Microsoft forecasts that two-thirds of Office 365 business users will adopt cloud by June 2019. The reason is simple. Today’s mobile users need anytime, anywhere access to their files, and the cloud makes that dead-easy. But, while accessing your data is simple with Office 365, data protection it isn’t so straightforward. Many users are unfamiliar with Office 365’s backup and restore functionality, and may lose their data permanently as a result. (Microsoft is clear about how it works, but not everybody reads the terms of service.)
We’d like to put an end to unnecessary data loss. So, today, we’re shining a light on the three most common myths about Office 365 data protection.
Myth 1: Microsoft provides full data protection
The first (and possibly most dangerous) myth is that Office 365 fully protects your cloud data. The fact that people believe this is understandable. The cloud has changed our mindset. Previously, we all used on-premise systems that were the responsibility of our IT departments. Now, we have SaaS solutions where the responsibility may lie with the users, but you have to read the terms of service to be sure. In the case of Microsoft Office 365, the solution does provide some retention and backup ability, but it is not sufficiently robust for many organizations.
In reality, while Microsoft does take responsibility for power outages and hardware or software failures, that’s the extent of it. You’re responsible for your data in the event of malicious attacks, accidental deletion, and other mishaps.
It’s true that Office 365 does retain data, to a certain degree. But the timeframe and restore ability differ from application to application. For example, Teams has versioning but not a backup system. Meanwhile, Sharepoint retains deleted items in the recycle bin for 93 days only. This diversity means that users have to be familiar with each application, rather than assuming that their data will always be preserved in the same way.
It’s also worth noting that some users confuse data protection with Microsoft’s uptime guarantee. The uptime guarantee is great: it replicates your data in a geographically redundant fashion to ensure that it’s available when you need it to be. But this doesn’t cover you if something changes the format of your data. If your data is corrupted, for example, the system just replicates the corrupted version, which isn’t very helpful.
Myth 2: Archiving guarantees data availability
Office 365 includes unlimited archiving, which represents a big improvement over earlier versions of Office. But some users don’t have a realistic sense of what unlimited archiving implies. Specifically, they overestimate how available their data is.
Archiving is long-term. It’s primarily for data that you don’t need to access often, and that you won’t need immediately in disaster situations. It can’t pluck everything you’ve ever done out of the ether instantly. Instead, it can bring back a handful of emails in 15+ minutes through a manual process.
This is not to diminish the usefulness of archiving. It’s perfectly sufficient for some organizations. But using archiving can be arduous if you need to recover hundreds of mailboxes after a data corruption event. It’s way too slow for recovering crucial production data during a crisis moment.
In these desperate situations, recovery time is a big consideration. If you’re trying to ensure the availability of your production data, you should make speed a priority. This means that it may be worth looking at a third-party solution, despite the cost.
Myth 3: Cloud-based services guarantee regulatory compliance
Many users mistakenly expect that in the case of a lawsuit or investigation, they’ll be able to respond “well enough.” But regulatory compliance is an important consideration in data protection. It shouldn’t be an afterthought. Be honest: if you were legally required to immediately produce a slew of documents from a specific date in the past, how easily could you do it?
In that kind of situation, where you need an immutable record of previous data, you have to be able to perform a point-in-time restore. That isn’t something that Office 365 can always do. For example, in Exchange, there are options for deleted item recovery, but Microsoft states that “point in time restoration of mailbox items is out of the scope of the Exchange service.” While Microsoft does update Office 365 to handle regulatory requirements for data protection, the final responsibility is, again, yours.
Busting the myths surrounding data protection
If you want good data protection, you’ve got to move past the myths and make contact with reality. Rather than making assumptions about whether Office 365 is taking care of your needs, you need to know exactly what it’s doing. This is why it’s imperative to assess your risk and create an Office 365 data protection plan.
For some organizations, this planning will primarily involve internal education. Sometimes, all that’s required is making sure that everyone has a thorough knowledge of all the relevant applications.
Embracing the truth about what’s going on with your data can be costly. Occasionally, after all, the truth hurts. But it doesn’t hurt as much as losing important Office 365 files.