Request Information
1.877.459.4347

Request Information

or Call 1.877.459.4347

6 Critical Reasons for Office 365 Backup

6 Critical Reasons for Office 365 Backup
August 30, 2018 / Evolve IP

Introduction

Do you have control of your Office 365 data? Do you have access to all the items you need? The knee-jerk reaction is typically, “Of course I do,” or “Microsoft takes care of it all.”

But if you really think about it — are you sure?

Microsoft takes care of quite a bit, and provides a great service for their customers. However, Microsoft’s primary focus is on managing the Office 365 infrastructure and maintaining uptime to your users. They are empowering YOU with the responsibility of your data. The misconception that Microsoft fully backs up your data on your behalf is quite common, and without a shift in mindset, could have damaging repercussions when this responsibility is left unattended.

Ultimately, you need to ensure you have access to, and control over, your Exchange Online, SharePoint Online and OneDrive for Business data.

This report explores the hazards of not having an Office 365 backup in your arsenal, and why backup solutions for Microsoft Office 365 fill the gap of long-term retention and data protection.

“We worried about the backup and retention policies in Office 365. Microsoft takes care of our data, and protecting historical email data is important. That’s why we decided to ensure we have a backup of our data residing in Office 365.”

— Karen St.Clair, IT Manager, Columbia Power & Water Systems

The Big Office 365 Misconception

The misunderstanding falls between Microsoft’s perceived responsibility and the user’s actual responsibility for protection and long-term retention of their Office 365 data. The backup and recoverability that Microsoft provides and what users assume they are getting are often different. Meaning, aside from the standard precautions Office 365 has in place, you may need to re-assess the level of control you have of your data and how much access you truly have to it. Microsoft Office 365 offers geo-redundancy, which is often mistaken for backup. Backup takes place when a historical copy of data is made and then stored in another location. However, it is even more important that you have direct access to and control over that backup. So if data is lost, accidentally deleted or maliciously attacked, for example — you can quickly recover. Geo-redundancy, on the other hand, protects against site or hardware failure, so if there is an infrastructure crash or outage, your users will remain productive and often oblivious to these underlying issues.

“With Office 365, it’s your data. You own it. You control it.”

— The Office 365 Trust Center

6 Reasons Why Backing Up Office 365 is Critical

As a robust and highly capable Software as a Service (SaaS) platform, Microsoft Office 365 fits the needs of many organizations perfectly. Office 365 provides application Availability and uptime to ensure your users never skip a beat, but an Office 365 backup can protect you against many other security threats.

You or your boss might be thinking, “The recycle bin is probably good enough.” This is where many people get it wrong. The average length of time from data compromise to discovery is over 140 days¹. A shockingly large gap. The likelihood is high that you won’t notice something is missing or gone until it’s too late for the recycle bin.

By talking with hundreds of IT professionals across the globe who have migrated to Office 365, six vulnerabilities in data protection rise to the top:

¹ https://discover.office.com/6-steps-to-holistic-security/chapter1/

6 Critical Reasons for Office 365 Backup

Do you have control of your Office 365 data? Do you have access to all the items you need?

If you delete a user, whether you meant to or not, that deletion is replicated across the network, along with the deletion of their personal SharePoint site and their OneDrive data.

Native recycle bins and version histories included in Office 365 can only protect you from data loss in a limited way, which can turn a simple recovery from a proper backup into a big problem after Office 365 has geo-redundantly deleted the data forever, or it has fallen out of the retention period.

There are two types of deletions in the Office 365 platform, soft delete, and hard delete. An example of soft delete is emptying the Deleted Items folder. It is also referred to as “Permanently Deleted.” In this case, permanent is not completely permanent, as the item can still be found in the Recoverable Items mailbox.

A hard delete is when an item is tagged to be purged from the mailbox database completely. Once this happens, it is unrecoverable, period.

The fast pace of business in the digital age lends itself to continuously evolving policies, including retention policies that are difficult to keep up with, let alone manage. Just like hard and soft delete, Office 365 has limited backup and retention policies that can only fend off situational data loss, and is not intended to be an all-encompassing backup solution.

Another type of recovery, a point-in-time restoration of mailbox items, is not in scope with Microsoft. In the case of a catastrophic issue, a backup solution can provide the ability to roll back to a previous point-in-time prior to this issue and saving the day.

With an Office 365 backup solution, there are no retention policy gaps or restore inflexibility. Short term backups or long-term archives, granular or point-in-time restores, everything is at your fingertips making data recovery fast, easy and reliable.

