safe and what isn’t. Any business can be targeted by these attacks, and it's more common than you might think and many companies don't know they've been breached until almost a month after the original attack. Regular backups help prevent an unexpected external threat from becoming unmanageable and ensuring your customers, and your business, always has secure data.
Now let's talk about legal requirements and gaps.
3) Legal and compliance requirements commonly means required data upkeep for a specific field of business, but any business can become part of a legal situation, which requires retrieving old, potentially otherwise deleted, data. Microsoft does have a few tools in place to assist with this, such as Place Hold and Litigation Hold settings, but these are not a robust backup solution designed to prevent a company from legal action. For example, with Place Hold if a user is deleted, their on-hold mailbox will also be deleted, which means lost data during a legal dispute.
4) Retention policy gaps can exist when efforts aren’t made to implement your primary data retention policy to data that doesn’t fall under your standard infrastructure, like O365 data. For example, Microsoft keeps data for 30 days after an employee leaves and deletes items in the recycle bin in that same time window. Remember, Microsoft only retains data as stated in their service agreement. Anything longer would be a breach of contract.
5) Transitioning from an on-premise Exchange to Office 365 Exchange Online can create an opportunity for lost data during the transition. With the right Office 365 backup, all exchange data can be backed up and treated the same.
You know your business.
And now you understand the limitations of Microsoft’s data protection in Office 365.
If you’d like to explore an O365 backup implementation with a Virtual Systems’ expert, let's have a discussion together!