Over 80% of organisations worldwide have switched at least some of their core IT to the cloud, and approximately half of these are on Microsoft 365.

Some organisations conflate Microsoft 365 and other cloud services with backup solutions. Their assumption is that because the data is stored offsite from their own premises, this means it is backed up.

As this article will detail, doing so can be a costly mistake both from the perspective of regulatory compliance, and business continuity. Increasing numbers of UK organisations now keep some or all of their critical data in the 365 suite including SharePoint, Teams, OneDrive and Outlook.

In the event of a ransomware attack, accidental deletion or overwriting of files, or a compliance audit, it is vital to be able to return to a specific point in time prior to an incident occurring. The inbuilt tools within Microsoft 365 do not provide this ability.

‘Data retention’ versus ‘data backup’

According to Microsoft’s user license agreement , it provides ‘data retention’ – there is no mention of backup. In the vendor’s own words, its data retention policy does not provide backup.

The implication of this is that if data is deleted, Microsoft only retains it for a 90 day period before it is permanently deleted with no potential for recovery. Worse, if files or folders are overwritten by users either in error or deliberately, then crucial data objects can be instantly lost.

Microsoft 365 and backup

The best way to think of Microsoft 365 is a suite of collaboration tools. It allows users to efficiently share work, ensure availability, and create logical folders in SharePoint.

The crucial point to note when talking about backup is that although SharePoint and Teams files may look like archives, they are not automatically backed up to provide historical snapshots.

Compliance considerations

As well as the internal disruption that can be caused by data being overwritten, other implications can be even more undesirable. Because it is not methodically backed up or archived, files and folders hosted in Microsoft 365 do not satisfy many regional, national, or regional the data retention policies.

As a consequence, a failure to backup Microsoft 365 can leave organisations exposed to data erasure or loss, either as a result of genuine user error or more malicious intent. This can mean vital data cannot be provided for an audit or to satisfy a regulatory obligation. Similarly, it can lead to the loss of key financial data, contracts or product development documentation.

How to properly backup data in Microsoft 365

Because of the way Microsoft provides ‘data retention’ as opposed to backup, additional measures are required to properly backup 365 data. This ensures key documentation is not overwritten, and that compliance obligations can be met.

To plug these gaps in Microsoft 365’s native functions, ORIIUM SaaS integrates directly with the Microsoft 365 tenant to backup to a variety of storage targets. It can also carry out full or granular restores of protected data to protect against threats such as accidental deletion, user deletion, ransom attacks, and other service interruptions.

The solution provides further guard against Microsoft 365 outages by using an organisation’s own cloud targets or on-premise storage destinations. The process is also fully automated which means no manual configuration is required to setup new users – it works with a simple policy-based automatic backup.

As an additional layer of safeguard to protect against accidental deletion, users cannot access the backed up data. This ensures no accidental deletion or malicious purges can take place.

A complete solution

ORIIUM SaaS provides comprehensive protection for all Office 365 data. This reduces cost and complexity by eliminating the need for multiple backup protection platforms.

It also provides a complete vision of all data sources including Microsoft 365, G Suite and Salesforce. To satisfy regulatory compliance obligations, it also enables long-term retention policies to be created. In the event of data loss or ransom attack, the solution also provides a granular search, specified point-in-time recovery, and out-of-place data restore options to enable data to be redeployed onto a different device if required.

Find out more

Contact us on (0) 20 7 0399 266/  info@stadiacg.co.uk  to find out more about how ORIIUM SaaS can protect your Microsoft 365 data.

The post Why backup Microsoft 365? appeared first on SCG - Stadia Consulting Group.