The idea of a security threat brings to mind hackers and viruses. However, businesses experience threats from the inside, and they are happening more often than you think. Organizations fall victim to threats posed by their very own employees, both intentionally and unintentionally.

Access to files and contacts changes so quickly, it can be hard to keep an eye on those in which you’ve installed the most trust. Microsoft has no way of knowing the difference between a regular user and a terminated employee attempting to delete critical company data before they depart. In addition, some users unknowingly create serious threats by downloading infected files or accidentally leaking usernames and passwords to sites they thought they could trust.

Another example is evidence tampering. Imagine an employee strategically deleting incriminating emails or files — keeping these objects out of the reach of the legal, compliance or HR departments.

Malware and viruses, like ransomware, have done serious damage to organizations across the globe. Not only is company reputation at risk, but the privacy and security of internal and customer data as well.

External threats can sneak in through emails and attachments, and it isn’t always enough to educate users on what to look out for — especially when the infected messages seem so compelling. Exchange Online’s limited backup/recovery functions are inadequate to handle serious attacks. Regular backups will help ensure a separate copy of your data is uninfected and that you can recover quickly.

Sometimes you need to unexpectedly retrieve emails, files or other types of data amid legal action. Something you never think it is going to happen to you until it does. Microsoft has built in a couple safety nets, (Litigation Hold) but again, these are not a robust backup solution capable of keeping your company out of legal trouble. For example, if you accidentally delete a user, their on- hold mailbox, personal SharePoint site, and OneDrive account is also deleted.

Legal requirements, compliance requirements and access regulations vary between industries and countries, but fines, penalties, and legal disputes are three things you don’t have room for on your to-do list.

Organizations that adopt Office 365 typically need a window of time to serve as a transition window between on-premises Exchange and Office 365 Exchange Online. Some even leave a small portion of their legacy system in place to have added flexibility and additional control. These hybrid email deployments are common, yet pose additional management challenges.

The right Office 365 backup solution should be able to handle hybrid email deployments, and treat exchange data the same, making the source location irrelevant.

Conclusion

Go ahead and take a closer look. There are security gaps you may not have been aware of before.

You already made a smart business decision by deploying Microsoft Office 365, now find a backup solution that offers you both complete access and complete control of your Office 365 data and avoid the unnecessary risks of data loss.

Learn more about Office 365 backup: https://www.evolveip.net/draas-suite/veeam

Source: Veeam

Categories: Featured Posts Office 365
Recommended For You
The Evolve IP Compliance CloudTM

Compliance is a way to do business … not an afterthought when clients need it.

At Evolve IP we have a dedicated compliance and security practice and work with two of the world’s top 3rd-party compliance auditors, Grant Thornton and Ernst & Young, to enable customers to extend their compliance to our fully audited cloud. This focus allows us to deliver the documentation and assurances that other’s simply cannot including HIPAA / HITRUST, PCI-DSS (all 12 sections), SOC 2/3 and more. The Compliance CloudTM includes true client isolation, encryption in transit and at rest, private VLANs, firewalls and dozens of other security measures.

 
 
What Our Clients Say
  • "Yesterday was, perhaps, my busiest day of client interaction either by phone or email since I have been a PM, and I don’t think any of my clients knew I was working from home unless I told them. I was also able to do trades behind the scene and interact with my team. So, for me, the technology has been working great. As an old guy, I am constantly dazzled by technology in general, but being able to do this stuff from home is amazing!"

    James C. Hunter, CFA, CFP, AIF, Senior Portfolio Manager, Principal

  • "Hey, IT people, As I’m working away in my home office, I just wanted to say thanks to you for all you’re doing, and have done in the past, to make it possible for us to run our company virtually. Not many of us JICers have jobs that everyone in the firm sees and could stop us from doing business. But you have this job, and do it well. Thank you for having the foresight and wisdom to get us in a position to succeed in a pandemic! You’re awesome."

    Michael D. Barnes, Esq., CTFA President, Principal

  • “That’s the type of proposition I like to bring to a Board of Directors. When I can say, ‘we can get everything new, be completely redundant, it can meet all of our needs and oh, by the way, we are going to save over $300,000 a year.’ It makes it easy for me to sell!”

    - Ken Schultz, CIO Ogletree Deakins

    Watch Testimonial

  • "The people that Evolve IP are more personable; you don't feel like there's necessarily a script when you're talking with them, they’re easy to understand, quick to get a hold of, and they follow through on what they say they're going to do."

