Migrating to the cloud is a topic that most businesses are in the middle of, if not already there. The pandemic has pushed businesses to find new ways of empowering end-users with business-critical productivity applications, connectivity, storage, collaboration, and many other requirements. The legacy on-premises environment requiring connectivity back to the enterprise data center to connect to the tools needed is no longer practical to meet the challenges faced today.
While migrating processes, services, and data to the cloud, businesses must have a way to protect that data. All too often organizations decide to move everything to the cloud and backup is an afterthought or the backup strategy is incomplete or doesn’t provide complete protection from a disaster event. The Microsoft Office 365 environment is an extremely popular Software-as-a-Service solution that continues to grow exponentially. Let’s take a look at five common Office 365 backup mistakes and how to solve them.
5 Common Office 365 Backup Mistakes and How to Solve Them
When mistakes are made related to your backups or backup strategy, a disaster can lead to the worst-case scenario where data is unrecoverable. What common backup mistakes in Office 365 do you want to avoid?
- Not backing up your cloud SaaS environment
- Protecting only certain services and not all
- Storing your backups in the same cloud as production
- Not encrypting your backups
- Failing to protect your backups from ransomware
1. Not backing up your cloud SaaS environment
Not backing up your cloud SaaS environment may seem like an obvious mistake. However, many businesses work under the assumption there is “magic dust” the cloud service provider such as Microsoft sprinkles on your data that it can never be lost.
While Office 365 now provides file versioning built into OneDrive for Business and SharePoint Online, Microsoft never officially markets this feature as true enterprise backup. The native file versioning offered by Microsoft in Office 365 is limited. The file history contained in the versions can be deleted by any user who has write permissions on the data.
In addition, the history of the files is limited – typically 30 days. You can use Compliance retention (which is an added cost without certain subscription levels) that allows retaining data longer. However, again, this is a paid feature for many without the enterprise plans that contain the Compliance retention feature.
2. Protecting only certain services and not all
There is another backup mistake that is akin to the first mistake mentioned, not backing up your environment at all. This mistake is made by businesses for any number of reasons. Sometimes businesses may migrate to the cloud and start out using certain services. They may protect those services with a third-party backup solution. However, as cloud use grows, the organization may fail to back up the additional data stored.
For others, they may actually be limited by the data protection solution itself. Many third-party backup solutions on the market today can only backup certain services underneath the cloud Saas environment being used such as Office 365, now Microsoft 365.
In other words, don’t fall into the Office 365 backup mistake of backing up your OneDrive accounts in your organization, but not backing up Exchange Online if both are used in the organization. Protect all cloud SaaS services used in the environment.
3. Storing your backups in the same cloud as production
Going back to backup best practices in on-premises environments, we would never backup a production storage array and literally, copy the backup files to the same storage array where your production VMs or other infrastructure lives. Why is this?
While there are certain problems that could happen where the storage array is fine and other workloads, including your backups, are accessible. There are definitely times when you might suffer from a hardware failure that takes down the entire storage array. Since that array stores both production and backup data, you have lost your way to recover along with the production data. This is a situation you never want to be in.
While it is oversimplifying cloud environments to equate them to a simple storage array, it helps to drive the point home in principle. A backup mistake would be to store the backups of your Microsoft cloud data in your Microsoft cloud. There have certainly been times when Microsoft’s cloud has experienced issues across the board, affecting many systems.
4. Not encrypting your backups
When it comes to securing your data, encryption is your friend (not the encryption of ransomware, but the good kind that works for you and not against you). When you encrypt your data, it is scrambled using a key set that makes the data unreadable without the encryption key.
All too often, we secure and guard production data only to somehow assume that backup data is never targeted because it is backups. However, we do well to remember that backups contain production data. It means that we can block access, protect, and secure production data, and if we drop the ball on protecting backup data, attackers can still compromise your sensitive and otherwise critical data.
Make sure you are encrypting your backup data both in-flight and at-rest. In-flight encryption makes sure the data is encrypted as it is transmitted over the network. At-rest encryption encrypts data as it sits on your storage. Both are needed to truly protect your backup data all the way around.
5. Failing to protect your backups from ransomware
Modern ransomware variants are now purposely going after backup data. It makes sense. If a company has good, accurate, and up-to-date backups, it will be much less likely to be forced into paying the ransom demanded. However, if a company’s backups are also encrypted by ransomware, the cybercriminals have the best of both worlds. They have the production data and they have the only means you have to recover your data, especially if due diligence has not been given to off-site backups.
There are various ways to protect backup data. However, a new idea around protecting backup data stems from a WORM model introduced on the Amazon S3 offering called Object Lock. With Object Lock, you can literally specify data that cannot be changed, overwritten, or deleted.
Note the following description written by Amazon regarding the Object Lock feature:
Amazon S3 Object Lock is an Amazon S3 feature that allows you to store objects using a write once, read many (WORM) model. You can use WORM protection for scenarios where it is imperative that data is not changed or deleted after it has been written. Whether your business has a requirement to satisfy compliance regulations in the financial or healthcare sector, or you simply want to capture a golden copy of business records for later auditing and reconciliation, S3 Object Lock is the right tool for you.
This concept is now being used by third-party vendors to secure your backup data from being overwritten, encrypted, or deleted. it allows setting a specified period of time for your backups which makes them “locked” from editing. However, the restore points allow organizations to properly protect their backups from the devastating consequences of ransomware encrypting their backup files.
Backup Office 365 effectively using NAKIVO
When it comes to backing up your cloud SaaS environment, the backup solution is a key factor in avoiding backup mistakes. NAKIVO Backup & Replication not only covers your on-premises workloads running on top of leading hypervisors like VMware vSphere, Microsoft Hyper-V, and Nutanix AHV but it also allows you to backup and protect your Office 365 environment effectively. It allows businesses to protect
- Exchange Online
- OneDrive for Business
- SharePoint Online
- Contacts and calendars
In looking at the backup mistakes that businesses commonly make, not the following:
- Not backing up your cloud SaaS environment – NAKIVO provides an effective and efficient data protection solution for both on-premises and Office 365 cloud SaaS environments
- Protecting only certain services and not all – NAKIVO covers the major Office 365 services used by most businesses today – Exchange Online, OneDrive for Business, and SharePoint Online
- Storing your backups in the same cloud as production – NAKIVO provides a number of storage solutions for your Office 365 backups. You can storage your backups in a NAKIVO-powered on-premises repository, cloud storage in AWS S3, Wasabi cloud storage, and it provides the ability to storage bakcups on NAS storage devices
- Not encrypting your backups – NAKIVO provides AES-256 bit encryption, both in-flight and at-rest
- Failing to protect your backups from ransomware – NAKIVO Backup & Replication v10.4 provides Immutable Local Repositories that applies the same technical capabilities as the AWS S3 Object Lock functionality, making it impossible for ransomware to encrypt your business-critical backups
Learn more about NAKIVO Backup & Replication and download a fully-featured trial version here.
Check out other VHT posts covering NAKIVO:
- NAKIVO Backup and Replication v10.4 GA Released for Download
- How to Recover from a Ransomware Attack with NAKIVO
- Backup Microsoft Office 365 for Remote Workers with NAKIVO
- Backup and Restore OneDrive for Business with NAKIVO