Microsoft Office 365 has transformed business use of the cloud.  Gartner recently reported that 1 in 5 corporate employees use an Office 365 cloud service, and that Office 365 is now the most widely used cloud service by user count.

Companies and organizations have adopted Office 365 for a variety of reasons.  It’s simply easier and more efficient to manage than a back-room Exchange Server; the licensing is an easy-to-consume subscription model that can be modified on-the-fly, and the products can be deployed to multiple platforms or simply used in the cloud.  Customers can access their Office applications and sync and share documents anywhere, even if they’re offline, and there’s no need for a VPN connection to an on-premises file server.

And the Microsoft service even takes care of your email and data backups.
Or does it?

It’s true that Microsoft has native retention and basic recovery capabilities, and businesses without mission-critical email and documents may find that these suit their needs.  Using these native tools or deploying a more robust solution is a business decision that needs to be made upon migration to Office 365.

Seven things to consider when evaluating the protection of your Office 365 data:

1. Approximately 70% of data loss in a SaaS application is due to accidental or malicious deletion of data by end-users. If your discovery of the loss takes longer than the configured retention policy, the data is gone. Microsoft SLAs do not protect customers against this.

2. If your Office 365 administrator account is compromised, your backups could be lost too.

3. Will your Microsoft data retention capabilities be able to restore files and accounts in the configuration you need? Even if the data is backed-up as needed, the restore process could be more difficult than you want.

4. Are you legally required to comply with specific retention and potential-litigation policies? Will the native tools provide this capability for you?

5. Users can accidentally corrupt their data with malware, especially ransomware. Recovery from this scenario can be difficult and time-consuming using built-in capabilities. Versioning in OneDrive and SharePoint can help, but this counts against storage allocation and may result in additional storage costs.

6. Even Microsoft urges caution and recommends full backups:

We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.” – Microsoft

7. Industry best practice is to use the 3-2-1 rule: at least three copies of data, in two different formats, with one copy stored offline or in the cloud. Following this rule remains one of the best ways to protect your data.

Recent research reveals that at least 40% of companies surveyed aren’t using any third-party backup tools to protect their mission-critical data in Office 365.   That’s at least 40% of companies that are at a higher risk of data loss.

Choosing a capable, fully-featured, and secure cloud-to-cloud backup solution for Office 365 is key to avoiding the pitfalls of data loss in Office 365.

Data is at the heart of your business, whether it is on-premises or in the cloud. As you move your business-critical data to the Office 365 cloud, choosing a secure cloud-to-cloud backup solution allows you to properly protect your data and secure it and confidently use the cloud without the worry of data loss, data leak, or cybersecurity concerns.

Originally published on the Barracuda Blog, by Anastasia Hurley, October 4, 2019