CIO

Four common misconceptions about data in the Public Cloud

Microsoft may host the infrastructure for Office 365, but the ownership of your data in the cloud, its access, recoverability and transfer is your company’s obligation, not Microsoft’s.

It’s not news that Cloud-delivered services such as Microsoft’s Office 365 provides businesses with leading productivity centric services for the modern workspace. With more than 100 million monthly active users, and over 50,000 business customers added to Office 365 each month, Microsoft and other ICT service providers have recognised the demand for effective and efficient business platforms to be delivered “As A Service” from the cloud.

Whether you are a cloud-delivered services veteran and evangelist, or simply at a stage of considering the advantages and risks before venturing on the “Journey to the Cloud” it pays to do some solid research.

It is worth considering that while Public Cloud providers invest significantly more into security than the average New Zealand company, with Microsoft’s $1bn invested annually on cybersecurity, that doesn’t necessarily mean that your data is securely stored forever, and there whenever you may need it.

Not so long ago, when the word Cloud was simply a meteorology term, magnetic tape data storage was the medium of choice for quantities of data that were designated too important to lose. An independent copy of the data that can be restored, should the primary source be unavailable. Why was good money spent on these systems? The ability to respond to a crisis by restoring ICT systems to “business as usual”, was, and continues to be, too important to be without.

Now that businesses become ever increasingly reliant on Public Cloud-delivered services, somehow the question of “How does our business respond in a crisis?” foregoes the consideration that something might happen to these cloud-delivered services, or the business critical data residing there.

Below are some of the leading misconceptions that people may have about the need to protect their data in Public Cloud environments.

It’s in the Cloud. What could go wrong?

Cloud-delivered services are not infallible, after all, it’s just someone else’s computer. Public Cloud services delivered by multi-national corporations are no different.

In February 2017, a high profile cloud accounting company experienced a significant outage, claiming they were unaware how reliant it was on a single United States-based storage facility until it crashed, leaving all of their 862,000 customers without a working service.

In April 2018, Microsoft’s Office 365 had a global outage. While the service eventually came back up, many businesses were rendered ineffective for a portion of the day, and in the dark as to how long the outage may last for.

Knowing the types of frustration that these incidents cause for customers, and the genuine potential for long-lasting business impact, it would be unwise to have a more relaxed position on business continuity and backup practices when becoming more reliant on Cloud-delivered services. Consideration and business continuity planning are necessary to mitigate the risks associated with cloud-based critical services possibly being unavailable for hours, if not days.

Public Cloud Providers backup my data.

While Public Cloud Providers such as Microsoft, Amazon, and Google provide an extensive range of powerful services, a comprehensive backup of your data may not be one of them.

In reality, most Cloud service providers will provide (often for a fee) a level of resiliency with their service to ensure continuity, should they have a hardware or data centre failure. However, this service does not often extend to the protection and recovery of customer data, and does not replace a business’s responsibility of maintaining a backup of critical data.

In 2011, when Amazon’s Cloud was starting to gain traction, a crash disaster permanently destroyed many customers’ data. A small survivable loss of data from Amazon’s perspective could be disastrous for businesses where critical data was unrecoverable.

My Public Cloud services are not business critical.

A formal business continuity planning exercise is essential in ensuring that any critical business functions are identified, any reliance on data integrity and availability is recognised, and the associated risks are mitigated.

Storagecraft’s Business Continuity Statistics from 2017 showed that only 30% of businesses reported to having a fully documented disaster recovery strategy in place and that 33% of businesses failed to adequately respond to a disruptive event, despite having a plan. This means that there was an unexpected impact on the business as a direct result of poor business continuity management, with 12% of organisations experiencing loss of data that could not be recovered.

One of the most overlooked business functions is Email and its associated functions. Unfortunately, the reliance on Email is a modern business reality, with over 100 billion business emails sent every day. Email can be key in the eDiscovery process of any legal dispute, with significant pecuniary or criminal penalties in place for non-compliance. This process can be time-consuming and costly for businesses that aren’t positioned for easy access to historical data. Financial records and business transaction details often tie back to Emails and may be required as evidence of information included in financial reports, depending on industry-specific legislation.

Catastrophic disasters are rare, and Cloud services are resilient – A backup will not provide value.

The requirement to restore individual files from a backup can arise due to a system, hardware, or software failures, but far more often than that, are requests that stem from accidental deletion at the end user level, security threats, or gaps in retention policies.

Specifically for Microsoft’s Office 365, the ability to recover deleted items from an email Mailbox has a very limited window and should not be viewed as a data protection policy. Should a recovery be required of a users’ purged deleted items from beyond the set retention policy (which ranges from a default 14 days to a maximum 30 days), the emails and any attachments will be gone for good, never to be seen again.

Past employee data is most at risk, as an Office 365 license that has been removed from a user had 30 days before it is ultimately deleted per the Office 365 Subscription life cycle.

It is highly likely that an offline, independent backup of Emails and other business-critical functions now delivered by Cloud orientated service providers will be required for businesses to satisfy shareholder, customer, and often legislative requirements. With appropriate long-term data retention strategies, and the governance and policies in place to ensure compliance, business stakeholders will be able to rest easy, knowing that no matter what happens with your Cloud-delivered services, your essential business data is protected.

Get fully protected with Plan B’s Office 365 Backup solution

Don’t spend hours searching for a misplaced file or attempting to recover a deleted document. With our Plan B backup solution, your data is locally hosted in New Zealand with the ability to restore your data in just a matter of clicks.

Our solution is fully managed with customisable frequency of backups that suit your unique business needs. Our customisable retention with the ability to self-restore with multiple restore points gives you full access and control of your data.

Still not sure if the Plan B Office 365 backup solution is right for your business? 

Get in touch with us for more information and try our risk-free 60-day trial to be sure this is a right fit for your business.