One of the popular unique selling points of Software as a Service (SaaS) platforms is security. After all, having your data stored off-site on a remote server means it’ll be safe from prying eyes, right? Not only that, but SaaS data platforms like Microsoft 365 promise ease-of-use and built-in security measures – so what could go wrong?
Office 365 and G Suite maintain only near-time copies of the data for protection against infrastructure threats. They do not provide a complete backup — which means when a breach occurs, you can lose your data without any hope of recovery.
If you’ve been using cloud services like Microsoft 365, Google Drive, GSuite, Dropbox, Quickbook Online, and so on without any additional backup protection, you are not as safe as you think you are. In this guide, we’ll explain what the risks are, why they matter to your business, and – perhaps more importantly – how to mitigate them.
Here are just a few of the risks your business might be unwillingly running:
Accidental deletion and human error
A platform like Microsoft 365 does have a couple of safeguards built in – such as a data retention period and geo-redundancy. While these may protect your data in case of disasters, they won’t protect against user error – such as a team member deleting a critical file by mistake. Apps like OneDrive and SharePoint can be set up with data retention periods (a form of ‘soft’ deletion) which are usually around 90 days. But if nobody notices during that time, it’s curtains for your data.
External threats to your cloud-based apps
Just because your applications are hosted on a remote server and spread across data centers doesn’t mean it’s 100% secure. In fact, with phishing attacks getting more sophisticated, the risk of cloud-based apps is just as great as native ones. Take ransomware attacks, for example. A cyber-attacker could use a false login page to steal credentials, then log in to a user’s Microsoft Exchange email account and encrypt every email until a financial “ransom” is paid. There are no tools in Microsoft 365 that can resolve this problem – only a third-party cloud backup of the inbox will do that.
Internal threats to your cloud data
Internal breaches are a very real possibility. Imagine if a disgruntled employee, or even just a recently departed user, decides to make a few changes to your files in the cloud from home. They may even download malware or ransomware directly to the cloud server and compromise your entire operation. Without backup, this can be a terminal situation.
Physical storage failure in the cloud
While the term ‘cloud’ might sound like something ethereal, your data is still stored on a physical server somewhere in the world. And while it’s true that Microsoft uses redundancy to reduce the risk of physical server failure, this only mitigates risk, because you can still lose some data, if not all.
As we’ll see in the next section, Microsoft (and all other cloud service providers) have disclaimers in place to cover them for the loss of your data. Put simply, if something goes wrong, it’s not their fault… even if it is. So, while it’s quite rare if a physical disruption did occur to a cloud server hosting your SaaS data, you’d have no way of getting that data back – unless you’ve got third-party SaaS backup.
You need to meet the 3-2-1 backup rule.
In some cases, there is only one copy in production. (Replication for service availability doesn’t count.) To meet the rule, you need two additional copies, at least one additional medium, and one copy that’s off-site — that is, not in the SaaS vendor’s hands.
Are you as protected as you think? Probably not.
In fact, even Microsoft themselves recommend that you backup your cloud data. Here’s a direct quote is taken from the Microsoft service agreement all 365 users must agree to:
“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”
As you can see, even the SaaS service providers are transparent about the fact that any SaaS data they host on your behalf isn’t guaranteed protection from SaaS data loss or security breaches. In fact, they even go one step further by recommending the use of a third-party backup solution or SaaS data service.