The need for Cloud-to-Cloud Backup for Microsoft 365

Many small businesses do not understand the need for backup and recovery services for their Microsoft 365 deployments.  They beleive Microsoft is backing up their systems but this is not accurate.  Microsoft does not provide the tools needed  to fully protect your Microsoft 365 environment from malicious, accidental or intentional data loss.  This lack of understanding comes from two issues:

  • Customers are not familiar with the distinction between email archiving and data protection
  • Customers believe that Microsoft’s highly resilient software-as-a-service (SaaS) offering protects all data and applications

Email archiving

Email archiving provides e-discovery, regulatory compliance, and legal protection of your email data.  Put simply, it captures every email that has been sent and received by your organization and ensures that these messages can be found and retrieved.  A good archiving solution also has the following qualities:

  • The archived emails and attachments cannot be changed or manipulated.
  • Items can be retrieved by using clever searches grouped together or complex searches called tags.
  • Search results can be placed into legal hold so that they are not purged and can be easily retrieved as needed. This feature is most often used for compliance audits, litigation, or related reasons.
  • End users are able to search an retrieve their own messages as needed, according to the policies configured by the system administrator.

We recommend that  businesses have a good email archiving solution in place to protect the company from potential compliance and legal incidents.  The risk of not having an archiving solution in place leaves a company wide open and exposed to any legal ramification that relies on email evidence.

Email archiving is not a backup

Even if you have email archiving services in place, you should still maintain a backup and recovery solution for Microsoft 365. Archiving can hold and retrieve specific messages, but it cannot restore a complete mailbox and all of its contents to a single point in time.  Imagine the following scenarios:

  • Somebody hacks your Microsoft 365 account, deletes everything in your mailbox, and empties the recycle bin. This type of deletion is common during account takeover attacks, so that there is less evidence of the attack left behind.
  • You accidentally delete a sub folder containing important work email and various documents (attachments). You may not notice this straight away as often you have lots of sub folders in your mailbox, and this type of thing is easy to do by mistake on your phone.
  • A former employee’s account was deleted, and you realize you need to restore the mailbox. Using an email archiver for this task would be tedious and require multiple steps outside of the archiver.
  • A cyberattack, a human error, or a catastrophic event has caused data loss in OneDrive for Business, SharePoint Online, Microsoft Teams, or Microsoft Entra ID. Email archiving does not store this content.

With an archiving solution, you could search and retrieve specific email items from the archive, but even if you knew what to retrieve from the archiver, do you have the time to reconstruct your inbox structure and contents?

Can you remember what your mailbox looked like last night or last week? How long would this take if you have lost your calendar items, contacts, tasks, journal items, etc.? And as noted above, email archiving doesn’t protect everything in Microsoft 365.

Disaster recovery — who does what?

Microsoft has a highly resilient infrastructure that rarely suffers an outage, which is good, because Microsoft is responsible for making sure your Microsoft 365 environment is always available. This makes it easy to assume that you should not have to provide a third-party disaster recovery service for Microsoft 365.  Disaster recovery appears to be Microsoft’s responsibility.

Unfortunately, that is not the case.  Microsoft is only responsible for the Microsoft 365 infrastructure that supports your data.  It is not responsible for the data in your Microsoft 365 environment. Microsoft calls this out in their Managed Services Agreement — Section 6B — “We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps.”

Recycle bin is not a backup

Microsoft provides a recycle bin for Exchange Online, SharePoint Online, and One Drive for Business — so even without an archiver there is some native protection for these items.  However, the recycle bin is not a backup.  Similar to a PC recycle bin or a Mac trash can, the Microsoft 365 recycle bin is just a folder that contains items that you have deleted. You cannot do a point-in-time recovery from your deleted items folder because this folder only holds items that were deleted and would not contain the good emails or files that you need to restore. Additionally, the maximum extended retention of the Recycle Bin is 93 days, and your items may be purged and unrecoverable after that time.

Cloud-to-Cloud Backup

That’s whereour cloud-to-cloud backup solution comes in.  It can restore your whole mailbox or individual emails, contacts, and other items back to any daily revision (recovery point) very easily. We work with several vendors to ensure your data is backed up fast, reliably and without your intervention. It’s a complete backup solution for Microsoft 365 that operates entirely in the cloud.

Cloud-to-Cloud Backup For Microsoft 365

Did you know?

Microsoft recommends that you use third-party backup for your Microsoft 365 data. Our Cloud-to-Cloud Backup options offer fast backups, highly granular restore capabilities, and unmatched ease of use.

Microsoft 365 protection

Back up your Teams, Exchange, SharePoint, and OneDrive data, and find and recover the exact data you want quickly and easily with advanced search.

Ransomware Protection

Your final defense against ransomware and other cyber-threats is your backup, so you need a secure backup that offers role-based access control, encryption, and multiple copies of the data

Cloud native

Your Microsoft 365 data is already in the cloud — saving secure, encrypted backups in the same network means better performance and instant scalability.

Fully managed Microsoft 365 backup and protection

Cloud-to-Cloud Backup gives you the flexibility to restore Microsoft 365 Teams, Exchange, SharePoint, OneDrive, and OneNote data with highly granular detail.

