1) Avoid dependency on one vendor
It is not advisable for an organisation to be wholly dependent on a single cloud vendor. If organisations don’t have control of their own data, they will struggle to act immediately once an issue becomes apparent. Even when data is retrievable, the process could end up being long and complicated, and there is the added problem of all-or-nothing destructive restores
2) Determine your own retention policies
Office 365 has limited backup and retention policies and it is not intended to be an all-encompassing backup solution. A simple recovery can be hugely problematic if data has fallen out of the retention period and deleted forever. You can easily avoid this with a data management service that provide retention periods from months to years and whose sole purpose is to ensure that your data can be recovered directly back to Office 365.
3) Address compliance issues
When someone deletes a user or users from Microsoft’s Active Directory – intentionally or otherwise – once they are outside of retention their Sharepoint sites and OneDrive data are also deleted. However, you may need those files for situations like legal action in months or years to come. If you are to retain access to data after a user has been removed from Active Directory, it’s imperative to have a backup to a third-party backup provider, not least for compliance purposes.
4) Recover everything in case of deletion
What happens when users accidentally or intentionally delete or overwrite files? Recycle bins and version histories in Office 365 provide limited protection. If you delete a user, intentionally or not, that deletion is replicated across the network. Once an item is purged from the mailbox database, it is unrecoverable. This could have far-reaching effects if a rogue employee decides to delete incriminating emails or files. Microsoft’s backup and retention policies can only protect you from data loss up to a certain point, and can’t take the place of third-party data management solutions.
5) Prevent delays due to data loss
When data is deleted or corrupted, businesses face three major problems: loss of data, loss of time and loss of money. Microsoft provides exceptional availability and cannot be expected to focus elsewhere on extended retention or old user data. Being solely reliant on Microsoft Support for help recovering lost data can be very time consuming. The best way to avoid an issue impacting severely on business continuity is to find a third party that offers streamed, on-demand access to data at a moment’s notice.
6) Protect against ransomware attacks
How can organisations be protected from app outages, misconfigured workflows or ransomware attacks? Microsoft explicitly states that point-in-time restores of data are not in the scope of the Exchange service. Regular backups will help ensure a separate copy of your data is uninfected and that you can recover mailboxes quickly to an instance before the attack. The best data management providers offer streamed, on-demand access to all data instantly.
7) Separate roles as security standard
Companies nowadays require a separation of roles as a security standard. Having your backup in the production platform allows for a single point of failure. Office 365 administrators could also potentially assign themselves full access to search and export from Exchange mailboxes, SharePoint folders, and OneDrive locations. This would enable them to delete a file. Without third-party backup, that file, depending on the retention policy, may be irretrievable.