    Watch Testimonial

  • "Evolve IP has been a vendor partner that has grown with us, that has helped us, and that you know stands by us and stands by their word."

    Watch Testimonial

What the Experts Think

Our analyst-acclaimed solutions are built on a world-class, compliant architecture that leverages the blue-chip technologies organizations already know and trust.

Gartner

We deploy best-of-breed solutions including: Disaster Recovery, Contact Center, Unified Communications, DaaS, IaaS. Our services are analyst-acclaimed, vendor-validated, client recommended and award-winning.

HITRUST

Evolve IP is proud to have achieved the honor of being HITRUST CSF certified! Certification to the HITRUST Common Security Framework (CSF) affirms that all of Evolve IP’s cloud computing and cloud communications services adhere to the strictest security standards for electronic protected health information (PHI). The HITRUST security standard was developed by and for the healthcare industry as a means of going above and beyond the compliance requirements of HIPAA.

The HITRUST Common Security Framework (CSF) was developed to address the multitude of security, privacy and regulatory challenges facing healthcare organizations. The HITRUST CSF was developed by healthcare and IT professionals to provide an efficient and prescriptive framework for managing the security requirements inherent in HIPAA. HITRUST CSF rationalizes healthcare-relevant regulations and standards into a single overarching security framework. An important part of the “What is HITRUST” answer is understanding that the CSF is risk-based and compliance-based so that organizations can tailor the security control baselines and vendor management programs that they follow based on their specific organization type, size, systems, and regulatory requirements.

HIPPA

The Privacy regulations of the U.S. Health Insurance Portability and Accountability Act (HIPAA) require health care providers, organizations, and their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI — paper, oral, and electronic, etc. Those who fail to adhere to HIPAA can suffer from huge fines climbing into the millions of dollars for major violations.

The Compliance Cloud™ fully enables covered entities and their business associates subject to HIPAA regulations to leverage a secure environment to process, maintain, and store protected health Information (PHI) featuring among other controls.

SSAW 16 Service Organization Control II (SOC 2)

Evolve IP has received an SSAE 16 SOC 2 Type II report on our internal controls relating to how we assess and address the potential risks associated with the security, availability, and confidentiality of not only the cloud-based services that we provide, but also our physical and logical infrastructure. Evolve IP utilizes the Certified Public Accounting firm of Grant Thornton to perform its annual audit and attestation in accordance with the Statements on Standards for Attestation Engagements No. 16 and the associated Trust Services Principles, as published by the AICPA, to evaluate the effectiveness of Evolve IP’s service organizations controls.

Forbes

While Forbes regularly features coverage and recognition about Evolve IP, they've most recently recognized Evolve IP as being the "Best Cloud Computing Companies And CEOs To Work For In 2017".  They've ranked Evolve IP in the Top 3 just behind Google and Microsoft in the Cloud Infrastructure classification.  (Feb 2017). Forbes  also recently recognizes Evolve IP for bringing Singer Equipment Corporation, a mainstream business based in PA, into the cloud by means of unified communication. (Sept  2017). Last year, Forbes recognized Evolve IP's survey of 1,080 executives citing that the number one reason to go to the cloud is the same reason that it is avoided. (Mar 2016).

Unified Communications Product of the Year

TMC and Internet Telephony Magazine have named Evolve IP’s unified communications platform as a 2017 Unified Communications Product of the Year Award winner. This marks the 6th time Evolve IP has been honored with this prestigious award and follows a series of product innovations that have allowed the company to rapidly expand its international coverage.

Evolve IP’s business collaboration tools and IP phone system dramatically improve employee productivity in the office and on the road with a Unified Communications as a Service (UCaaS) platform that fully integrates voice, video, instant messaging & presence (IM&P), desktop sharing, audio/web conferencing and more. The company also provides a sophisticated Web-based management portal, OSSmosis®, that allows administrators to easily configure system functions and quickly modify users without the need to reach out to a third party for changes.

Inc.

Inc. magazine has recognized Evolve IP in the 34th annual Inc. 500|5000, an exclusive listing of the nation's fastest-growing private companies. The list will be unveiled in the September issue of Inc.

The story of this year's Inc. 5000 is the story of great leadership. In an incredibly competitive business landscape, it takes something extraordinary to take your company to the top," says Inc. President and Editor-In-Chief Eric Schurenberg. "You have to remember that the average company on the Inc. 5000 grew nearly six-fold since 2012. Business owners don't achieve that kind of success by accident.

