Small Businesses can’t afford to be without their data. It’s simply part of maintaining business continuity. Data backup and archiving is an insurance policy against the worst. And if you’re relying entirely on Microsoft to provide this, then you’re far from covered. Microsoft 365 Business includes some great services, but comprehensive data backup is not one of them. They place responsibility on you, the client, to back up your data. And so, they should. Their priority is managing and maintaining the Microsoft 365 infrastructure.
Microsoft’s 365 default data retention policies
Contrary to widely held belief, Microsoft does provide basic backup. The company backs up your 365 data every 12 hours and keeps it for 14 days. In the event of a ransomware attack, for instance, you can reach out to Microsoft, and they can restore your data. However, this will be a full restoration, so everything else will be overwritten. This form of basic backup will not help you if you need to restore a single file or folder. It gives users the ability to roll back shared files to a previous point in time (if that data has not been deleted already), it is an “all or nothing” restore. Instead of limiting the rollback to specific files or folders, your only option is to roll back all your data to a specific point in time. Alas, that's simply not good enough for most scenarios.
Microsoft uses a two-stage recycle bin, enabling users to retrieve deleted files within a “reasonable” period. Data that is stored in OneDrive or SharePoint can be restored within 93 days of being deleted. Email mailboxes can be retrieved for up to 30 days by default and individual emails can be retrieved within 14 days by default.
Microsoft does allow you to configure your own data retention policies through its Security & Compliance Center. You can decide to keep data indefinitely so that all your data would be retrievable long after it was deleted by any one individual. The problem here is not so much in the saving but in the retrieving. There’s no effortless way to find the file that you want to restore. Unlike the management consoles you get with third-party backup solutions, you can’t simply navigate to a document or folder to restore it. Instead, you are forced to search for the deleted files based on keywords or other metadata using Microsoft’s Content Search or eDiscovery tool, then export the results from the content search to restore them. Now imagine having to restore the contents of an entire SharePoint folder in this fashion. That process will be onerous and protracted.
Data loss due to user error and accidental deletions
Accidental deletions are the most common reason for data loss. If you discover that loss after your configured retention policy, you’re out of luck. Your data is gone. Even if you catch the error in time, will you be able to restore the files and accounts in the configuration you need? As stated earlier, the restoration process is not an easy one.
Ransomware and compromised administrator accounts
Whether by accident or malicious intent, most of the data loss is caused by humans, not infrastructure. Phishing attacks are on the rise. It’s becoming more difficult if not impossible to avoid. One wrong click by a user can infect your system with malware and corrupt your data. If your Microsoft 365 administrator account is compromised, your native backups are lost. Recovering from this nightmare scenario can be difficult and time-consuming using Microsoft’s built-in capabilities.
How quickly a small business recovers from a disaster depends on its ability to identify and control two things: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). While your ability to reduce RTO requires the flexibility to target exactly what you need to recover, RPO is dependent upon the frequency of your backups. Flexible recovery options and backup scheduling are core features of a robust, purpose-built backup solution.
What is Microsoft's position?
Microsoft itself recommends that you deploy a third-party backup solution as they recognise that their backup and retention policies aren’t designed to handle malware corrupting your entire system.
Microsoft makes it clear in their Shared Responsibility Model that they are not responsible for your data, only for the infrastructure they maintain to deliver their services. Here’s what the Enterprise Strategy Group has to say about the subject:
“Given Microsoft's responsibility and supporting technology is limited to infrastructure levels, organizations are exposing themselves to risks such as data loss and security breaches, retention and regulatory compliance exposures, and lack of data control in hybrid deployments if they are without third-party backup plans. In addition, many customers have their data stored in a combination of on-premises and cloud environments, while others have different teams on different versions of Microsoft 365 suites, which can make data protection more challenging in hybrid deployments without a unified backup solution.”
Therefore, the most compelling reason of all for considering a third-party backup solution is that Microsoft recommends that you do.
To find out more about FOS.net's 365 backup services.
Click to contact