Customer Story

Thirteen protects Microsoft 365 data from accidental deletion and ransomware with Druva

100%

Protection of all data in Microsoft 365 – Exchange Online, OneDrive, SharePoint, Teams

95%

Faster time to recover deleted or lost files with Druva – from five hours to minutes

About Thirteen

Thirteen is a social landlord and housing developer based in Northeast England. It manages 34,000 properties from North Tyneside to York. The company is a social purpose business that provides quality homes and support for those in need of housing. Its 1,500 employees serve more than 70,000 customers.

The challenge

Thirteen was formed in 2017 when several housing companies merged, creating the largest landlord and developer in Northeast England. Its IT team has broad responsibilities, from customer support to telecommunications, data storage, and application support.

Though the company uses a hybrid IT infrastructure, it sought to accelerate cloud projects. Four years ago it began its cloud journey by moving to Microsoft 365 using Exchange Online, OneDrive, SharePoint, and Teams for closer collaboration and the large-scale storage of business-critical – and often government-mandated – data.

However, Thirteen relied on Microsoft’s out-of-the-box recycling function for data recovery, in which deleted files are only held for 90 days by default. This put Thirteen at significant risk of irrecoverable data loss.

Microsoft operates a shared responsibility model for Microsoft 365, meaning it is responsible for protecting the platform, while its customers are responsible for long-term data retention. Without secure backups in place, Thirteen risked data loss due to accidental deletion, platform disruption, and ransomware. It had to replace insufficient tools and processes to respond to the increasing volume, sophistication, and variety of threats.

The solution

For the IT team, the top priority for data protection was cloud-native capability, so it ruled out Veeam immediately. The team met with Druva and started a proof of concept (POC) that same week. After comparing Druva with SkyKick, it was clear only Druva could handle Thirteen’s data volume and unique SharePoint folder structure (i.e., a single SharePoint folder storing millions of documents).

Another benefit is Druva’s native integration with Microsoft Teams. “Druva is superior to SkyKick by a mile,” said Hassan Bahrani, Thirteen’s Head of IT. “SkyKick didn’t integrate with Teams out of the box. It backs up groups and distribution lists, whereas Druva backs up actual Teams and SharePoint sites, and everything in Microsoft 365.”

Another differentiator is that Druva is built on Amazon Web Services (AWS). This was key for Hassan and the team because it enabled them to achieve complete separation between Microsoft 365 data on Microsoft Azure and its backups.

Furthermore, with Druva, backups cut ties with original data, protecting against corruption if a security breach occurs. Additionally, Thirteen, not Druva, manages the keys to encryption for data at rest, giving the organization complete control and privacy.

While Druva’s features are important, Hassan was equally impressed with its support. “When we reached out to Druva, we received amazing expert advice,” Hassan said. “They quickly fixed any issues, and always well within our service level agreement (SLA).”

Results

Druva provides Thirteen with a flexible, secure way to back up and restore all of its business-critical Microsoft 365 data. In fact, Thirteen’s IT team can now recover lost or deleted files 95% faster – taking minutes instead of hours. The solution also simplifies the location and recovery of specific data points, no matter how granular. This is crucial as UK GDPR laws give people the ‘right to be forgotten,’ meaning anyone can ask Thirteen to erase all records containing their personal data. Previously, these requests required hours of trawling through physical tape. With Druva, the team can find all records in minutes, saving valuable time while staying compliant.

The ever-present threat of a ransomware attack used to be of serious concern to Hassan’s team. Now, Druva provides his team peace of mind, protecting backups against infection, as single sign-on (SSO), multi-factor authentication (MFA), and role based access controls (RBAC) isolate and control data access to guard against infection and encryption. With Druva, he knows exactly how the company will recover affected Microsoft 365 data when, not if, a ransomware attack happens.

“We will likely experience a ransomware attack, and how we recover is going to be testament to our character and the controls we now have in place,” Hassan said. “Druva is a key part of that recovery plan.”

Choosing Druva means the IT team has more time to support staff as they help vulnerable people secure housing. “There are a lot of systems we could do without,” Hassan said. “But not Microsoft 365. It’s the heart of our business, and Druva ensures that data is secure so our company can continue serving our customers.”

Challenges

  • Reliance on Microsoft’s recycling function to recover Microsoft 365 data, including Exchange Online, SharePoint, OneDrive, and Teams, made the company vulnerable to data loss
  • IT had no easy way to recover Microsoft 365 data in the inevitable event of a ransomware attack
  • Thirteen’s unique SharePoint file structure – one folder holds millions of files – could not be backed up via SkyKick – a solution that wasn’t mature or flexible enough to meet their needs

Solution

  • A single pane of glass through which IT can manage backups and restores of Microsoft 365 data, including Exchange Online, OneDrive, Sharepoint, and Teams
  • Isolated backups on the AWS platform, keeping backups fully separate from its Microsoft Azure environment
  • Ransomware protection leveraging SSO, MFA, and RBAC, impenetrable to encryption or attacks
  • The ability to confidently recover data from isolated, full, forever backups in the AWS cloud

Results

  • 100% of Microsoft 365 data is secure 24/7 and recoverable in minutes
  • 95% faster data recovery for all Microsoft 365 data
    Complete confidence in data recovery in the event of a ransomware attack
  • Compliance with GDPR regulations and complete “right to be forgotten” requests in minutes