Securing your investment in Microsoft 365

clock • 4 min read

There’s a lot of sensitive data contained in Office documents - so it makes sense to take care of it

With the sudden requirement to support mass homeworking, the past year has seen an accelerated uptake of cloud services, including Microsoft 365 (formerly Office 365), SharePoint and Teams.

Organisations have been largely satisfied with the move, which was often simply a case of bringing forward existing plans, said Michele Domanico (pictured), systems engineer at cloud data specialists Veeam Software. But the need to act with urgency meant that many companies lacked time to plan the migration thoroughly or to put proper disaster recovery and business continuity processes in place, increasing the risk of losing data through operator error (accidental deletions are surprisingly common) or misconfigured migrations.

"Microsoft do everything they can to make it as easy as possible," he said. "But there's always the risk of human error or external factors. There are multiple cases where projects go wrong when rushed or actioned without proper planning."

It's important to pay close attention to these risks both during and after moving to cloud services, because Microsoft does not provide a comprehensive backup service for Office data. Veeam estimates that 60 per cent of sensitive cloud data is stored in Office documents and that 75 per cent of this sensitive data is not backed up - which is where the company steps in.

"Veeam customers choose us because they know that all of their workloads cannot only be backed up before the migration but our ability to backup on premise and restore to cloud is an asset to both backup and some migrations," said Domanico.

Cloud services are generally considered more secure than on-premises hosting these days, but there's still a risk of downtime - all the major cloud firms have hit the headlines with outages over the last few months.

Reducing the impact of downtime

Ideally, organisations will have factored the risk of outages into their detailed business continuity plans, including calculations of recovery point objectives (RPO) - a metric the amount of data the organisation can tolerate losing - and recovery time objectives (RTO) - a measure of the acceptable recovery period. Again, though, planning in this area is sometimes less rigorous than it should be, said Domanico, and most organisations will benefit from assistance in working out these objectives and reducing the effect of any downtime as far as possible.

"We often talk about RPO and RTO with our customers, and what that means for them. We work alongside all our supporting customers partners in cloud vendors to provide a safety net for outages, whether that be in the cloud or on-premises."

The impact of outages can reach beyond cloud services, particularly in the case of hybrid cloud setups; data centres can vulnerable too, as the ongoing attacks on Exchange Server have demonstrated.

"As we have seen with recent events, data centres are at risk as much as on premise so Veeam's ability to be agnostic enables our customers to remain protected whatever the case," Domanico said.

Understanding the regulatory landscape

Recent research by Computing found that a quarter of organisations are using a Microsoft 365 backup and recovery service with a further 19 per cent trialling such solutions. Chief among the benefits reported by adopters were data recovery, compliance and granularity of recovery services.

On a scale of 1 (not at all) to 10 (extremely), how beneficial has the use of a third-party Microsoft 365 backup and recovery service been to the following?

Source: Computing Research

First on the list - data recovery  - speaks for itself.  But the second - compliance with data protection and other regulations  - is an extremely important consideration when migrating to the cloud with the fine details often poorly understood.

For example, the EU GDPR may have been on the books for two years now, but confusion abounds about who is liable for a personal data breach or loss, particularly in the context of supply chains and partnerships. Getting this right is important if the organisation is to mitigate the risk of fines and reputational damage, and assuring compliance is another area where outside assistance can help, said Domanico.

"We operate a shared responsibility model. This outlines the areas of coverage, but I think there will always be points of clarification needed no matter what the technology."

Understanding responsibilities as data controllers and/or processors is key, but selecting the right tools can also be invaluable when it comes to compliance, he continued.

"A core example is Veeam's ability to remove obsolete and non-compliant data from a backup when restored. It's better to have the tool to hand that to not have it when needed or when in doubt."

The latest version of Veeam's guide for backing up Microsoft Office 365 by Michele Domanico has just been released. Download it here.

This article was created in partnership with Veeam.

You may also like
Microsoft 365 emails vulnerable to newly discovered exploits


Security woes continue

clock 20 June 2024 • 2 min read
Microsoft takes unbundling of Office and Teams global

Office Software

In doing so, hopes to head off further antitrust action

clock 03 April 2024 • 2 min read
Cabinet Office terminates £9m Microsoft deal


But does not derail overall migration plans

clock 16 February 2024 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Cloud and Infrastructure

How DTLA finalist The AA is driving to digital

How DTLA finalist The AA is driving to digital

'We are now leading the market with digital convenience'

James Stenhouse
clock 26 June 2024 • 3 min read
Microsoft quietly shelved underwater datacentre project

Microsoft quietly shelved underwater datacentre project

Lessons have been learned from Project Natick, says Microsoft’s Noelle Walsh

Graeme Burton
clock 25 June 2024 • 2 min read
Case study: Triad Group transforms DfT's renewable fuel obligation

Case study: Triad Group transforms DfT's renewable fuel obligation

A simple, reusable set of components

Simon Wille
clock 24 June 2024 • 2 min read