Microsoft 365 enables your workforce to collaborate and communicate work anytime and from anywhere without the need to host your own data and infrastructure. As it is a cloud-based service, the question of whether a business needs to backup their Microsoft 365 is a complicated one.
There are two opposing schools of thought and people in either camp can be very opinionated about this topic. On the one hand, many people believe that third party backup is not necessary. They argue that Microsoft’s retention periods are long enough for most people. Retention periods can vary from around 30 days for Exchange and 90 days for SharePoint. Additionally, due to the vast amount of data they are responsible for, Microsoft have taken steps to ensure that all data stored is protected from cyber-attacks. In terms of data availability, Microsoft say that they “replicate your customer data in at east two geographically distributed data centre locations”. This means that even if one data centre were to be affected by disaster, such as fire or flood, your data would still be safe in the second data centre.
While these are certainly compelling arguments, there is another school of thought which believes that you should absolutely be backing up your Microsoft 365. Let’s examine some reasons for this.
Why You Should Backup Microsoft 365
The Importance of the 3-2-1 Backup Rule
The importance of the 3-2-1 rule of backup cannot be stressed enough. The 3-2-1 backup rule is the best foundation for your business’ data backup. It works for any virtual environment, regardless of your business’ IT infrastructure. It is a common approach to keeping your data safe in almost any scenario. It involves having three copies of your data, two of which are stored on different media, one of which is kept offsite. Being in control of backing up all your data is a good practice to get into and will ensure business continuity and easier disaster recovery.
Limited Backup by Microsoft
The misconception that Microsoft fully backs up your data for you is quite common. Ultimately, whilst the Microsoft 365 infrastructure is fantastic, you are empowered with the responsibility of safeguarding your data. Whilst Microsoft does have a retention period for deleted data, in practice, this is not long enough for most businesses. Furthermore, Microsoft do not guarantee that, in case of total data loss, they will be able to recover your data completely. According to Veeam, 75% of sensitive cloud data is not backed up. In short, it is simply not as accurate or reliable as point end third-party backup.
Perhaps the most persuasive reason to use third-party backup for Microsoft 365 is compliance. Ultimately, you as a business owner are responsible for complying with data protection regulations and failing to do so could land you with business-crippling fines. Ensuring data availability is critical for compliance with GDPR, PCI and ISO 27001.
If you collect, store or handle personally identifying information of EU citizens, you need to ensure that you fully comply with GDPR. You have the full responsibility for protecting the data you hold. Failing to comply or notify a breach can result in huge fines. Complying with GDPR is your responsibility and you need to ensure that you have full control and accessibility to your data. At the end of the day, if any of your Microsoft 365 data is compromised in any way, you are responsible.
If your business accepts, stores or transmits card data, you need to prove PCI DSS compliance to card providers. Payment Card Industry Data Security Standard (PCI DSS) compliance has been developed to protect you and your customers against payment card theft and fraud. It is ultimately about establishing compliance and maintaining data security in your business. Non-compliance or data security breach can result in a penalty. If you are deemed not to be working towards achieving your compliance, you will most likely be levied a fixed charge fine or a per-transaction surcharge from your bank until you can prove compliance, which can be costly. It is your responsibility to adopt consistent data security measures and being in control of your Microsoft 365 backup is a way to do that.
Achieving your ISO 27001 Certification will allow you to engage with organisations that require you to be certified, as well as demonstrate how seriously you take your information security, which could in turn help lower your insurance premiums. ISO 27001 is the internationally recognised standard for Information Security Management Systems. It is designed to help you demonstrate your commitment to preventing the theft, loss, damage or misuse of any sensitive information that you hold or have access to.
Cardonet have been working with businesses for the past twenty years to help them overcome their technological challenges. As a Microsoft Accredited Partner, you can rest assured that our engineers are exposed to and are fully trained on the full range of Microsoft products and services. we are partnered with companies such as Veeam and Mimecast and can help you find the best third party backup infrastructure for your business.
If you would like to find out more about Microsoft 365 or data backups, call us on +44 203 034 2244 or +1 323 984 8908. Alternately, you can contact us online. We will be happy to help you overcome your IT challenges so that you can set your business apart. We have engineering bases in the United Kingdom, Europe and Southern California and our group of highly experienced engineers are available 24/7 to assist and ensure that your IT infrastructure is secure and running seamlessly.