It is increasingly common for enterprises to offload mission-critical applications such as Microsoft Exchange to cloud service providers; in fact, Microsoft’s software-as-a-service (SaaS)-delivered Office 365 revenue has surpassed its conventional Office revenue since the fourth quarter of 2017, pointing to robust enterprise adoption. The SaaS model brings a number of benefits including the ability to reduce the amount of on-premises infrastructure that an enterprise must purchase and manage – but one critical service that the SaaS model does not provide is enterprise-grade data availability and governance.
Office 365 production data is hosted by Microsoft, but comprehensive data protection remains the responsibility of the customer. Office 365 offers some basic version protection and retention capabilities as well as geo-redundancy – but it does not provide centralized data backup and recovery; protection against ransomware and data corruption or deletion; or compliance monitoring or eDiscovery.
- It first is important for storage managers to bear in mind that geo-redundancy by itself is not backup. Data loss that occurs at one site can impact all sites without the ability to recover. Office 365’s native backup and restoration capabilities are effectively users’ recycle bins. Individual recycle bins do not form a comprehensive data repository, and once recycle bins are emptied (which typically happens automatically after a specific period of time), the data is permanently deleted – flying in the face of modern compliance and retention policies. Furthermore, administrators are hard pressed to recover data once it has been altered, corrupted or deleted, and it is possible for a rogue administrator to undo document and version retention policies.
- Microsoft does offer its OneDrive file sync and share solution, which facilitates user collaboration but does not make copies of all data for compliance and recovery. It also does not offer more advanced features such as remote wiping and geo-tracking.
- Data loss may occur for a number of reasons, including user error, malicious behavior, accidental corruption by bulk data uploads. It also may occur due to an attack from the growing set of ransomware that targets SaaS applications. However, most SaaS providers only cover data loss events that were the provider itself fault (such as a service outage) – and restores are typically only covered for a short period of time. For all other data outages, recovery (if even possible to begin with) is typically very expensive for the customer.
- There are a number of other recoverability concerns that necessitate a third-party tool. Office 365 data is not protected from cloud failure; if the cloud service is down, the data is not accessible by the enterprise for the duration of the outage. Office 365 also does not offer ransomware protection natively.
- In addition to more data needing to be stored for compliance and business analytics reasons, that data must also be able to be quickly identified and isolated. This necessitates a data availability solution that provides granular indexing, searching and recovery – for instance to comply with eDiscovery.
For more on why protecting Office 365 and other SaaS applications is important, access our on demand webinar with George Crump, lead analyst for Storage Switzerland, and W. Curtis Preston (aka “Mr. Backup”), Chief Technologist for Druva.