Microsoft 365 (formerly known as Office 365) Shared Responsibility Model states: “With Microsoft (Office) 365, it’s your data — you control it — and it is your responsibility to protect it.” But what does this mean for you…
At DCS, I’m sure we must sound like a broken record with regards to the backing up of data stored on your server. But now, so many organisations have moved their e-mail data from their own servers to Microsoft’s servers. So how safe is your Microsoft 365 data from loss?
Well, first of all, let us explore why we have a backup in the first place. The most obvious reason is to protect against the risk of your server going “pop” and losing your data. If you have a backup, as inconvenient as it may be, you can simply get replacement hardware and restore your data from the backup. At Microsoft, your data doesn’t just sit on a standalone server though. No, Microsoft have farms of servers with highly resilient storage infrastructures that can suffer many disk failures and multiple whole server failures in quick succession, and even then, your data’s intact and accessible. On top of this, those servers have the cleanest air, the cleanest electricity supplies and run at optimum temperatures to significantly minimise the risk of any of those many servers from going “pop” in the first place.
The second reason we have a backup is in case of any force majeure event. We hope this never happens to you or your business, but if it should, if you have a backup, you again have a small inconvenience, but your data is safe. Over at Microsoft, they didn’t stop with just having multiple servers, multiple hard drives, clean air and clean electricity. They went on to duplicate everything they do at datacentre 1 into a 2nd datacentre (there are 3 in total in the UK including London, Cardiff and Durham) with automatic failover should a force majeure event affect that location. This is in addition to them having multiple robust and resilient internet connections to the outside world, enormous diesel generators that run for days on end, sophisticated fire suppression systems and importantly, not locating themselves on a flight path, a floodplain or next to a chemical factory for example.
Theft is another factor to consider. If your server is stolen, you can arrange for replacement hardware and restore it from your daily backup media. At Microsoft, if one of their server’s is stolen (unlikely, I can assure you!), as we discussed above, the data is stored multiple times on a farm of servers, so your data in that respect is not going anywhere. But Microsoft doesn’t stop there (there’s a pattern forming here!), a lot of focus is put on physical security. Their physical security includes, but is not limited to, CCTV (including ANPR), security guards 24/7/365, a secure location chosen (often in bunkers, sometimes underwater), ram-raid protection, strictly authorised personnel only allowed on-site, access control systems and the list goes on.
Accidental Deletion – for the purposes of illustrating the point, let’s consider the e-mail element of Microsoft 365 (Exchange Online) for a moment. If you delete an e-mail, it goes into deleted items, so that’s easy to recover. What if it gets deleted from deleted items? Well, if you right-click on the Deleted Items folder in Outlook, you can launch the ‘Recover Deleted Items’ console where you can recover the specific Outlook item you’re looking for. Let’s go a step further. What happens if you’ve accidentally deleted an e-mail, it’s not in your Deleted Items folder, and you can’t recover it using ‘Recover Deleted Items’? That’s the time you call DCS and ask for help and one of our engineers can go to a special admin area and recover it for up to 30 days (can be configured longer or shorter periods) after deletion. And this logic also works with contacts, calendar items, entire mailboxes, OneDrive for Business and SharePoint documents and Azure Active Directory accounts and more…
OK, let’s say the worst happens, let’s say Microsoft’s UK datacentres 1, 2 and 3 have gone offline. Or let’s say you’ve deleted all your mailboxes and all your documents and no one has noticed for over 30 days. Your Microsoft Outlook and your OneDrive for Business client more often than not, store (aka cache) an offline copy of your data (sometimes all of it, sometimes up to the last 3 months) so your data can usually be rebuilt using your offline copy with the help of DCS.
So why are we making you aware of this option to backup your Microsoft 365 data? Having data stored with Microsoft as we have just explored, enormously reduces the risk of data loss in the first place compared with an on-premise server. However, we have dealt with a very small number of incidents where a single (not the whole organisation) user’s Microsoft 365 account has been breached, i.e. someone has worked out that individual end user’s username and password. Once authorised, the hacker can skilfully delete data and set up rules to forward incoming e-mails to their own personal account. In the very small number of these incidents we have encountered, the passwords on these accounts have been woefully weak, and the clients’ data has been rebuilt.
There are 2 take-aways from this
1. To mitigate against the most likely risk of data loss (which is cyber-crime) you should proactively look at the security of your Microsoft 365 accounts, specifically end users’ passwords
2. Consider identifying key Microsoft 365 data (an example could include Directors’ mailboxes) and backing up just the key data.
Our friendly team are here to help if you have any further questions https://www.deansplc.co.uk/cloud-managed-services/ https://www.microsoft.com/en-gb/microsoft-365