Six Points Of Clarity For Third-Party Office 365 Backup

By David Ngo

There’s little doubt that many organizations across the globe are adopting Microsoft Office 365 solutions.  In fact, Microsoft recently said it has more than 2.7 billion meeting minutes a day happening on its Teams platform, and a nearly 1000% increase in video calls1. And according to Microsoft’s Q3FY20 earnings statement, Office 365 Commercial seats grew 20% to nearly 258 million.1 

But with such rapid adoption and rushed deployments of Microsoft 365 solutions, also comes risk.  The U.S. Department of Homeland Security’s Cyber security and Infrastructure Security Agency (CISA) recently warned that organizations that needed to quickly deploy Office 365 to support remote collaboration, may have made oversights in important security configurations that could be exploited by attackers.2 “Given the rapid and massive adoption of Microsoft 365 in the last month, wise CIOs need to be considering how they are protecting their data with reliable and proven Office 365 backup and recovery solutions.”

The fact is, as more data is stored in the cloud, data loss and ransomware attacks are on the rise. Organizations of all sizes that adopt Microsoft Office 365 need a robust data management and protection solution to protect and ensure the compliance of all their Office 365 data, not just email.  Cloud providers also advocate a shared responsibility model wherein the cloud users are responsible for protecting their data, and Office 365 is no different.  Many organizations, in their rush to deploy, may have overlooked that important fact and are now considering how to adequately protect themselves.

Why third-party data protection coverage?

Office 365 offers some native data protection tooling using replication, retention policies, versioning and recycle bins, but pristine data management requires more. Users without a third-party solution are risking data loss once data moves out of the recycle bins, while storing backup copies within the Office 365 infrastructure violates data separation principles. In addition, native Office 365 data protection offers no contractual RPO and RTO, and doesn’t allow for granular data restore.

Some SaaS data protection startups are limited in their functionality, but you may not know it by how they are presented. You need to dig into specifics like level of coverage within an application. When it comes to your Office 365 protection, backup and recovery solution, a wise CIO is going to focus on the flexibility and granularity of the solution and not be distracted by marketing hype.

When looking at backup and recovery solutions for Microsoft 365, CIOs should carefully consider the following:

  1. Application Coverage

    Office 365 is more than just mailboxes and many solutions simply cover Exchange yet call themselves full Office 365 backup and recovery.  Make sure Exchange Online, OneDrive, SharePoint Online, MS Project, Groups and Teams are also covered.

  2. Global Indexing and Search

    When dealing with thousands upon thousands of email accounts, SharePoint sites, and OneDrive files, you’re going to need global indexing to easily locate any particular or individual file to restore without knowing its location path.  A good Office 365 backup and recovery solution is going to allow granular recovery with the ability to identify data by name, item level, mail item and give you choice on recovery location (original source user or different user mailbox).

  3. Commonality and Expandability

    No one likes having separate and incompatible backup and recovery solutions across desktops, core infrastructure and cloud solutions like Microsoft 365. Look for companies that have a common code base and single-pane-of glass management interfaces across their SaaS-based backup and recovery solutions for maximum compatibility.

  4. Security

    While it goes without saying, your data backup and recovery solution must be secure. A true SaaS solution provides airgapped protection and a separate control plane to guard against ransomware, but vendors must also provide for encryption in flight and at rest, as well as granular access controls

  5. Malware and Ransomware detection

    Being able to identify attacks in action while isolating and flagging anomalous patterns significantly enhances organizations ability to respond to data breaches and associated threats. This value-added service is significant for all customers that have sensitive content to reduce their exposure.

  6. Cost-effective scale

    You’d be hard-pressed to find someone that says, “I have no plans to grow; I like being right where we are today.” That means scalability is a minimum requirement when looking for data backup and recovery.  Look for the solution that lets you seamlessly add users, scale to protect petabytes of data, and offers unlimited storage and retention with the service.

When it comes to data protection for Office 365, you should consider Metallic Office 365 Backup and Recovery.  Metallic is a born-in-the-cloud, enterprise-grade SaaS offering with the unique benefit of leveraging proven Commvault technology – the same technology that is built on Microsoft, used by Microsoft, and currently manages more than 1 exabyte of data in the cloud. Our technology boasts more than 800 patents, which means other companies are playing catch-up. 

When it comes to protecting your enterprise’s data, you don’t want to go with second best or the new kid on the block.  You want industry leadership and an established track record, as well as trusted partnerships (like our recent announcement with Zones) to help you on your path to cloud data protection. Why not give Metallic a try – or reach out and let’s discuss your Office 365 backup and recovery requirements?

References

  1. Yahoo Finance. Microsoft 365 Corporate VP on technology amid coronavirus crisis.  9 April 2020. https://finance.yahoo.com/video/microsoft-365-corporate-vp-technology-150026821.html
  2. Cybersecurity and Infrastructure Security Agency. Microsoft Office 365 Security Recommendations. 29 April 2020. https://www.us-cert.gov/ncas/alerts/aa20-120a