Office 365 includes many services in one cloud platform. Backup is not among them.
Most customers believe that since O365 is cloud-based, it must incorporate its own backup. Why would you need a separate backup?
Unfortunately, this is a common misconception. While Office 365 does preserve some data for 30 days after deletion (90 days in a few cases), it doesn't match backups for data retention, or regulatory compliance.
There are 6 reasons you should maintain a separate backup of your Office 365 data. We're going through all 6 in this WOOF! issue.
It's All About Redundancy
"Microsoft backs up my data."
Not entirely true. Microsoft offers what's called "Geo Redundancy" for Office 365 users. Geo Redundancy protects against failures by mirroring user accounts in different geographic locations.
(This way if there's a crash at one location, you just keep working off the data copy at the other location.)
This is NOT the same as a backup. Backup preserves multiple copies of data in case of not only infrastructure failure, but also data corruption, theft, and cyberattack.
In fact, according to a white paper from Veeam, Office 365 users have to factor 6 risks into their backup plans:
- Accidental Deletion – The "Oops!" delete you didn't catch until later. If you catch it within 30 days, files/mailboxes are recoverable. After that though...
- Gaps in Data Retention – Office 365 only stores deleted mailboxes in its Recycle Bin for 30 days…contacts, mail, everything. After that, it all gets purged. Which is unacceptable for data retention.
- Internal Security Threats – Employees copying data to a USB drive, deleting it from their workstation, and walking out the door. Office 365 can't tell the difference between "regular user" and "terminated employee deleting critical company data before they leave."
- External Security Threats – Cybercriminals breaking in, stealing data, and then destroying your copy with ransomware. Now an ever-present threat.
- Legal & Compliance Requirements – GDPR anyone? SOX? Microsoft does have "In Place Hold" and "Litigation Hold" to preserve data for legal compliance. But these aren't meant to serve as backup, and remain vulnerable to Accidental Deletion.
- Hybrid Office 365 Configuration – Hybrid configurations can place data on local servers, outside of Office 365. Are you backing up that data? Microsoft isn't!
Without Redundancy, Office 365 Fails at Data Retention
In June, a customer called us panicking. They had a former employee, whose Office 365 mailbox contained important documents. No one else had a copy!
The problem? This employee had left almost 2 months prior. The customer had deleted the former employee's Office 365 mailbox right afterward. They thought they had copies of all the files. Turns out they didn't have them all.
After 30 days, Office 365 automatically purged the deleted mailbox from its system. We had to give them the bad news…that the mailbox was long gone.
The lesson? Office 365 had not acted as a backup for them. It's not meant to. The only restoration avenue with Office 365 email is to restore deleted items from the Recycle Bin—and as our customer found out, that’s only good for 30 days. This applies to SharePoint Online, OneDrive, etc., as well.
If you don't want to lose important files located within Office 365, you need to back them up.
Yes, You Still Need to Backup Data on Office 365
We harp on backups so much because they're essential to a business' continued existence. Without them, a business can quite literally die in the wake of a disaster.
Storing files in Office 365 is better than nothing. But it's not a true backup, and should not be seen that way. Add a full backup to your IT infrastructure, kept offsite and on secure servers, and you’ll have real protection from disaster.
Do your backups include all of your business' data? Not sure? Email us at firstname.lastname@example.org to make sure!