Backups and archives have always been two of the main tools enterprises use to protect and preserve their data: backups for everyday, business-critical data, and archives for low-touch compliance and retention storage. As cloud computing progresses, however, the way we handle unstructured data is evolving, and the traditional approach of backup + archive may be more redundant than we realise.
“Backups and archives started out as physical storage disks or tapes that were kept in a secure offsite location to keep them safe from accidental damage or intentional misuse,” says Chris Hathaway, Operations Director and Cloud Advisor at Cloud Essentials. “We’ve kind of been stuck in that old-school mentality of having to keep data separate to keep it safe, regardless of whether we’re using onsite architecture, a hybrid setup, or are fully in the cloud.”
While physical duplication and separation may have been the best choice back in the day, the cloud has opened up a world of options when it comes to data preservation. Many of these options operate entirely in-place, are already available to Microsoft cloud customers, and (with a little a bit of setup) can fulfil many – if not all – of the functions of traditional backups and archives.
Rethinking the traditional approach
To fully appreciate how much functionality Microsoft’s cloud provides, it’s easiest to approach data preservation from the perspective of the risks we need to protect against, rather than the methods traditionally employed to do so.
The most important risks are:
- Legal repercussions from non-compliant/incomplete records retention (traditionally handled by archives)
- Accidental overwrites, deletion and/or corruption of everyday business-critical data (traditionally handled by backups)
As a base level of protection, Microsoft runs an automatic backup of your all your primary Office 365 apps (SharePoint Online, OneDrive for Business and Outlook) every 12 hours, and keeps those backups for a period of 14 days. You can restore from backup by logging a call with the helpdesk, but there are some downsides: it’s a slow and clunky process compared to the 3rd-party specialist solutions you may be used to, and lacks granularity for certain workloads.
To put it simply, Microsoft’s current backup system is an undeniably blunt tool, but thanks to developments in other areas, it’s a last-resort blunt tool you shouldn’t need to use often.
To understand why that is, let’s take a look at the types of data we’re dealing with, and the alternative protections Microsoft has in place to minimise and prevent data loss or corruption.
Backup & archiving for Office 365 mailboxes
Email is one of those business-critical functions that few enterprises can operate without.
The consequences of losing an Exchange server, a mailbox, or even just a critical correspondence chain can be can be catastrophic. Because of this, emails have traditionally been both archived (for compliance) and backed up (to minimise the risk of data loss or downtime).
With the right setup of your retention policies, however, emails in Microsoft’s cloud are actually pretty tough to get rid of. Even though you can elect to use separate ‘In-Place Archives’, emails in Primary Mailboxes are effectively “archived” in place, with the full force of Microsoft’s security and cloud redundancies protecting it. The data is discoverable, searchable, and easy to place on legal hold – with no additional archiving tools necessary.
Of course, you do still need to plan for users getting clicky with their delete buttons, and the possibility of ransomware taking out a mailbox or Exchange server. Microsoft addresses the former with a multi-stage deletion process for mailbox items (including contacts and calendar appointments) that, with the proper configuration, can prevent any item (or item meeting certain criteria) from being purged from the mailbox before its time. The latter is solved by the 12-hourly automatic backups. Again, no additional solutions necessary.
Backup for documents (OneDrive for Business & SharePoint Online)
Like emails, documents also tend to be critical for day-to-day operations, and are normally backed up to protect against accidental deletion or overwriting. Preventing corruption via malware or ransomware is also important, as is maintaining searchability for eDiscovery purposes.
To achieve all this, Microsoft uses a combination of versioning and a version history library, a 2-stage recycle bin, automatic backups, cloud redundancy and optional Advanced Threat Protection.
Versioning allows you to store a customisable number of iterations of every document, enabling you to roll back to a previous version (via the version history library) in the event of accidental overwriting or corruption. If a version is deleted, it has to pass through a first and second-stage recycle bin, both of which are subject to customisable retention policies that control if and/or when that document is permanently removed.
