Skip to content


Data loss is costly – is your Office365 environment secure?

Microsoft Office 365 adoption is more widespread than ever – and it’s easy to see why. It provides a streamlined and cost-effective range of cloud Office services with the added benefit of regularly updated features in desktop Office 2016.

However, if your organisation is running Office 365, it’s important to be aware of Microsoft’s data backup and recovery policy. While Microsoft does protect your data for 30 days, backup and recovery is not a key focus, and there’s no guarantee that lost data will be able to be restored. Ultimately, your organisation is responsible for keeping your data safe in the cloud, so it’s paramount that you have a concrete backup and data protection policy in place.

Why data protection matters

Operating with poor data management policies can be a disaster waiting to happen. There are a number of serious negative consequences that stem from poor data management:

  • Business closure: Reports indicate close to 70% of businesses that suffer a major breach close their doors within 12 months.
  • Lost revenue: IBM reports the global average cost of a data breach is close to $3.86 million.
  • Compromised employee information: This is particularly important to note for those organisations in the education sector, which are subject to the Notifiable Data Breaches mandate.
  • Compromised customer data: A breach of this nature can severely impact the reputation of an organisation.

Loss of intellectual property: This can impact your ability to acquire new customers and give competitors an advantage.

As you can see, the consequences of a data loss are extensive, and it goes without saying that any administrator you talk to will preach the importance of a secure, concrete data protection policy.

Enter the 3-2-1 backup rule

Backup is one key consideration that can mitigate the risk of data loss and its potential negative consequences. Irrespective of the hypervisor you’re utilising, there’s a simple, foolproof concept that any organisation can implement to protect your valued data: the 3-2-1 backup rule. Coined by photographer Peter Krogh, the 3-2-1 rule is as simple in practice as its name suggests, functioning for all data types across any type of environment:

3 – Keep at least three versions of any critical piece of data.
2 – Store your data versions on separate pieces of media.
1 – Keep at least one backup copy offsite.

The 3-2-1 rule can be implemented in a multitude of ways across any organisation via software procurement or Backup-as-a-Service models that automate the process for you. However, although having a backup strategy for your Office 365 data is great for your overall protection policy, it’s not enough to simply have it running. To properly solidify your policy, there are three ongoing exercises you can ingrain in your team to consolidate your data.

1. Validate your Office 365 data on a regular basis

It’s not enough to trust the process – if you don’t test your backups, how do you know that they’re working? Develop a routine timeframe for completing a challenge restore which is guided by your specified data recovery requirements, and then report on its success. How regularly you elect to do this will depend on your resources and requirements.

2. Complete a data classification exercise for backups

Classify data so you know exactly what you’re backing up and make sure you don’t waste unnecessary space in your storage media. It’s usually not necessary to back up everything – just the data you can’t afford to lose.

3. Review your data backup strategy against your organisation’s policies

Compare your data backup strategy against your organisations data backup and protection policies to ensure you’re meeting the necessary requirements on an ongoing basis. It’s important to do this regularly – similar to ratifying – because policies can change quickly and frequently.

Are Microsoft backups good enough?

While Microsoft provides options like the Recoverable Items Folder that can hold items for up to 30 days (14 days is the default) and Litigation Hold etc., this is not ideal if you want to have all your mailboxes backed up. Even if Office 365 had a backup method built in, it would break the 3-2-1 rule because the backups would be in their primary location in the cloud, rather than in your control where you can physically locate them. There needs to be a shared responsibility with data backups to the cloud – too often we see that organisations are not aware of where their data is physically stored, and what is actually backed up.

So, what are your options if you want to implement an independent backup and data protection policy for Office 365 but aren’t sure if you’ve got the resources to handle it?

With Backup-as-a-Service (BaaS), the responsibility of protecting your organisation’s data is taken care of by a managed service provider, leaving you to focus on innovation and growth.

The Run-Grow-Transform model outlined by Gartner provides a great example of how beneficial outsourcing data management and protection can be to your organisation:

  • Run indicates how much of your IT resources are focused on the everyday functionality of your organisation. It won’t increase revenue per se, but it will maintain essential operations and efficiency.
  • Grow represents how much of your IT resources allow you to enhance your systems in support of organisational growth. Essentially, having your backup taken care of allows your IT team to focus their energy on other projects and priorities that deliver differentiation and extend existing capabilities.
  • Transform represents how much of your IT resources allow your organisation to drive new business capabilities. Whether it be entering new markets, creating a new value-proposition or addressing customer segments, running BaaS for your Office 365 data will present opportunities for you to transform certain areas of your organisation.

Somerville is a leading provider of IT solutions for schools in Australia, and a trusted partner for many leading organisations, including Australian Automotive Group and NGS Superannuation.

Our team has developed a reputation for delivering reliable, fit-for-purpose solutions underpinned by world-leading vendor technology. When it comes to data protection, Somerville is proud to partner with Veeam to ensure our customers’ data is available 24/7 and ready to be recovered should disaster strike.

If Office 365 is a key tool in your organisation’s arsenal, get in touch with Somerville today and let us take care of your backup and data protection policy – so you can focus on growing your business. 

For more information on BaaS please click here.

Our team has developed a reputation for delivering reliable, fit-for-purpose solutions underpinned by world-leading vendor technology.