Full SharePoint support means you can backup and restore everything in SharePoint including different site templates, custom lists, permissions, and metadata — eliminating much of the labor and expense associated with restoring files only.  You can restore SharePoint libraries, lists, and documents to any SharePoint sites you choose. Backing up and restoring has never been easier.

Cloud-to-Cloud Backup offers complete, granular protection of your data with point-in-time retrieval, and both scheduled and on-demand backup. In addition, your data is deduplicated and compressed to maximize storage efficiency and minimize the backup window.

Effective ransomware protection

Your backup is your best chance to recover after a ransomware attack, so it’s crucial to have a good backup of all your important data – including SaaS data in Microsoft 365. Microsoft offers features, including the recycle bin, but it is not meant to be used as a backup and recovery solution. That’s why Microsoft recommends using a third-party backup for Microsoft 365.  We partner with premier Cloud-to-Cloud Backup providers to secure your data.

Cloud-to-Cloud Backup not only makes it easy to find and restore the data you want; it also offers important features, including immutable storage, to protect the data against modification or removal, except through the secure Cloud-to-Cloud Backup interface. Your data is further protected by security features, including Multi-Factor Authentication (MFA), 5 levels of role-based access control that determine who can do what, and end-to-end encryption.

If you ever need help to restore a file, our fully managed technical support is just a phone call away.

Cloud Native

Cloud-to-Cloud (C2C) Backup lives entirely in the cloud, so there’s no software or hardware for you to manage or update on your computers. Because your Microsoft 365 data is already in the cloud, retaining your encrypted backup files in the network means better performance and instant scalability — it just makes sense. Multiple external copies of your backup files ensure redundancy and security. Sign up with us and we can start running your first backup the same day.

Frequently Asked Questions

What data does Cloud-to-Cloud Backup protect?

Use it to protect your Exchange Online, Teams, SharePoint Online, and OneDrive for Business data. 

How is Cloud-to-Cloud Backup licensed?

It is licensed on a per licensed user basis.  We don’t bill you for shared mailboxes or unlicensed users.

How much storage does Cloud-to-Cloud Backup provide?

You can back up and protect an unlimited amount of data with our 365 plans.

How long can I retain my backup data?

You set the retention policies for your backed-up data based on your particular needs. Unlimited retention means you get complete flexibility.

How do I access my Office 365 backups?

Cloud-to-Cloud Backup is Software-as-a-Service (SaaS). We can completely manage the data for you and/or provide you access via a cloud-based service that makes it easy to monitor and recover files.

Will restores overwrite my production data?

All restore operations in Cloud-to-Cloud Backup are nondestructive, and will not overwrite existing data. This applies to Exchange, SharePoint, and OneDrive.

What happens when an Office 365 user leaves the organization?

Cloud-to-Cloud Backup will retain the user’s previously backed up data according to the retention policy you define.

How can I retrieve backed-up data from users who left the organization?

You can restore a former user’s backed-up data to a different account, or to a new account. Even after the account is purged from Office 365, you retain access to important data.

BACKUP IS CRUCIAL FOR YOUR BUSINESS

Learn More About Backup

The Easiest Way To Disaster-Proof Your Cyber Security

The Easiest Way To Disaster-Proof Your Cyber Security

Though no one would dispute the increasing prevalence of cyber-attacks on businesses in recent years, many small-business owners believe themselves and their business to be immune to such cyber attacks. Broadly speaking, many small-business owners are likely to think that cybercriminals will go after the bigger fish. However, the fact of the matter is that cyber-attacks are crimes of opportunity, and small businesses often have access to a good amount of sensitive data without many major safeguards. In other words, they’re low-hanging fruit, ripe for the picking. 

Back in 2019, two-thirds of respondents to a survey about cyber security didn’t believe that their small to mid-size business (SMB) would fall victim to a cyber-attack. Consequently, only 9% of respondents said cyber security was a top priority for their business, and 60% didn’t have any sort of plan for deterring a cyber-attack. All of this, despite the fact that, according to a report from CNBC, SMBs endured 43% of reported cyber-attacks, and according to data from the Ponemon Institute and Keeper Security, 76% of SMBs in the U.S. alone reportedly endured a cyber-attack within the previous year. 

Every small-business owner should have some plan for deterring cyber-attacks so they don’t end up as another statistic. Here are a few strategies for keeping the cybercriminals at bay. 

Boost Your Cloud Security

Storing data in the cloud is easy and cost-effective, but you should take care to find the most secure cloud storage platforms. Not all cloud platforms make security a priority, but some do. A few of the top-rated, most secure cloud platforms, according to Cloudwards.net, include Sync.com, pCloud and Icedrive. 

Secure All Parts Of Your Network

Our computers and the many smart devices hooked up to our network can become weak spots for hackers to get in. Taking steps to safeguard each device in your network with strong passwords and robust authentication measures will go a long way toward keeping the hackers at bay. In fact, one of the most basic security measures you can take for your network is to restrict access to your WiFi with a strong password. 