- Microsoft just announced this a few days ago – Document versioning in SharePoint and OneDrive will be automatically set to 100 major versions, and you will not be able to turn off versioning anymore. This will affect volumes used by customer on tenants, and migration volumes and times. https://techcommunity.microsoft.com/t5/SharePoint/Versioning-update-to-Document-Libraries-in-team-sites-in/m-p/194211
As an additional level of protection, Microsoft also screens all documents before synching them to cloud libraries, and quarantines anything with known malware, reducing the risk of malicious encryption taking effect. For even more thorough screening (including sandbox testing) businesses can also subscribe to Microsoft’s Advanced Threat Detection – the cost:value ratio of this extra service will depend on your risk profile.
In addition to all the above, Microsoft’s Compliance Centre also provides search and hold capabilities. That means your documents are not only secure, redundant and recoverable, they’re also available for eDiscovery. What more do you need?
The downsides of using Microsoft backup & recovery
Like any solution, there are downsides to relying on Microsoft’s native capabilities to completely replace your backup and archiving solutions. Here a few of the more common ones we come across when assessing potential solutions for our clients.
If you’re looking for a 1:1 replacement for traditional backups and archives, you’re going to be disappointed by Microsoft’s cloud offering (read more on that here). The results may be similar, but Microsoft’s methods are quite different from your typical specialist solution, and take some initial setting-up and getting used to.
All your eggs are in one basket
Microsoft is as secure and stable as it gets these days, with redundancies and SLAs that are hard to beat. That said, some businesses are still reluctant to put all their eggs in the Microsoft basket for fear that the entire institution folds and they’re left empty handed.
If this is a legitimate concern for you, you may want to consider spreading your bets between a few different cloud service providers.
Recovery is slow and cumbersome
In the event that all your in-place preventative measures fail and you need to recover from backup, Microsoft is notoriously slow. It could take up to 4 days for your system to be fully up and running again, and that downtime may be prohibitive for certain businesses. Also remember that you can only restore at site collection level (unlike specialist backup solutions that go down to document level restores). This means there is a chance that you’ll have to overwrite any work done by users since the last backup, which could have been up to 11 hours and 59 minutes ago.
The 14-day maximum Microsoft stores backups for may also be a worry, although it’s unlikely that a catastrophic failure would remain unnoticed for that long. If, however, you have versioning turned off (which may be appropriate for particularly busy/high-use areas), you won’t be able to restore documents to their state prior to the 14-day backup period (as you normally can using the version history library).
Data recovery can cause privacy issues
Privacy, in our opinion, is the stickiest issue with Microsoft’s native data preservation tools.
Unlike specialist backup and archiving solutions, using Microsoft’s eDiscovery tools to recover items from places like second-stage recycle bins and retention folders requires giving the person doing the recovery access to the information those items contain. This isn’t a big deal for many workloads, but if your CFO loses a critical spreadsheet or email, you may not want your tech guy getting their eyes on that privileged information.
The most obvious workaround in situations like this is to pass the recovery burden on to individuals with existing high-level clearance. That tends to be a little below their paygrade…
Thankfully, Microsoft is moving more and more towards user self-service. Already, most deleted, corrupted or overwritten items can be retrieved or recovered by the user themselves. We’re hopeful that the remaining privacy issues will be addressed down the line, but for now, they remain an issue that businesses need to be aware of.
A place for 3rd-party backup & archiving tools
Microsoft is great at providing tools and services that meet 90% of customers’ needs, and at Cloud Essentials we believe very strongly in leveraging this existing infrastructure and functionality to its fullest.
However: there are still businesses whose needs go beyond what Microsoft currently offers, and for them specialist solutions like HubStor remain incredibly valuable tools. They offer next-level flexibility, granularity and control, and are excellent choices for businesses with more complex needs.
Additionally, for organisations that still have content left onsite that is not going to be migrated (or isn’t appropriate) for Office 365, the ability to switch to hosted backup solutions such as HubStor means they can jettison their onsite backup systems. The savings to be made in software renewals and backup hardware can be significant.
If you’re not sure where you fall on the scale of backup and archive redundancy, or if you have an on-prem backup software maintenance renewal date coming up, get in touch with Cloud Essentials for an objective assessment of your risk profile or a comparative quotation. We’ll help you leverage your existing licensing to its fullest, and close any gaps with the most appropriate (and cost-effective) solutions for your needs.