M365 - Your critical data!
Good afternoon. I hope that everyone's week is going well. This week, Dell F.A.C.T.S. will again focus on Dell’s industry-leading APEX Backup Services (ABS). ABS is a SaaS-based solution purposely built in AWS, using AWS microservices that allow our customers to protect all their workloads regardless of location.
Today's focus will be protecting M365 data and ensuring it is available to our customers in a cloud-adjacent backup should there be an issue accessing M365. With Enterprise companies storing business-critical data in Exchange, OneDrive, SharePoint, and Teams, each company must have a data backup in a separate location. This is where ABS for M365 comes in!
?Is your company protecting its data via Microsoft’s Shared Responsibility Model?
Newly Released Entra ID Support!
Top 3 Threats to M365 Data
?Manage the gap
Since Microsoft has a shared responsibility model, you must understand what they will and will not do regarding your organization’s data. Then, you need a plan to help you manage any gaps.
?Microsoft retention times Managing your cloud data means managing the contract expectations. So, let’s explore what Microsoft promises regarding M365 data retention policies .
This is how Microsoft defines customer data in their retention policies:
?Content directly provided/created by admins and users. This includes all text, sound, video, image files, and software created and stored in Microsoft data centers when using the services in Microsoft 365.
?This is the retention time given for customer-created data:
?Active Deletion Scenario: at most 30 days,
Passive Deletion Scenario: at most 180 days.
领英推荐
Insider Threats
Disgruntled employees have been destroying data in acts of revenge for as long as we’ve had office work. This doesn’t change because you use a collaboration cloud to create business data. You need to ensure your data is protected from internal malicious threats.
?Microsoft cannot tell if data was deleted maliciously. And if you only discover the bad faith activity after the M365 retention period has expired, you’re facing a data loss event. In this case, you must have a third-party data protection solution to mitigate the damage.
Ransomware
Ransomware attacks are increasing faster than most IT organizations can handle. In most ransomware attacks, an attacker encrypts your most important business files. In many cases, the attack targets your backup data, ensuring you don’t have an easy way to recover these files. Finally, they hold this data hostage until you pay a ransom. Even after you pay, there’s no guarantee that the attacker will make the data available to you again.
?Microsoft has sophisticated defenses to protect its platform. However, the shared responsibility model means you’re still responsible for your data if a ransomware attack encrypts it. Microsoft recommends third-party solutions as the best defense against ransomware. It states, "if you have offline backups, you can probably restore the encrypted data after you've removed the ransomware payload (malware) from your environment and after you've verified that there's no unauthorized access in your Microsoft 365 environments.”
?The first step after an infection is to disable Exchange and OneDrive sync so you can stop the spread of data encryption. This is because if your files are encrypted on your laptop, they can sync to OneDrive. Of course, email can also be used to spread the attack to other users. Microsoft tells you that offsite backups are the best protection you have from ransomware on their platform. Microsoft 365 does have some built-in retention and versioning capabilities that help you retain data after deletion or modification, but they are not backups. Since ransomware attacks and encrypts file data, let’s look at the protections OneDrive and SharePoint Online provide. Retain deleted items for 93 days by default; only OneDrive explicitly offers the ability to recover back to the point of up to 30 days. This may seem like an excellent way to “roll back” to a file version pre-infection, but ransomware can infect and hide for weeks or months before launching an attack. More importantly, the versioning provided by OneDrive and SharePoint is unsuitable for recovering from ransomware. Recovery must happen from a specific time on the entire data set and not individual files to ensure all data is clean. Your responsibility is to find the platform that best protects your vital collaboration data.
Data Integrity & Availability
Each backup is stored in an AWS Storage Region and then duplicated into three Availability Zones in the storage region.
Integrations