Invest In Extra Security Measures

Virtual private networks (VPNs) and firewalls are tools that are highly effective in protecting against cyber-attacks, even if they can’t prevent 100% of them. 

Pay Attention To Updates And Upgrades

When you get notified that one of the technological tools that you use has a new update, it’s easy to ignore it. However, you should commit to regularly updating and upgrading these tools because developers will often add patches to their programs that make them more secure against attacks with each update. So, it behooves business owners to regularly install updates for their tech tools. 

Back Up Your Data

With one of the most common forms of cyber-attacks being ransomware attacks, where hackers will hold your company data hostage until you pay them a ransom amount, having your company data stored on multiple backup solutions can ensure that your business won’t crumble due to your data’s inaccessibility.

Limit Employee Access To Your Network

As much as we’d wish it were true, many cyber-attacks don’t come from outside of your company. Instead, they originate from within. If you want to limit the amount of damage that someone inside your company can do in a cyber-attack, the best course of action is to limit their access to different parts of your network. 

Train Your Employees

At the same time, just as many cyber-attacks occur not because of an employee’s malicious intent, but because of their ignorance. They click on a link in a sketchy e-mail and fall for a phishing scheme, volunteer their password info without thinking about it or choose a weak password for their computer. That’s why you need to dedicate time to training your employees on best practices when it comes to security. 

Set Up A ‘Security Culture’ At Your Workplace

You need to make cyber security a top priority, not just for your IT department, but for every department at your business. When everyone works together to protect their workplace from a cyber-attack, you have a better chance of actually succeeding. 

Will protecting your business from a cyber-attack require a good amount of time and money? Absolutely. Can you afford to ignore the prevalence of cyber-attacks any longer? Statistically, no. The sad truth is that 60% of SMBs that fall victim to a cyber-attack end up shuttering within six months. Don’t put yourself in that kind of position. Instead, take your business’s cyber security seriously. 

MANAGED IT SERVICES

CYBERSECURITY | HELPDESK | UPDATES | BACKUPS

WHY DO YOU NEED MANAGED SERVICES?

Want To Make Sure Your Business Is Protected From A Data Disaster?

Want To Make Sure Your Business Is Protected From A Data Disaster?

Did you know that 93% of all businesses – that don’t have a disaster recovery plan in place when they experience a data disaster – go out of business within a year of that disaster? And yet, 68% of businesses don’t have a disaster recovery plan in place. 

Losing access to your business’s data in this day and age could very well mean losing everything. That means that as data becomes an increasingly important commodity to businesses of all types and sizes, so does having a plan for if or when your business experiences a data disaster. 

The thought of protecting your business against a data disaster might be daunting, but don’t worry. By following the steps listed below in this article, you can make sure that your business is ready to take on the challenge. 

However, before we actually get into those steps, there is one distinction you should understand: the difference between a business continuity plan and a disaster recovery plan. A business continuity plan is primarily proactive, in that it is a strategy by which a business can continue to operate no matter what kind of disaster or setback befalls it. A disaster recovery plan is primarily reactive and has to do with how a business acts immediately following a disaster of some sort – in this case, a data disaster. 

So, now that we’re clear on what a disaster recovery plan is, here are the steps your business can take to create one that works for you and your employees. 

Step 1: Rally The Troops And Assess Your Equipment

In the fight against data disasters, everyone has to be on board. Otherwise, there will always be holes in your defense plan. That’s why executive buy-in – getting everyone in the company, from the CEO to the entry-level employees – is crucial. You need everyone to collaborate cross-functionally in order to fully protect your business. 

From there, you need to thoroughly analyze each of your business’s systems, applications and data sets, as well as how they’re physically accessed, in order to suss out any potential vulnerabilities. Then you should determine which systems are absolutely critical to the operation of your business and for getting products and services to your customers. These are the functions that will need to stay up and running, even after a data disaster. 

Step 2: Create Your Disaster Recovery Strategy

Once you have everyone on board and an understanding of your equipment and assets (as well as their vulnerabilities), it’s time to actually formulate your disaster recovery plan. To do this, you should take a look at your budget, resources, tools and partners in this endeavor. When you understand how long it takes your business to get back online and the cost for doing so, you’ll have a good idea of how to move forward. 

Step 3: Test Your Strategy

No great plan is complete without first testing it to see if it will work. Put your disaster recovery plan through a trial run to see how quickly your team responds to solve the problem and see if there are any improvements that need to be made to the process. Then, by the time an actual data disaster occurs, your business will know how to shut it down and keep running with no problem at all. 

While the steps themselves aren’t difficult to understand, preparing your business to combat data disasters takes a lot of work. In the end, though, the work is worth it if it means protecting your data. As a recap, here are the four main action steps that you need to take in formulating a disaster recovery plan: 

  1. Get executive buy-in for creating a disaster recovery plan.
  2. Analyze and evaluate your business’s systems, applications and data to understand how they could be impacted.
  3. Find out which systems you need to keep running and prioritize them during the fallout of the data disaster.
  4. Test your plan before you actually need to put it in action.

Follow these steps, and your business’s data will be safe from any threat that comes your way.

BACKUP IS CRUCIAL FOR YOUR BUSINESS

Learn More About Backup