5 Reasons Why You Need to Backup Microsoft 365 (and other SaaS platforms)

5 Reasons Why You Need to Backup Microsoft 365 (and other SaaS platforms)

There is no argument that SaaS (Software-as-a-Service) platforms like Microsoft Office 365, Google Workspace, and Salesforce continue to transform the ways in which we work.

Gartner estimates that 70% of the business applications used today are SaaS-based, a number which is growing every single day.

Many organisations assume that since their SaaS platform data already resides in the cloud, there is no need to have another copy of the data. However, just because it’s in the cloud doesn’t mean it’s safe. Any business-critical data stored in SaaS platforms needs the same level of protection that on-premises data does. It needs be replicated to ensure you always retain a restorable copy as and when you need to.

There’s a reason Forrester Research states that “cloud-to-cloud backup is the only practical option for SaaS data protection”. In fact, here’s 5 of them…

#1. Microsoft Explicitly Recommends Third-Party Backup for 365

Let’s start with a fairly obvious first reason why… Microsoft officially recommends that you have third-party backup and recovery in place for Microsoft 365.

The Microsoft Office 365 Service Agreement states:

“We recommend that you regularly backup the Content and Data that you store on the Services using third-party applications and services.”

Microsoft doesn’t backup your data. It’s made crystal clear that your tenant – and more specifically the data within it – is still owned by the organisation and therefore remains your full responsibility.

Microsoft isn’t alone in recommending that you backup your SaaS data. If your organisation is using a SaaS platform such as; Microsoft Office 365, Google Workspace, Dynamics 365, Azure AD, or Salesforce, then the simple truth is that your data in those platforms is not backed up, but it needs to be…

#2. The Common Misconception – The Shared Responsibility Model

Whilst SaaS vendors like Microsoft and Google do an excellent job taking care of the physical infrastructure, network controls, and operating systems that host Office 365 and Google Workspace, it’s a common misconception that they also take care of your data.

All of the major SaaS platforms listed within point #1 operate as part of the Shared Responsibility Model, which splits the security obligations between the SaaS Vendor and the organisation (you), and places the onus for backup and recovery solely on your shoulders as the owner of the data.

The Shared Responsibility Model means that the SaaS vendor takes on the responsibility for the physical security of their data centres and software, but the data – the critical component that powers the business – remains the entire responsibility of the end-user organisation. It’s the customer’s obligation to protect their own data from ransomware, human error, internal and external security threats, and programmatic issues.

READ FULL BLOG POST: The Shared Responsibility Model

#3. SaaS Retention Policies are Severely Limited

The native recycle bins and version histories found in SaaS platforms like Microsoft 365 can only protect you from data loss in a severely limited way, creating significant retention policy gaps (as well as confusion).

In short, M365’s Recycle Bin is not (and was never intended to be) a backup solution. First of all, its 93-day retention period is inadequate for most policy and regulatory compliance requirements – especially within the Financial, Legal, and Healthcare sectors. Secondly, actually restoring lost files is cumbersome and time-consuming, if it’s even possible at all. To restore an entire deleted mailbox for example, you have to recover each file individually, one at a time.

Once the retention period has passed and the data has been deleted, there are no rollbacks and it can simply never be recovered or restored, and that’s why SaaS vendors like Microsoft recommend that you have third-party backup and recovery in place (see point #1).

#4. Human Error Accounts For 73% of SaaS Data Loss

Human error is unfortunately the leading cause of data loss in SaaS environments to the point where it’s quite frankly unavoidable. In fact, according to a study by the Aberdeen Group, human error and accidental deletion accounts for a staggering 73% of all data loss within SaaS environments like Microsoft 365.

A significant amount of business-critical information is stored within user’s emails, files, and folders. It is surprisingly easy for an end-user to accidentally delete important data, and as we mentioned in point #3, it would be lost forever after it’s retention period (93 days in OneDrive and SharePoint, 30 days in Google Workspace’s Trash folder) is over, at which point it is simply not possible to be recovered.

In fact, Gartner research predicts that 70% of organizations will have suffered a business disruption due to unrecoverable data loss in a SaaS application by 2022.

#5. SaaS Data is NOT immune to Ransomware & External Threats

Ransomware attacks continue to be an ever-growing issue, and SaaS environments (including Microsoft 365) are not immune to them. A successful ransomware breach now hits an organisation every 11 seconds, according to the latest Cybersecurity Ventures’ Annual Report.

The attacks models used are changing rapidly, and Ransomware-as-a-Service is becoming more and more prevalent as hacking groups and threat actors start to widen their crosshairs, in terms of both who they target, and which systems.

Ransomware attacks can easily spread to Microsoft 365 via ActiveSync and OneDrive Sync, and 91% of successful breaches start with a phishing email, regardless of whether that’s in Exchange Online or not.

While there will always be perpetrators, and likely always be well-meaning employees who fall victim to the scams, your organisation can protect itself with reliable backup and recovery in place. Even if the ransomware manages to infiltrate your environment and encrypts your data, you can be the hero who restores the infected files quickly and easily, eliminating the need to pay the ransom.

This is why retaining full control of SaaS data is so vital, which is especially true if the backup copy of your SaaS data is stored with immutable storage, giving you complete peace of mind that it is completely uneditable, making it impenetrable to both ransomware and accidental deletion.

READ FULL BLOG POST: How Ransomware-as-a-Service (RaaS) Attacks Have Changed the Game Forever


The E-ZU Cloud-to-Cloud SaaS Backup & Recovery Service

The E-ZU Cloud-to-Cloud SaaS Backup & Recovery Service offers world-class protection with the most comprehensive SaaS coverage on the market: Microsoft 365, Azure Active Directory, Google Workspace, Dynamics 365, Salesforce, Dropbox, and more.

It’s powered by Keepit technology, which is recognised as a ‘Leader’ in the Forrester New Wave™. Our service retains 4 x copies of your SaaS backup data stored across ‘Tier 4’ private datacentres, meaning it adheres to the NCSC recommended 3-2-1 strategy which most SaaS Backup solutions do not (stored in a public cloud).

With our cloud-to cloud service, your data is stored with a true ‘Immutable’ blockchain infrastructure, which means it’s 100% impervious to Ransomware or accidental deletion.