Sponsored: Extending Office 365 Data Protection

Office 365 Hero

This post is sponsored by Druva’s Office 365 backup solution.

There’s no doubt that Office 365 is the most popular cloud services today. Microsoft launched Office 365 back in June 2011 and it has become a popular choice for the day-to-day work of both businesses and consumers alike. Office 365 is full-featured, easy to access, and its multi-device licensing make it a cost-effective option for most organizations. However, because it’s a cloud application, many users are under the erroneous impression that Office 365 data doesn’t need any protection. They often think that there is no need to do anything to protect cloud data – the cloud provider will take care of everything. However, the cloud isn’t a magic bullet for data protection. Data in the cloud is just as susceptible to accidental loss, theft, or malicious attack as local data.

Office 365 does provide a basic level protection in case you accidentally delete an email, a OneDrive file or a SharePoint item. The Office 365 Recycle Bin is the primary data protection point in Office 365. It allows you to undelete a given item for a set period of time. The maximum retention time for the Office 365 recycle bin and the second-stage recycle bin is 93 days. To restore an item, you need to locate the deleted item in the recycle bin before it expires and you can only restore a single item at a time. Exchange 365 provides a Recoverable Items folder with a maximum 30 day retention time. SharePoint and OneDrive also offer site versioning that enables you to restore an entire site for up to 30 days in the case of accidental administrative errors.

While Office 365 has basic protection from simple item deletion issues for businesses, there are a number of important gaps in Office 365 data protection that are simply not addressed by the basic recycle bin. Some of the most important data protection challenges for Office 365 include:

  • Unintentional deletion and user error — While Azure itself is extremely reliable, one of the most common causes of data loss is data that is purposely deleted by the user only to later realize that the item is still needed. If the user only discovers this after the Office 365 recycle bin has expired, the data may be permanently lost. To protect against this problem, you need to have a backup copy of your Office 365 data that is separate and independent of the basic recycle bin.
  • Malicious data deletion and malware — Another data protection challenge is malicious data deletion where an employee may intentionally delete data before they quit, if they suspect that they are going to be terminated or if they have issues with management. Likewise, the threat of malware and ransomware threat isn’t just limited to physical devices and local VMs. Cloud applications like Office 365 are equally at risk and are susceptible to data corruption and possible user lockout. To protect against these types of data loss situations, you need to have multiple copies of your critical corporate data outside the control of a single provider. In addition, you need multiple timestamped copies that can enable you to revert to a given point-in-time prior to any data loss or corruption.
  • Meeting data governance and legal requirements – Many data governance requirements like HIPPA and GDPR have data retention mandates that go beyond the limits of the Office 365 recycle bin. In addition, businesses can face substantial fines and other consequences if they fail to produce data following a discovery request made by the courts – even if that data is in the cloud. To address these challenges you need to be able to set data retention policies and have the ability to search your backup data as well as having multiple archived copies of your data.

The native Office 365 data protection capabilities have limited abilities to address these types of challenges. Gartner Research has recommended that organizations that have deployed on Office 365 use some type of third-party backup and data protection tool to provide more complete data protection such as what Druva provides.

To fully protect your Office 365 data and meet your regulatory and legal requirements, you should consider an Office 365 data protection solution that is able to recover from administrator and user error by going back to a specific time using time-indexed snapshots. This can protect against data loss, accidental deletion, file corruption, and ransomware attacks. Support for automated compliance-management capabilities can enable businesses to create data retention policies to help them to comply with their regulatory requirements. In addition, you should look for search capabilities that enable you to quickly locate files and other items across multiple cloud applications, users, and storage locations.

Office 365 is a cloud application and it’s up to Microsoft to make sure the application is available and responsive. However, that not the case for Office 365 data. In the end, data is one of the businesses most important assets and Office 365 data protection is the customer’s responsibility.