Your Office 365 Data Security – Is It Properly Protected?

Office 365 Data Security

As more and more people collaborate and access data from outside the office and across multiple devices, the potential for SaaS data loss increases dramatically, and the damage can be catastrophic. A staggering 60 percent of companies that lose critical data shut down within six months of the loss incident, according to research from Boston Computing Network.

Collaboration

One productivity tool – Microsoft Office 365 – has become the talk of the town recently, and is a great example to illustrate the importance of proper data protection. Over the last 12 months, Microsoft has seen an uptick in companies of all sizes signing up. A notable example is General Electric, which announced it will be implementing the platform across its business. It’s easy to see why so many organizations are moving toward cloud-based SaaS applications like office 365 – they are secure, convenient and easy to set up and manage. Moreover, they enable a workforce to move faster, collaborating across offices around the world and other remote locations, all while reducing operational costs.

But there is a common misconception about SaaS data that mustn’t be ignored: and that is that Office 365 data can’t be lost. The truth is, your Office 365 data is probably not properly protected and may be at risk.

Protecting Data

Microsoft does an amazing job protecting data from any data loss risks on their side – including disaster recovery, server outages, etc. They make sure that your data is available, as long as you have requested them to do so. However, what Microsoft can’t do is protect your data from you. That’s not a typo. They can’t protect users from accidentally deleting data or an administrator from maliciously deleting important docs within Office 365.

Take the move from On-Premises Microsoft Exchange to Office 365 as an example. Administrators go from managing basically everything (network, hardware, OS, VMs, etc.) to only overseeing the policies, users and data. In this new environment, the responsibility for data protection is shared between an application administrator and Microsoft. As long as data loss is caused by a hardware or data center availability issue, Microsoft maintains responsibility, but Microsoft maintains responsibility and must adhere to the requests of users. If there is an external hack or internal malicious behavior, like a disgruntled admin deleting files, the responsibility falls solely on the customer. In some ways, this is actually a good thing because if SaaS providers like Microsoft didn’t delete data when requested by users, then there would be major questions regarding privacy.

Mitigation and Litigation

Office 365 Data Security

Now, Microsoft does suggest some options to help mitigate damage, like litigation hold for all email, but those are not the best solutions for companies that want to ensure their employees’ data is not only available and safe, but quickly and easily recoverable when a data loss event occurs. With archiving, users don’t usually expect to recover information quickly. On top of this, the process of getting what you want is cumbersome and is not something a busy admin will be able to accomplish as quickly as their end users may expect. To achieve reliable SaaS data protection, you need more than archive software, that’s where backup and recovery software comes in. With a third-party SaaS application backup and recovery solution, data is always available for quick and easy restoration to its original state – giving you the ability to essentially turn back time in no time.

The bottom line: Many of the same best practices that admins used in their on-premises environments must be brought along to the cloud, and they can’t assume that Microsoft will correct every single mistake. Ultimately, organizations need to pay more attention to the fine print and understand that they are responsible for keeping their own data safe in the cloud. So, as you move to cloud-based SaaS applications where someone else is managing the physical infrastructure and the applications on which your production data resides, you still need to have a plan in place to ensure that data can be swiftly accessed and recovered in every scenario.

By Jeff Erramouspe

Kaylamatthews

What Amazon’s Kendra Means for the AI and Machine Learning Future

Amazon's Kendra Learning Future Most people feel a bit astounded when they type a query into Google and get relevant results in milliseconds. They're probably not as impressed when using an enterprise search feature at ...
Martin Mendelsohn

How Will COVID-19 Impact Security Talent?

New Security Talent As we emerge from the era of COVID-19, unemployment will recede, and new jobs will be created more rapidly than jobs were lost between March and May of this year. We’re already ...
Juan Pablo Perez Etchegoyen

7 Security and Compliance Considerations for Cloud-Based Business Applications  

Security and Compliance Considerations There’s no doubt on-premises deployments of mission-critical business applications provide more control over data as it resides within the four walls of an organization’s network infrastructure. However, businesses can no longer ...
Kash Shaikh

A Clairvoyant Look Back on 2021

In a lookback from the future, here is what happened in 2021 as reported on January 1, 2022. 2021 was the year that our world worked its way out of the 2020 pandemic and back ...
Darach Beirne

Take Control of Telecom by Being Your Own Carrier

Being Your Own Carrier Departments and organizations of all sizes and across all industries are transitioning away from traditional hardware IT systems and embracing SaaS-based cloud offerings. The global pandemic has spurred greater cloud adoption, ...
Robots

How DSPs can Improve Straight Through Processing Rate in RPA Implementations by up to 82%

Robotic Process Automation Digital Service Providers (DSPs) today are well placed to take advantage of next-generation technologies like Robotic Process Automation (RPA), Machine Learning, and Artificial Intelligence. As most of the smart DSPs have already ...