Welcome! » Log In » Create A New Profile

Office365 - The case for backup?

Posted by markey164 
Office365 - The case for backup?
March 26, 2019 04:29AM
Hi all,

I'm interested in your thoughts for backup of Office365? Obviously there are an increasing number of products out there to backup Office365, and some would say "scaremongering", mostly on the websites of vendors selling those products, but is the risk so low, as to be an acceptable risk? That seems to be what many organisations deduce. Kind of like, the plane you're getting on might crash, but it doesn't stop most people getting on them. One could argue Office365 is even safer than getting on a plane, if there has never been a disaster.

Hence i'm trying to find balance to the argument with real world use cases, do they even exist yet!?

So with that in mind...

1. Has anyone ever actually had an Office365 Disaster and lost data? Are there any real world or documented use cases?

2. Ransomware - Has anyone ever had an Office365 ransomware infection and lost data? For a single account, surely you can just roll back the infected account right? Is it possible for an Admin to encrypt everything? If so I assume you can simply roll back from that too? Not pleasant, and potentially time consuming, but probably easier than restoring everything from backup.

3. Are there any limitations of file recovery in Office365/OneDrive? What gaps exist? Where for example a backup product can add value (apart from having an off technology copy)?

Interested in people's thoughts!



Edited 2 time(s). Last edit at 03/26/2019 06:54AM by markey164.
Re: Office365 - The case for backup?
March 26, 2019 09:42AM
I now work for backup and recovery vendor that backs up Office 365 (among other things) and I can tell you we absolutely have restores from it on a regular basis.

I'm going to cut/paste a comment I made on a very similar thread on Spiceworks. Hopefully it answers the question. A longer version is here:
https://www.druva.com/blog/data-management-essentials-backing-up-office-365/


Jacob9339 wrote:

"backup is only needed if you must have point in time recovery; otherwise just setup retention policy and use eDiscovery."

@Jacob9339,

I will have to respectfully (and strongly) disagree. I apologize in advance for what may sound like a strong tone, but this idea that Office365 is somehow different than every other computer system on the planet really gets my goat.

1. Point in time recovery (PITR) is not possible w/a mailbox in Office 365 w/o third party backup, and OneDrive/Sharepoint PITR recoveries are limited or complicated – and some require MS to do them for you. Some rogue admin destroys your maibox: PITR. Ransomware corrupts some users: PITR. An admin accidentally uploads the wrong PST to the wrong account (as was discussed on SW a few weeks ago): PITR.

2. Using retention policies as a backup method violates one of the most basic rules of data protection, "Don't store backups of the thing you're backing up with the thing you're backing up." Of course you don't store your backup tape on top of the server. Of course you don't backup one partition of your hard drive to another partition on the same hard drive. So why does it make sense to use additional records in your Office365 database to backup other records in the SAME database? This is why we came up with the "3-2-1 rule." (Three copies of your data, on two different media, one of which is offsite.) Retention policies IGNORE EVERY PART OF THE 3-2-1 RULE.

3. Retention policies are NOT backup; they are archive. If they were backup, they could restore your mailbox, SharePoint site, or OneDrive folder to the way it looked yesterday or some other time. They cannot do that. They can give you a giant blob that contains the things that were there around that time, but cannot put them back where they came from in the way a backup can.

4. There is NO recovery SLA for Office365. NONE. They are under no obligation to recover your data if you, a user, some ransomware, or hacker messes it up. NONE.
Retention policies alone do not protect against a rogue admin or hacker that gains admin access, and yes, they do exist. Here's an article from last week: https://www.theregister.co.uk/AMP/2019/03/20/steffan_needham_aws_rampage_prison_sentence_voova/

5. E3 doesn't include ATP and Cloud App security, so you have to either upgrade to E5 or buy them separately. Or, for less money, you could get offsite backup AND the functionality they provide (and more) from a 3rd party app like Druva inSync.

6. Retention Policies are NOT FREE in SharePoint and OneDrive. Retained files occupy storage, which counts against your allocation. Go beyond your allocation and you could be looking at tens of thousands of dollars a month for a large org. (An additional 50 gigabytes of storage per user in a 1,000-user company would cost $10,000 per month.)

7. Adding a Retention Lock to a Retention Policy is the only way to stop a rogue admin from undoing it, but that cure might be worse than the disease. If you discover you have blown through your storage allocation, you will be able to undo it. Retention Locks cannot be undone by design.

There are more ways to corrupt your data, Horatio, Than are dreamt of in your philosophy. Protect against all of them with a 3rd party offsite backup. (My apologies to the Bard.)
Re: Office365 - The case for backup?
March 26, 2019 10:31AM
Thanks Curtis.

The PITR factor is a very good point.

However OneDrive has PITR recovery doesn't it, using the "Restore Onedrive->Custom Date" option? Or are there limitations here?

I confess i'm not sure on the remaining Office365 apps. It seems to be the case that each one has different recoverability options, so you have to know what is or isn't possible for each different app (unless you back it all up of course).

My other question, which isn't covered by your reply, was:

" Has anyone ever actually had an Office365 Disaster and lost data? Are there any real world or documented use cases? "

TIA
Sorry, only registered users may post in this forum.

Click here to login