Microsoft 365 (M365) is widely used, and it is getting more and more popular by the day. In fact, the past year alone saw the adoption of Teams—one of M365’s components along with Exchange Online, SharePoint and OneDrive—rise from 115 million active users to 145 million over the last quarter.
But given this spike in usage and the fact that M365 is so popular to begin with, it is only fair to ask: Are organisations adequately protecting the enterprise data they are putting in the cloud by way of M365? A second equally important question is: Can organisations using M365 get their data back in case it is compromised, as in a cyber attack or by ransomware?
To better understand why these questions need to be asked, it is crucial to first determine why there is a need to protect M365 in the first place.
The answer is quite obvious. Data you store in M365 (or in the cloud) is at risk of compromise—always. In fact, according to a State of Cloud Security report, 70% of companies hosting their data or workloads in the cloud have been breached in the past year, with malware as the most common attack type (34%), followed by exposed data (29%), ransomware (28%), account compromise (25%) and cryptojacking (17%).
Critically, M365 can also be attacked by ransomware. This should alarm you just as much because (a) there is bound to be some sensitive user data in your M365 and (b) Exchange Online can be an easy entry point to all malware, notably ransomware since email is the most common entry point of such attacks. There are, in fact, three main ways bad actors can target your M365 with ransomware: Infection, encryption and theft, and exfiltration.
The problem with M365—and similar cloud-based as-a-Service offerings, for that matter—is that it is not entirely responsible for recovering your compromised or missing data. You, contrary to what appears to be popular belief, alone are responsible for that, with Microsoft being responsible only for infrastructure availability and uptime. This is the shared responsibility model, and while Microsoft may offer a best-effort option for data recovery, there is a minimal guarantee that it will actually be done.
Granted, M365 offers native data retention options but deleted items under these options are retained by default for only 93 days, with only OneDrive having a point-in-time 30-day recovery option for ransomware. But even that is not enough when you take into account the ability of ransomware to sit idle for longer than 30 days to sidestep this kind of [limited] native retention. In other words, these “features” do not constitute a complete backup strategy.
This is not to say that Microsoft’s native data retention options are useless. What this means is that these need to be augmented—ideally by a cloud-based Backup-as-a-Service (BaaS) since, well, data in M365 is in the cloud already. On top of that, choosing BaaS to protect your data makes sense because of these reasons:
- It utilises the OpEx model. Since BaaS is a pay-as-you-go service, there is no need for oftentimes pricey CapEx to build infrastructure. Instead, you will be able to pay only for the service you avail, and then scale up or down as necessary.
- It eliminates infrastructure needs. Without infrastructure, there is nothing more to maintain on-prem, and this frees up your IT team from typically labour-intensive backend work to ensure high availability. With one less thing to worry about, they can instead focus on doing value-adding work for the organisation.
- It updates and adds new features automatically. When done on-prem, updating and adding new features to your backup solution is typically a long and complex process. But when done by the BaaS provider, the time to perform updates and add new features is greatly reduced.
- It simplifies things—radically. Like all as-a-Service offerings, BaaS are generally easy to deploy and will often just require registration.
- It provides a single backup service for the hybrid cloud. BaaS can minimise complexities in backing up data—provided, of course, that it protects all cloud workloads and not just M365.
All things considered, M365 users should look to Cohesity, a pioneer in next-gen data management, and its Cohesity DataProtect BaaS for Microsoft 365. Cohesity DataProtect spans all of Microsoft 365 and provides a comprehensive but radically simplified enterprise-class backup and data management solution for Exchange Online, SharePoint Online, OneDrive, Teams and Groups.
Put simply, Cohesity DataProtect empowers IT teams to control backup and recovery processes while reducing costs, meeting compliance regulations and mitigating risks—all so you can meet the demands of your business.
Register to this demo on 22nd of September at 11:00 AM (Singapore Time) to learn more Zero Trust. Zero Tricks: Microsoft 365 Backup & Recovery.
Find out more about Cohesity’s M365 BaaS solution by checking out the On the Line with Cohesity podcast about M365. Then experience it firsthand by getting a free trial today!