When it comes to Disaster Recovery and Business Continuity, the terms availability and recoverability are often used to describe data protection solutions.
One ensures that your business is capable of operating should an unplanned incident detrimentally affect your critical services. The other determines your ability to recover data lost as a result of the event. Both are equally important in today’s digitally driven online world where users and customers demand uninterrupted uptime.
However, the technologies that enable these vital business protection services vary greatly. Understanding the difference is vital to protecting your data on Office 365.
Protecting Your Data on Office 365 is a Shared Responsibility
Microsoft delivers Office 365 using the cloud service model of Software as a Service (SaaS). With SaaS, the service provider is responsible for managing and maintaining everything from the underlying infrastructure to the application itself.
However, the subscriber still has to take some responsibility. As SaaS utilises a multi-tenant architecture where multiple, independent subscribers consume a service leveraging the same infrastructure, they are responsible for providing and managing user access.
As a result, protecting the data they store on the service is also their responsibility.
Availability on Office 365
Microsoft is responsible for ensuring the availability of the online services they market under the Office 365 brand. Whether it be email via Exchange Online, portals and collaboration via SharePoint Online, or Messaging via Skype for Business, Microsoft has implemented multiple redundant technologies ensuring their services remain connected and available.
By replicating their services across multiple servers and across various data centres in the same region, they maintain high-availability.
This redundant architecture approach ensures that any single component failure, whether it be something as insignificant as a single hard drive or something as large as an entire data centre, does not affect a subscriber’s ability to access and consume the service.
Recoverability on Office 365
Microsoft does not backup your data on Office 365. While they do offer some data retention services, there is no offline, independent copy of the information you store on the platform.
When it comes to recoverability, Office 365’s data retention policies can recover data that has been deleted.
For example, if a user accidentally deletes an item, the default retention policy stores that item for an additional 14 days before it is destroyed. Office 365 also gives its subscribers the ability to archive items. The default setting moves items older than two years from a user’s inbox to their archive. There are also other policies with different retention periods and actions that a user can assign to a specific item. The problem with Office 365 retention policies is that they are complicated. They also do not give you the ability to perform a point in time restoration of your data.
Certain risk scenarios highlight the shortcomings in the data protection capability of Office 365’s retention policies. Accidental or deliberate deletion is one scenario where you could have irrecoverable data loss.
If a user accidentally deletes an item and does not recover it within 14 days, Office 365 will remove the item once the retention period lapses. In the case of deliberate action, such as a disgruntled employee, a deleted item can be permanently destroyed within minutes.
If the user deletes the item and then erases all the content from their deleted items folder, the information is lost forever. Retention policies also offer insufficient protection from security threats. Although Office 365 does offer advanced malware and virus protection, there is still a probability that an unknown malware variant could bypass its anti-malware measures.
Should such an incident occur, all the data you store on Office 365 will be unrecoverable.
Over and above these two scenarios, retention policies on Office 365 are complicated. As a result of this complexity, the risk exists that gaps in any retention policies could result in you believing the service is protecting your data when in fact it is not.
Protecting Your Data on Office 365 is Your Responsibility
When it comes to protecting your data, it is vital that you understand the difference between availability and recoverability.
With Office 365, Microsoft takes care of availability by implementing various technologies that ensure their service remains accessible and available. However, the recoverability features offered by Office 365 are not enough to protect your data from every possible threat.
As Microsoft does not provide point in time restores and does not keep an offline independent copy of your data, the critical information you store on Office 365 is at risk unless you deploy a third-party solution to protect your information.
Conneqt IT Office 365 Backup & Archive
Conneqt IT Office 365 Backup & Archive is a cloud-to-cloud backup as a service offering which provides a simple, automated and secure backup solution for Microsoft Office 365. With Conneqt IT Office 365 Backup & Archive, organisations can:
- Enhance protection of Office 365 data from accidental deletion, threats and retention policy gaps;
- Quickly restore individual Office 365 items and files with industry-leading recovery flexibility; and
- Meet legal, compliance, and data sovereignty requirements with efficient eDiscovery of Office 365 backup archives and your choice of AWS storage location.
Conneqt IT Office 365 Backup & Archive is available on a monthly subscription, with the option to backup Exchange only, OneDrive & SharePoint only, or all three for a discounted bundled rate.