When the pandemic first instigated a global shift to remote work, videoconferencing emerged as an immediate solution to work-from-home restrictions. The initial era of “remote everything” has given way to durable and hybrid work models that force companies to rethink how they work. The shift to cloud-based solutions has become more attractive to SMBs looking to maximize both efficiency and productivity.

To improve internal organization, businesses have massively adopted collaborative tools. Microsoft Teams now has 270 million monthly users up from 75 million in 2020 - an increase of 260% (Source Microsoft).

Millions of businesses rely daily on Microsoft 365. Users would be forgiven for thinking their data is safely stored in the cloud and that Microsoft offers comprehensive backup and recovery features. This is a dangerous misconception. Microsoft’s “Shared Responsibility Model” states that Microsoft is responsible for infrastructure maintenance while users are responsible for protecting actual Microsoft 365 data. 

“Customers are responsible for their data and it is their responsibility to deploy long-term data storage, backup and recovery and define whether their data protection strategy is on-premises and/or in the cloud. These considerations need to be managed separately from Microsoft 365 infrastructure to ensure the highest level of protection and to meet requirements of maintaining data in a sovereign storage if they so wish.” says Renaud Bonnevie, Technical Product Manager at Atempo. 

Experts at Gartner and IDC confirm this statement:

Gartner research from 2019* highlights that Microsoft Office 365 offers a robust service, but its data protection capabilities vary across applications (…) I&O leaders should augment their backup and recovery strategies with third-party solutions.

IDC* states that ‘’Backup for fast-growing SaaS such as M365 is no longer an option — it is imperative for security and data control."

What are the main threats of not applying a consistent backup policy? 

• Accidental deletion: unintentional deletion by an authorized user,
• External and internal security vulnerabilities: both security threads are linked to sabotage by former employees or hackers exploiting vulnerabilities in software or “password-spraying” attacks to gain access to applications and deploy malicious software,
• Legal and compliance penalties: customers must maintain data archives to meet financial regulations, produce evidence for legal cases and document consumer data use,
• Retention gaps: several data management use cases such as inadequate backup rules or not backing up former employee data for cost reasons for example,
• Data sovereignty: Deloitte Tech Trends have emphasized that companies will modernize their data management approach with data sovereignty becoming a major trend. 
  

  *Source: "Prevent Data Loss by Assessing Your Office 365 Backup and Recovery Needs"

  *Source: IDC 2019 – ‘’Why a Backup Strategy for Microsoft Office 365 is Essential for Security, Compliance, and Business Continuity’’

For the second part of this blog series, please click here.

Download the PDF version by clicking here.

To contact an Atempo expert to talk about your M365 protection needs, please click on this button: