40% of Organisations Not Doing Enough to Protect Office 365 Data.

Tony MasonData Protection, Microsoft 365 Security

Microsoft Office 365 Security

Office 365 Data Security.

Companies could be putting themselves at risk by relying exclusively on Office 365 Data Security, according to Barracuda.

Barracuda’s latest report found that 40% of IT organisations surveyed don’t use third-party backup tools to protect Office 365 data. The report questioned more than 1,000 IT professionals, business executives, and backup administrators.

They explain why it is a big risk to ignore third party data back up tools and just trust Office 365 to deliver all the back up you need. This is particularly important as the amount of data being lost remains high. As we are using more devices and getting our data from more places each year, it becomes harder to ensure our data is secure.

Why Use Third Party Back Up?

Barracuda’s Director of Data Protection Platform Strategy, Greg Arnette, explains.  While Microsoft does offer a resilient SaaS infrastructure to guarantee availability, it doesn’t secure data for historical restoration for long.  Plus, its service-level agreements don’t ensure against user error, malicious intent, or other activity that can destroy data.

“Microsoft will protect your data for an outage in a data centre environment, but they will not detect threats such as account takeovers and ransomware. Those kind of attacks will look like the actions of a typical end user. The backup vendors are now doing more detection using cloud-based APIs to keep track of what changes over time.”

The report explains deleted emails are not backed up on Office 365 in the traditional sense. Instead, they are placed in a recycle bin for up to 93 days before being completely deleted forever. For SharePoint and OneDrive, deleted data is held for a maximum of 14 days by Microsoft.  Plus you need to open a support ticket to retrieve it. SharePoint and OneDrive can’t even retrieve single items/files; they have to restore an entire instance. It’s actually doubtful that these short term retention policies would even meet most of today’s compliance requirements.

Cloud Back Up

Many think that if data is in Saas, then it will automatically be backed up.  However this isn’t the case. Just because it is ‘held in the cloud’, doesn’t mean that it will be backed up.

The Barracuda report also discovered that while 64% of companies worldwide state that they back up data to the cloud, 36% still don’t. Although the report didn’t show clearly why this was, it is likely that there are still major security concerns over storing in the Cloud.  This is despite the benefits of being able to retrieve everything if hit by a disaster such as fire or flood.

Companies need to realise that they are responsible for their data: protecting, archiving and being able to recover it, especially email.

See the whole story at Dark Reading.

Barracuda Essentials offers all-in-one Cloud Based Email Security, Backup, Archiving & eDiscovery for Office 365.

Take a look here for more information.

Ensure you are backed up. The alternative isn’t worth thinking about.