Many SMBs have moved to the cloud to take advantage of all the benefits that it can offer. A common misconception, however, is that the data that resides in the cloud is being backed up by the service provider such as Microsoft or Google or Amazon. This is not the case.
Microsoft, and other providers, operate under a shared responsibility model. This means that they will do what is necessary to protect their services however, the customer is responsible for protecting their data.
In this article we will provide five reasons why an SMB needs to back up their Microsoft 365 data. Although, the article focuses specifically on Microsoft 365, most of these reasons can apply to other providers as well.
1. Disruptions and Outages
As we mentioned, the cloud can offer many benefits that can be leveraged by SMBs, however, there may be disruptions in services due to hardware or software issues. Some disruptions can last seconds and are unnoticeable while others can last long enough to cause downtime for businesses using these services. How long the downtime lasts will depend on the issue they are resolving. Regardless, without having the data backed up the downtime can be costly for businesses as no back up means no access to the data required to continue to operate. In a worst case scenario, if the servers the data is in are heavily affected, it may also mean that businesses may not be able to recover their data without a third-party backup.
Microsoft clearly addresses this in the Service Availability section in their Microsoft Services Agreement which states:
“b. We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”
2. Account Deletion
Another very good reason to ensure that your data is backed up is in the event of an account being deleted. Whether the deletion was intended, an error, due to migration to another solution or because of malicious activity, once the account is deleted, all of the data and content within that account is deleted forever. You cannot get it back. Again, Microsoft recommends backing up the content and data in your Microsoft 365 accounts.
3. Limited Native M365 Backup and Recovery Capabilities
M365 does allow for the recovery of deleted items. However, the native recovery tools are limited. The basic recovery from Deleted Items helps with recent accidentally deleted items, but what about items deleted due to other reasons? For example, items that have been deleted for a long time, corrupted items, items that were not migrated properly or lost items due to a cyberattack. These items may not be recoverable from the native M365 backup and recovery capabilities.
4. Permanent Data Deletions are Irreversible
There are two ways data can be deleted in Microsoft 365. The data can be temporarily deleted (soft deleted) and is recoverable. Or the data can be permanently deleted (hard deleted) in which case it is not recoverable.
In a hard-deleted scenario, data becomes permanently deleted (or hard-deleted) without hope for restoration under the following conditions:
- When the data has been temporarily deleted for longer than 30 days without being restored
- When the user account that is associated with this data has been permanently deleted
- When someone manually removes the data from the Recoverable Items folder.
There is an exception to the above rule which is if the hard-deleted files were previously preserved by the retention policy, you could access them via eDiscovery. But this has caveats of its own. First, eDiscovery is designed to retain data as evidence for legal purposes and not as a means to restore data. Second, you need a M365 E3 subscription or higher for access to the eDiscovery service.
5. External Security Threats
Ransomware, account hijacking, phishing, malicious applications, and brute-force attacks are just a few external security threats that can jeopardize your data. Microsoft does offer a range of useful tools to improve the security of your data, however, the fact remains that they operate under the shared responsibility model we mentioned earlier. To reiterate, Microsoft will protect the M365 services, but the customer is responsible for protecting their data, devices and identities.
MicroAge can help you determine how best to protect your M365 data. Contact us today.