Moving operations to the cloud can offer definite improvements in terms of data security and resilience. Hosted on enterprise-class hardware with automated fail-over and load balancing increases data availability. And because data is encrypted at rest and in transit, it is much harder to use in the event of a security breach.
However, no system is infallible – including Office 365. Despite these protective measures, your data may still be at risk.
Ransomware
Malware that encrypts critical files is enough to give the IT manager nightmares. And high-profile outbreaks like NotPetya and WannaCry have helped to emphasise just how serious a threat ransomware poses to corporate networks.
Offloading storage and email functions to the cloud does help to raise the overall security of your corporate data assets. However, once infected at source, encrypted files are replicated to the cloud, rendering the off-site copy of your data similarly useless.
User error
Despite the media attention given to hackers and malware, the number one threat to the company network remains your users. Around 50% of breaches are caused by internal users.
Office 365 has some of the finest enterprise-grade security provisions available – but they can’t always protect you against stupidity and carelessness. It’s incredibly easy to delete a file by accident – and it may take months before anyone realises. Similarly, a leaked password could cause havoc if it falls into the wrong hands.
Malicious users
Less common, but even more dangerous are malicious users. These individuals are actively looking for ways to undermine their employer. They will delete data, corrupt files and change configurations to cause disruption, loss and confusion.
Generally, these users simply abuse their own security permissions, pushing the limits of what they can do. Most don’t want to get caught, so they won’t draw attention to what they are doing – and their actions may take quite some time to be exposed.
Facing the inevitable
No matter how hard you try, completely blocking all of these threats is unlikely. Despite your best efforts, eventually, someone is going to “accidentally” click a link that triggers a ransomware download. Or deliberately delete some important information.
Your business needs to tighten defences to reduce incidents of data loss – but you have to be aware that Microsoft Office 365 isn’t going to do everything for you. Much of your preparations will focus on how to recover after a data loss incident.
Robust and reliable backup and recovery will be crucial to dealing with these issues. Microsoft provides some data recovery options for their cloud services, but they are very basic. Often this is little more than a recycle bin that empties automatically every 30 days.
In some cases, issues may be identified within 30 days which is great. But one extensive study suggests it takes 280 days to identify and contain a breach. Clearly, you need a more robust backup and recovery system is required.
Cloud-based backup to the rescue
Once your defences are in place, attention must turn to how you can recover data and operations as quickly as possible. This will require a new approach to backup that can address the hybrid nature of your operations.
Moving backup to the cloud creates several new opportunities. Capacity scales automatically as your data estate increases without the need for additional infrastructure spend in your data centre for instance.
Cloud-based services are often more resilient to cyberattacks and ransomware. Replicating files to a third location (outside the local network and the Office 365 ecosystem) adds another layer of protection. Importantly, recovering data from the cloud can be extremely fast, almost instantaneous – perfect for when you need to deal with a ransomware infection immediately.
Abstracting backups in this way makes it extremely difficult for every copy of your data to be lost permanently. A malicious employee may be able to delete files – and even the Office 365 backups – but they cannot access the versions backed up automatically into the external system. Even if the loss doesn’t become apparent for many months, the missing data can still be recovered from the third-party cloud backup.
Data loss is a very real possibility, even when using Office 365. But by adding a cloud-based backup service into your technology stack, you are well prepared to deal with any incident.
WTL offers Secure Backup for Office 365 providing a resilient business continuity solution in the event of data being lost corrupted, or accidentally deleted. To learn more read our Office 365 Secure Backup brochure.