Table of Contents Hide
Shai Nuni, vice-president of Metallic EMEA at Commvault, discusses why organisations need to take charge of backup and recovery for their Office 365 environments
The SaaS market may have experienced growth during the pandemic, but so has cyber crime.
As we embrace the large-scale shift to hybrid working, businesses must remember that managing and protecting data is of the utmost importance no matter where you generate it. Using SaaS solutions like Office 365 to enable a hybrid working environment has many advantages — including the potential to help create a better work/life balance and remove the dreaded daily commute. However, SaaS solutions and the hybrid working opportunities they support can expose vulnerabilities in corporate cyber security policies by creating a backdoor through which cyber criminals can gain access.
Microsoft Office 365 has 60 million SaaS-based app users, and its array of market-leading tools like Exchange, OneDrive, SharePoint, and Teams make data available anytime, anywhere. During the pandemic, these tools gave us the ability to keep meeting, collaborating, and advancing even when we couldn’t work in the same room. But how many of these apps and their corresponding data are protected and recoverable? It’s an important question to ask, as cyber attacks show no sign of abating.
As such, businesses of all sizes need purpose-built tools for long-term data retention, rapid recovery options, and SLA compliance. Without a structured, long-term plan in place, it can take weeks or even months to recover data. And, with Gartner’s estimate that on average, downtime costs $5,600 per minute, no organisation wants to be offline a second longer than it needs to be.
Accelerating IT disaster recovery with unified backup
Why do I need to worry about backup and recovery when I’m using a SaaS platform?
Reason 1: Increased cyber crime
SaaS has experienced rapid growth during the pandemic, but so has cyber crime. Take the recent surge in ransomware, which is designed to exploit unprotected sensitive information in the cloud. Essentially, hackers penetrate your system, encrypt vital information rendering it useless, and then demand a hefty financial pay-out to release your critical information back to you – severely disrupting and potentially halting business operations.
And as ransomware threats and the price tags associated with them surge, SaaS data protection can provide an end-to-end safety net – preserving and isolating data copies (like Office 365) outside of application environments, enabling businesses to recover compromised data quickly.
Reason 2: Human error
But it’s not just cyber criminals we need to consider. Innocent, accidental human error is all too common as well. Whether it’s mistakenly removing a user, altering a site or file in error, or deleting an important email. Indeed, research suggests that user and admin errors lead to 47% of SaaS data losses. Remember that just because data is lost or corrupted by accident, it can still take a lot of time, effort, and resources to recover — and inconvenienced customers won’t be any more patient or forgiving.
Reason 3: Maintaining compliance
Cyber attacks and human error can potentially compromise compliance with national standards and internal company regulations. While Microsoft-native controls offer replication capabilities, it is not purpose-built to meet data recovery and retention SLAs. With a robust SaaS data backup and recovery solution, organisations can get unlimited storage, unlimited retention, and comprehensive recovery options that extend beyond Office 365 capabilities, enabling administrators to meet their stringent SLA requirements and be compliance-ready.
Enterprise architecture: a tool for business recovery?
What are the primary considerations when planning a SaaS-based backup and recovery strategy?
Today’s businesses require long-term retention, granular backup options, data source separation, flexible recovery options, and more. This level of control not only mitigates data loss but eliminates downtime by enabling businesses to rapidly restore data with better speed, precision, and scale. In fact, industry experts recommend third-party solutions as the last line of data defence. Here are three points to consider at the outset:
No matter the size of your organisation, if you’ve automated the backup process for your Office 365 environments, then you’ve taken a big first step to protect your data and ensure its quick recovery. Keep in mind that access to regularly backed up files significantly improves the chances of recovering from a system outage or malware attack.
Find a solution that will let you effortlessly pinpoint SaaS data and records. Organisations need to be able to perform targeted restores, preserve critical data sets, and manage production and sandbox environments with ease. Some of this will come down to granular search and restore, but it’s also a good idea to implement point-in-time and version-level recovery tools and immediate restores.
Multi-layer your security
Staying secure means that it’s easier to stay compliant. Look for a solution that offers stringent standards, privacy protocols, and zero-trust access controls — this could also include isolated, air-gapped backups from source data, built-in GDPR compliance, and encrypted data when at rest or in-flight. Multi-layering your security also means you can add role-based, SSO, SAML authentication controls too.
Many believe cloud service providers — like Microsoft — are responsible for administering their SaaS applications and protecting the data that’s stored and created within them. But like many cloud service providers (such as Google and Salesforce), Microsoft follows a shared responsibility model. In this model, Microsoft is responsible for maintaining the infrastructure, uptime, availability, and access. However, customers need to take responsibility and ownership for protecting their own data entering, housed in and leaving the solution.
Given this, IT administrators and professionals must recognise that the burden of safeguarding Microsoft 365 data ultimately lies within their organisation. This responsibility must be taken seriously, and organisations must therefore assess and re-evaluate their 365 environment protection before it’s too late.