Customer Stories

McConnell Dowell achieves cyber resilience for its Microsoft 365 environment with Druva

Druva Marketing

Cybercrime will cost businesses $10.5 trillion globally annually by 2025, according to Cybersecurity Ventures¹ — which will impact brand reputation, the customer experience, regulatory compliance, and business operations. It is no longer enough for businesses to be security-conscious or have a prevention-only strategy; they must be cyber resilient.

According to a recent blog post by Druva’s Chief Technology Officer Stephen Manley, cyber resilience refers to how prepared organizations are for a cyber threat. For organizations around the globe, Stephen says, this entails three main things: detection, protection, and recovery capabilities.

Druva customer McConnell Dowell knows that cyber resilience is important for business continuity, keeping its customer and asset data safe, and complying with data protection and compliance regulations, such as the European Union’s General Data Protection Regulation (GDPR) and Asia Pacific’s Personal Data Protection Act (PDPA). It leans on Druva to help with detection, protection, and recovery.

McConnell Dowell achieves detection, protection, and recovery capabilities with Druva

McConnell Dowell is known for tackling big construction challenges across the Asia Pacific (APAC) region. Their IT team has an equally big task – keeping its mobile, dispersed workforce of 3,500 connected. That’s why it relies on Microsoft 365 productivity tools, particularly OneDriveSharePoint, and Teams

Before Druva, it didn’t have the right mechanisms in place to detect a cyber threat, and, in terms of recovery, it was dependent on Microsoft’s recycle bin, making it vulnerable to data loss and ransomware

Ransomware attacks are happening more often and becoming more sophisticated, but McConnell Dowell has the confidence that it can detect and recover from such attacks against its Microsoft 365 data. Druva is protecting this business-critical backup data from encryption and deletion by delivering multi-layer defense against ransomware — air-gapped cloud backups with built-in orchestration and automation enable accelerated ransomware recovery.

“Druva’s great because of the granularity of restores it facilitates,” said Heinrich Kukkuk, head of IT at McConnell Dowell. “We wanted to restore a document within a SharePoint site, rather than an entire site, and Druva was one of the only solutions that let us do this.”

This came in handy when over 100 files were accidentally deleted and this wasn’t detected for several weeks. “We only had to enter the Druva console, click a few buttons, and within minutes we had restored all files,” Heinrich said.

Druva delivers SaaS application data protection and long-term retention for Microsoft 365 and more

Druva provides a flexible, comprehensive platform to centrally protect and govern business-critical data across multiple software-as-a-service (SaaS) applications, including Microsoft 365, Google Workspace, and Salesforce. Built in the cloud, Druva makes it easy to discover, protect, and govern SaaS data, even if it is complex, distributed, and fluid — as is the case for McConnell Dowell’s employee base.

For McConnell Dowell, Microsoft 365 is a business-critical application, yet Microsoft maintains a shared responsibility model for this data. As McConnell Dowell well knows, Microsoft is responsible for maintaining platform uptime while the customer is responsible for the protection and long-term retention of their Microsoft 365 data. 

Druva complements Microsoft 365 by filling data protection gaps without dedicated hardware, software or resources. Its secure SaaS platform allows Microsoft 365 data to be open and accessible to unified governance policies and ransomware protection, while allowing customers like McConnell Dowell to obtain critical insights into their Microsoft 365 data and business critical projects.

Automated compliance monitoring for GDPR, PDPA, and other regulations

With respect to long-term retention, McConnell Dowell often needs to retain data for the life of its assets, which can have very long lifespans. As data ages, Druva’s policies move rarely accessed data to Amazon S3 Glacier Deep Archive for secure long-term retention.

Druva’s metadata-centric architecture offers multi-dimensional support for managing and securing data in the cloud with long-term retention, and regulatory compliance. From a compliance perspective, McConnell Dowell needs to be compliant with data protection laws in the countries in which it operates, including Singapore, Australia, and New Zealand. 

Heinrich said compliance with regulations like GDPR and PDPA is much easier, thanks to the data sovereignty made possible by AWS availability zones and Druva.

What’s next?

Read the McConnell Dowell case study to learn more about how this company is securing 100 percent of its Microsoft 365 data 24/7 with Druva, and how isolated, long-term retention on the AWS platform keeps backups fully separate from its primary Microsoft Azure environment.


¹Cybersecurity Ventures, “Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics,” Morgan, Steve.