Payment Card Industry Data Security Standard (PCI DSS)

Evolve IP has achieved Payment Card Industry (PCI) Data Security Standard (DSS) compliance covering all 12 sections of the PCI DSS. The PCI data security standard is a comprehensive set of standards that require merchants and service providers that store, process, or transmit customer payment card data to adhere to strict information security controls and processes. It was created by the founding brands of the PCI Security Standards Council, which includes American Express, Discover Financial, JCB International, MasterCard Worldwide, and Visa Inc.

CSA STAR

Evolve IP is also a registered and participating member of the CSA Security, Trust & Assurance Registry (STAR). The CSA was formed to encourage transparency of security practices within cloud providers. It is a free, publicly accessible registry that documents the security controls provided by various cloud computing offerings, thereby helping users assess the security of cloud providers they currently use or are considering contracting with. CSA STAR is open to all cloud providers, and allows them to submit assessment reports that document compliance to CSA published best practices. The searchable registry will allow potential cloud customers to review the security practices of providers, accelerating their due diligence and leading to higher quality procurement experiences. CSA STAR represents a major leap forward in industry transparency, encouraging providers to make security capabilities a market differentiator.

Deloitte’s Technology Fast 500TM

Evolve IP has been ranked for the second consecutive year on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America – both public and private. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth from 2012 to 2015. The list is a veritable Who’s Who of technology that has included tech companies like Google, VMware and Facebook.

Technology Fast 500 provides a ranking of the fastest growing technology, life sciences, and energy the companies – both public and private – in North America. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth during the period from 2012 – 2016.

Red Herring

Red Herring has named Evolve IP as one of the Top 100 Companies in North America.  Red Herring’s Top 100 recognizes the leading and most promising private companies from around the world. Among the over 20 criteria used to analyze companies for the award, Evolve IP was noted for its financial performance, technological innovation, customer footprint, the DNA of its founders and addressable market.

Red Herring selects the award winners for North America from approximately 1,200 privately financed companies each year in the US and Canada. Since 1996, Red Herring has kept tabs on these organizations and its editors were among the first to recognize that companies such as Facebook, Twitter, Google, Yahoo, Skype, Salesforce.com, YouTube, Palo Alto Networks and eBay would change the way we live and work.

Entrepreneur

Evolve IP has been recognized as one of the “Best Entrepreneurial Companies in America” in Entrepreneur magazine’s Entrepreneur360™ Performance Index, a study involving a comprehensive analysis of private companies in America. Based on this study forged by Entrepreneur, Evolve IP is recognized as a company that exemplifies growth, not just in top and bottom line, but in sustainability and the ability to achieve lasting success.

According to Entrepreneur, after evaluating approximately 10,000 U.S. based firms, the team of editors and researchers behind the E360 Performance Index collected more than 250 pieces of data from the finalists, focusing on growth drivers and challenges, goal setting, resource allocations, and reward systems. The analysis uncovered a class of leading companies, including Evolve IP, whose continued success is largely based on superior value creation for their customers, building an adaptive learning culture, and aggressive geographic expansion—placing them amongst the most dynamic firms in America today.

Latest Press Releases

Johnson Investment Counsel’s Pandemic and Business Continuity Planning Enables Employees to Work Anywhere
June 2, 2020 / Evolve IP
[vc_row][vc_column][vc_column_text] Ensures “Seamless Experience” Between Work-From-Home Advisors and Clients With Integrated Collaboration, Communications and Virtual Workspaces From Evolve IP WAYNE, Pa. — June 2, 2020 — Johnson Investment Counsel, one…
Evolve IP has Teamed with Ingram Micro
May 15, 2020 / Evolve IP
Evolve IP announced it has teamed with Ingram Micro to make it easier for channel partners to market, sell, and deploy Desktop as a Service (DaaS) to businesses throughout the…
Evolve IP Offers Rapid Deployment of Desktop as a Service to Ingram Micro Channel Partners
May 11, 2020 / Evolve IP
Teams with Ingram Micro to Enable Channel Partners to Market, Sell and Deploy Full Cloud Desktop Capabilities with VMware Horizon DaaS in Five Days or Less to Businesses in North…
Evolve IP and Pax8 partner to offer Evolve Teams with Enterprise Voice
April 27, 2020 / Evolve IP
Cloud distributor Pax8 has partnered with Wayne PA-based Cloud Service Provider [CSP] Evolve IP, to bring Evolve Teams with Enterprise Voice to Pax8’s MSP partners across North America. Ideally suited…
View More
close

Contact Us

or Call 1.877.459.4347