Why do you need to back up your Office 365 data?

Why do you need to back up your Office 365 data?

On October 29th I attended DattoCon18 in Barcelona, joining over 700 people from all around Europe for what was the largest event held of its type in Europe. DattoCon is an MSP-centric event which takes place bi-annually with an event held in the United States during June followed by an event in Europe during October. Not only are the events attended by MSP’s worldwide but also by industry-leading service vendors.

Datto now supports more than 13,000 MSP partners working with more than 500,000 small and medium-sized businesses (SMBs) in 125 countries, making Datto the largest MSP-centric company in the world.

ATG-IT have proudly partnered with Datto for the past 6 years delivering you our industry leading 5nines Business Continuity and Disaster Recovery solution. In addition, we have recently launched our 5nines 365 backup solution thus offering you the same peace of mind solution for all your data held in Microsoft’s cloud at a cost-effective price point.

From those 3 incredible days, I have many takeaways, from new innovative services being introduced for monitoring activity on the Dark Web to how ATG can improve the customer experience by becoming more user-centric. There was ONE BIG THING that resonated with me, however, and I wish to share it with you.

If your company’s data and email are stored on a server in your office you would back up this server to safeguard your business against the ever increasing threat of ransomware, in order to meet compliance regulations, protect against an employee acting maliciously or simply to be able to recover files or emails deleted accidentally.

So let me begin by asking you this question: Why wouldn’t you back up your data held in the cloud? The answers I commonly hear are: “Well, Microsoft back it up, don’t they?” or “we have an email archiving in place for that?”

As a Director of ATG-IT, it is my duty to outline the responsibilities all business owners and Directors have to protect their own company data and help to explain the differences between archiving and 365backup.

Compliance and retrieval requirements demand that businesses store more data than ever before. When we think of archiving something, we typically think we're saving it for later use, but don't have a set time in mind for when that might be. Email archives are intended as a repository for email (a copy) that needs to be stored for periods that may extend to decades. The key benefit of archiving is “Ease of Access” since email archives are meant for long-term data retention with no clear restoration window, email tends to just pile up. Of course, it is possible to restore individual emails but the technology used for email archiving is not used for restoring a mailbox or a company’s entire email infrastructure.

So unlike archiving, 365backup will protect your entire Microsoft O365 Tenant, not just copy email to an archive. It will protect data in OneDrive, SharePoint, Mail, Calendar and Contacts. Think of your Microsoft O365 Tenant as your server with all your data within, after all your emails are on a hosted Exchange Server, without this backup you are at risk. I heard this story from another MSP owner from the US in one of the sessions:

“Earlier this year, Microsoft had an outage for a couple of hours, the MSP noticed that they could no longer log into the client’s O365 portal. They contacted Microsoft support for assistance who upon investigation reported back that no such client existed!!………..there was no trace or record of the client’s domain. Of course the MSP provided them information to show them it did exist, in the end Microsoft discovered that during the outage a server failure had led to several hundred O365 tenants being lost! Their response was that they could recreate the tenant but all data had been lost”.

Now I know there is a 0.01% chance of this happening to anyone….but it did and still does. Thankfully his customer had an O365 backup solution in place and they were able to restore the entire tenant along with all their emails and data. Imagine the cost to that client if all their O365 data had been lost?

We also have a new threat to O365 users looming on the horizon called Ransom Cloud, this is a new strain of ransomware attack specifically aimed at O365 users. Kevin Mitnick, an American computer security consultant, author, and hacker (best known for his high-profile 1995 arrest and later five years in prison) has warned MSP’s of the new wave of attacks coming and has posted this YouTube video to show how it works and what effect it has. An email archiving only solution will not protect your data.

Kevin is also the Chief Hacking Officer of the security awareness training company KnowBe4, that we have recently partnered with to develop our new ATG Security Awareness service, an online security and phishing training platform for all your staff.

This brings me on to responsibilities. Microsoft Cloud Services operate on The Shared Responsibility Model. I have enclosed a copy for you below and a diagram to illustrate. Office 365 is classed as SaaS.

To summarise this:

  • Microsoft protects the infrastructure of their cloud.
  • End clients protect data within Microsoft’s cloud

This is an extract taken from Microsoft’s SLA:

"We strive to keep the services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as result. In the event of an outage, you may not be able to retrieve Your Content or Data that you have stored"

We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.’

So in answer to those who think Microsoft back up the emails, they don’t. In fact, the retention period of data held within Office 365 is only 30 days.

DattoCon was an incredibly insightful event for me. It made me stop and think. This is why I decided to write this article. I want to ensure that none of my customers face this awful and business-threatening situation. I have only given you the facts you need to know. It is my role and responsibility to make you aware. At the end of the day it is your choice how you safeguard the data used within your own business. I respect that.

5nines 365Backup is an insurance policy for client data AND your business.

Thank you for reading, if you have any questions please contact me directly through my LinkedIn, Chris Savigar.