The Microsoft 365 portfolio encompasses Exchange Online, OneDrive, Microsoft Teams, the Microsoft Office productivity suite, SharePoint, Yammer, and more. This powerful offering comes with a wide range of security features, spread across many different licensing and procurement models. That can lull some users into a false sense of security regarding their cloud resources.
Too often, companies have the misconception that when they dump everything onto the cloud or a SaaS provider, they are absolved of the security duties they traditionally carry out for on-premises infrastructure. There is a need to differentiate between what the service provider offers in terms of protection and where their own responsibilities lie for the protection of cloud services and data.
The cloud operates on a shared responsibility model. Stated simply, cloud providers are responsible for the availability of their own systems and the overall platform. The customer is responsible for the protection and security of their own data.
Backup Is Your Responsibility
In any case, it is up to those using the cloud to ensure that their data is backed up properly and afforded the correct level of data protection. Just because the data is sent to the cloud is no guarantee that the cloud vendor is going to take care of backup and data protection.
But data protection in the cloud goes far beyond the backing up of email databases. Yes, Outlook and other email repositories need to be backed up. But so do many other databases and data stores that are sent to the cloud. All Microsoft 365 services need protection as they often contain the crown jewels of enterprise data. That is the only way to guarantee data availability and compliant retention.
Ransomware and business email compromise (BEC) are further areas that must be taken into account. According to one report (from Tessian), security leaders reported receiving 148 BEC impersonation attacks, 141 spear phishing attacks, and 138 email-based ransomware attacks in the first nine months of 2022. Almost 20% of these attacks were successful. When asked about the consequences, 39% cited a breach of customer data, 34% reported financial losses, and 32% suffered a ransomware infection. The latest backup and data protection tools incorporate features that help detect and prevent ransomware and BEC.
Another area to consider is eDiscovery. It can be extremely difficult to attempt to find a needle in your digital haystack when dealing with urgent legal or compliance matters. Those with large amounts of data in the cloud or spread around multiple clouds often struggle with eDiscovery. The best option is to utilize a third-party data protection tool or service that incorporates eDiscovery and legal hold capabilities.
Protecting Your Microsoft 365 Environment
Microsoft provides a wide range of security and data replication features to ensure the availability of your data. Data protection is not part of the service. It is up to you to select an appropriate service to safeguard cloud data – one that provides automated backup and rapid recovery.
Anexinet + Veristor offers a service that comprehensively protects all Microsoft 365 data stores and systems including email. It is proven to safeguard data from deletion, corruption, or ransomware attacks. As well as air gapping, it isolates data by storing backup copies outside of the Microsoft 365 environment. With restore flexibility and item-level to cross-mailbox restores, you can easily and quickly recover lost or stolen data. Learn more about Verinext’s suite of managed services to protect your critical environments here.