Microsoft Office 365 has become a staple in many organizations due to its convenience and accessibility. However, while Office 365 offers a range of services and applications, it does not provide a comprehensive backup solution. This can lead to significant pain points for organizations, particularly in terms of data protection and recovery.
Pain Points with Native Solutions in Office 365
Office 365’s native solutions do not provide comprehensive backup and recovery options. For instance, while Office 365 does have some built-in data retention features, they are limited in scope and duration. Data can be easily deleted or overwritten, and once it’s gone, it’s often gone for good. This can result in significant data loss, which can be detrimental to an organization’s operations and reputation. Version control is also not a backup and with versioning, apart from the potential to have a limit on the amount of versions, files can still be deleted.
With SharePoint Online for example, once a file is deleted it goes into the primary recycle bin and afterwards into the second stage recycle bin. You have a certain amount of time to recover any deleted items but once the files are purged from the second stage recycle bin, you can’t bring them back. Unless you have a backup solution.
Is having a Backup required?
Data protection is not just a matter of good business practice; it’s often a legal requirement. For example, the Australian Privacy Act 1988 mandates the protection of personal information, with specific rules for how such information should be handled. Similarly, the Data Protection Act in the UK and Australia (the Privacy Act) and the GDPR mandate that organizations use personal data in a fairly manner, lawfully and transparently. Imagine someone files a Freedom of Information Act (FOIA) or Data Subject Access Request (DSAR) which as an organization you must be able to meet these reasonable requirements.
ISO 27001 as an international standard that provides guidelines for information security management systems, includes requirements for backup and disaster recovery processes. According to ISO 27001, organizations should have a disaster recovery plan that specifies actions to take if an incident impacts their information security systems. This plan should ensure that all data is backed up regularly and securely.
Data breaches and ransomware attacks are becoming increasingly common. In fact, global ransomware attacks are at an all-time high. These attacks can lead to significant data loss and can have severe consequences for an organization’s reputation and bottom line.
The Importance of having a comprehensive Backup solution
Backing up site settings and permissions is just as crucial as backing up files. Site settings include configurations that control how your site functions, while permissions determine who can access your site and what they can do. If these settings are lost or incorrectly modified, it can disrupt your site’s operation or compromise its security.
For example, if someone breaks permission inheritance on a list or library in SharePoint, it creates fine-grained permissions. These permissions can be complex to manage and can lead to performance issues if not handled correctly. Moreover, once inheritance is broken, if you revert this action and inherit from the parent, all the custom permission are lost and can not be reverted. This could be time-consuming and error-prone. Having a backup allows you to restore the permissions to their previous state quickly and accurately. When you think backup in O365, it’s not just about backing up your files but also who has access to them, your site structure and settings as well as other aspects like email messages, chat, Power Platform workflows and most importantly any O365 groups.
