Bet I made you look, right? Ok so cross out these two zeros and I’ll give you five really good ones.
But first here is a disclaimer for you. I love Office 365. Love it to death. It’s a great productivity suite. And that is precisely the point. Office 365 is purpose-built for productivity and collaboration, as we will discuss below.
So let me ask you a question. Did you ever lose your data? I know I have in a past life. Long ago and far away, before I worked at Druva. One day I created a PowerPoint preso for an important meeting. Then, low and behold, my laptop crashed and burned. I thought my data was safe. But then reality hit. IT said ‘no can do’. The file didn’t synchronize. Bye bye preso. I was crushed. Hours of work, just like that. Poof. Gone. And let’s face it. This is something that happens daily. And this is still the most benign type of data loss an organization may experience. So why is this happening?
Because Office 365 is designed for productivity and collaboration, this entails a different set of considerations, compared to designing, say, a dedicated data protection solution, as discussed in a recent Gartner report. As such, when it comes to protecting users’ data and therefore protecting their productivity and collaboration, Office 365 falls short in five key ways.
1. Accidental data deletion
We’ve all faced this issue before while using Office 365. We accidentally delete a file. Or, in the course of collaboration, our colleague has inadvertently overwritten the file we labored over. To make matters worse, data corruption may occur during file synchronization, using OneDrive. In some cases we can partially or fully salvage the situation by reverting to an earlier version. However, that doesn’t always work. If we realize the problem after a while, say after 30 days, our file may be lost forever. Some Office 365 editions retain data for no more than 30 to 93 days.
Accidental deletion can also be broader in scope, whereby an entire SharePoint site is accidentally deleted by an administrator. Recovering thousands of files using Microsoft native capabilities can provide to be challenging, if not impossible. Only a 3rd party data protection solution offers unlimited data retention, and rapid bulk recovery, so accidentally deleted or corrupted files can always be easily and quickly recovered and erased SharePoint sites can be restored in no time.
2. Insider attacks
While many fret over malicious external threats, there are also internal bad actors we should defend our organization and our data against. One well-documented case is that of departing employees. A disgruntled employee may seek revenge upon departure and delete important files. Due to the collaborative nature of Office 365, this employee can now easily delete, not only their own files, but also those of co-workers.
There have also been cases of ‘rogue’ admins, who may decide to delete files in bulk. This can cause excessive damage due to the broad access rights of these IT admins. The challenge is that these threats may not be detected for a while. By the time they are discovered, the data may be lost forever if you are outside the typical Office 365 retention window.
Additionally, Office 365 does not differentiate whether these actions are malicious or innocuous in nature. Only a 3rd party data protection solution can detect unusual data patterns, investigate them and enable the organization to fully recover all files, regardless of when the insider attack is discovered.
It is safe to say that ransomware is one of the biggest nightmares, keeping many IT professionals up at night. Especially given much-publicized ransomware attacks, such as ‘WannaCry’, which caused devastating losses to impacted organizations.
Unfortunately, ransomware may harbor itself within corporate data for quite a while, and start quietly spreading, unnoticed. This can be further exacerbated by OneDrive’s inherent synchronization features, which may cause malware to further spread and infect other data, including files in recycling bins. By the time the organization becomes aware of the attack, it is often wide-spread and the organization may be paralyzed and unable to recover its data without paying the ransom. Only a 3rd party data protection solution allows the impacted organization to conduct investigations to pinpoint the exact time of the attack and identify the impacted files, then quickly and fully bulk-recover to ‘point in time’ pristine, pre-attack data.
4. Data retention and compliance
Some industries such as healthcare and pharmaceuticals are mandated by industry regulations to retain their data for as long as seven years. Additionally, data retention is often a core component of corporate governance policies. Most common Office 365 editions will only retain data for 30 to 93 days, which inhibits an organization’s ability to comply with industry regulations and corporate governance requirements. Only a 3rd party data protection solution offers unlimited data retention, so your organization can be certain to remain in compliance.
5. eDiscovery and legal hold
This is an aspect of data protection business users don’t really think about, as they go about their daily work creating content and collaborating. But in reality, these work-products may become court-ordered evidence during litigation. And when legal action mandates a corporation to submit all case-relevant data, they must do so swiftly and efficiently, without disrupting the productivity of the aforementioned data custodians.
Some editions of Office 365 offer no support for legal hold and eDiscovery. Others offer limited support for these capabilities. But only a 3rd party data protection solution can provide comprehensive and centrally-managed legal hold and eDiscovery, not only for Office 365, but also for other SaaS workloads as well as end-points, all integrated with popular eDiscovery platforms.
Some people may think that because their Office 365 data is in the cloud, it is safe. But in reality, as we discussed above that may not be the case. If you’d like to learn more, please check out this conversation between myself and Druva’s VP of Product Management, Prem Ananthakrishnan, as we chat through these issues and also hear important insights from Jason Hood, VP of IT at OnPoint Group, one of Druva’s customers. Please take a listen to this on-demand webinar ‘Protect your workforce productivity: What’s your Office 365 backup strategy?’ I hope you will find these insights helpful as you continue to build your data protection architecture.