While Microsoft 365 offers reliable application access, it lacks true backup and recovery capabilities. In fact, Microsoft recommends using third-party apps for data backups in their services agreement, which many businesses mistakenly believe Microsoft is responsible for. To learn about Microsoft’s backup weaknesses and how to address them, download our one-page guide, “5 costly data protection gaps in M365 and how to close them.”
What's inside?
Your responsibility as a user - Understand the stipulations set by Microsoft in their Service Agreement concerning your obligations for backups.
Data loss scenarios - Discover the limitations of Microsoft's partial backup and the circumstances that could lead to data loss for your business.
The hidden risks in M365's default data protection - Know the differences between Microsoft's Recycle Bin and Recoverable Items folder, as opposed to hard-deleted and irretrievable data.
Microsoft 365 may come with backup and recovery capabilities, but there are gaps. Whether it’s ransomware, accidental deletion or a disgruntled employee, if you don’t have a backup solution in place, you’re at serious risk of losing your data. In Microsoft’s Shared Responsibility Model, it’s clear that you are responsible for backing up your M365 data and so finding the right backup solution is key to strengthening any organisation’s cyber security.
What's inside?
The importance of data and backup - Understand the significance of data and why backing it up is integral to any organisation.
Microsoft's Shared Responsibility Model - Learn why you are responsible for your M365 data, not Microsoft.
The consequences of data loss- There's no shortage of ways to lose your data. Data loss is damaging and can lead to financial or legal implications.
Keeping your data backed up- Creating a multi-layered cyber security approach in your organisation is vital. Discover the backup solutions we recommended to organisations.
There is often great debate about creating backups for data in services such as Microsoft 365 Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams. The common assumption amongst many is that Microsoft backsup, so everything is covered.
When explaining that 3rd party backup provides a more holistic, secure safety net for your business, customers often tell me, “you would say that, you want to sell more products!” But there’s usually one response that gets their attention:
“It’s not me saying you need it, Microsoft say it”…
Microsoft’s shared responsibility model firmly puts data in the court of the user. Microsoft have got you covered when it comes to Global Infrastructure, Uptime and Cloud Service. But access and control of data in your M365 tenant? That’s on you.
In an on-premises data centre, you own the whole responsibility stack. As you move to the cloud, some responsibilities transfer to Microsoft. The following Microsoft diagram illustrates the areas of responsibility between you and Microsoft, according to the type of deployment of your stack. Note that your businesses setup, data, devices and accounts & identity remain your responsibility.
Your Responsibilities as a User
As a Microsoft 365 user, you act as the data custodian. Your main task is to ensure that your data is not only accessible but also securely backed up, separate from Microsoft’s cloud infrastructure and ready for recovery whenever necessary. Microsoft actually state this in their Service Agreement under section 6b:
Insights Into the Model’s Roles
Core Responsibilities: Microsoft is tasked with upholding their infrastructure’s integrity, offering reliable cloud service uptime. Meanwhile, your organisation must ensure it has full access and control over its data, an obligation that remains regardless of the decision to use a cloud-based service.
Technological Support: Microsoft 365’s data replication offers a level of redundancy, but this doesn’t equate to a true backup. Remember, the replication services are designed by Microsoft, for Microsoft’s convenience, and might not align with your recovery needs.
Security Measures: Security within Microsoft 365 is a collaborative effort, with Microsoft securing the service infrastructure and users responsible for their data security. This emphasises the importance of a comprehensive approach to protect against a myriad of threats.
Regulatory Compliance: Although Microsoft adheres to strict privacy standards and holds various certifications, the organisation using the service still retains the role of data custodian, complete with the responsibility to comply with legal and industry-specific regulations.
Implications of Ignoring Shared Responsibilities
Dependence on Microsoft for all aspects of data recovery, especially in scenarios like data deletion or security breaches, is risky. Microsoft’s built-in safeguards, such as recycle bins and retention policies, are meant for short-term fixes and may not suffice for comprehensive data recovery strategies.
Statistics reveal a troubling trend: a significant portion of businesses experience data loss or corruption within their SaaS applications, including Microsoft 365. The reality is stark – recovering 100% of data without a dedicated backup solution is often unattainable.
The Solution
Opting to backup Microsoft 365 data with a third party solution such as Acronis safeguards against data loss and cyber threats. Cobweb’s alignment with Acronis for its backup solutions reflects a commitment to delivering advanced, secure, and dependable data protection services, enabling businesses to operate confidently in the knowledge that their cloud data is comprehensively secured.
M365 Backup Webinar
If you’d like to learn more about M365 and backup, we’re hosting a virtual roundtable on the 2nd May with Microsoft MVP Andy Malone and Acronis experts. To sign up, please click here.
Recent Comments