Critical backup tips for Office 365, other cloud-based SaaS applications

Nov. 7, 2022
Since Microsoft does not guarantee large backup protection, having a cloud option is critical to operational resilience

For years, cloud-based SaaS applications such as Office 365 have become a fundamental part of many business workflows and a “catch-all” for all things data, enabling teams to share documents across multiple devices, easily store data in a public or private cloud, and collaborate in real time. But many miss a vital caveat. While Office 365 - along with many other SaaS apps - does store your data, Microsoft does so under a large condition: they do not guarantee that they will restore data if you end up losing it. Thus, no protection exists against data deletion - whether it be accidental, intentional, or via malware or ransomware. A growing issue as Office 365 has remained the prime target for SaaS attacks in 2022.

As a result, backing up data to the cloud has never been more critical to ensure organizational resilience against bad actors or other sources of data loss. Let’s dive into some vital backup strategies for cloud-based SaaS users that can help mitigate data loss and financial damages from security breaches.

Avoiding On-Premises Backups

When assessing backup options, organizations may be initially tempted to resort to the more traditional legacy approach of backing up their data on-premises, especially if they also have a live copy in the Microsoft cloud. However, relying solely on on-prem storage falls short in several key areas when it comes to data security. First, oftentimes the amount of data being backed up and stored quickly outgrows on-prems’ capabilities, creating extra complexity and costs to maintain and scale capacity.

Second, on-prem backups require constant synchronization with live data. Regularly updating this backup data takes a significant toll on an organization’s time and resources, especially if they are producing vast amounts of data, to begin with. And lastly, on-prem storage leaves companies more vulnerable to data loss and cyber risks, as it essentially acts as just one copy of data that can be easily targeted and destroyed. This is where the cloud and other complementary backup solutions, like Veeam, that are able to restore data in the event of human error or a breach, come into play.

Diversification, Recovery Testing and Immutability in the Cloud

As opposed to on-prem backups, cloud storage provides a much less risky and more flexible, cost-effective option for cloud-based SaaS users. Not only is it generally less expensive than on-prem options, but it is also less costly from a time and resources perspective, as maintenance and configuration are now of the vendor’s concern. There are also a few key features of cloud backups that can help better mitigate the effects of data breaches and ransomware attacks:

Diversification. By moving to the cloud or a multi-cloud approach, organizations can diversify their backups and avoid putting all of their eggs - or data - in one basket. IT teams that store all of their data in one central location risk losing everything if threatened by a data breach or bad actor. Adopting a ‘3-2-1’ backup approach, otherwise known as keeping three copies of data, with two on different media formats and one off-site, helps prevent hackers from accessing all storage locations and enables companies to continue functioning during an attack, reducing downtime.

Recovery testing. When storing data backups in the cloud, companies can leverage recovery testing to assess their recovery process ahead of any threat. In the event of a ransomware attack, organizations that have effectively backed up their data to the cloud are able to quickly eliminate the ransomware by clearing its slate and recovering that data with minimal downtime. While a valuable feature, the recovery process can be both complicated and time-consuming when the time comes to use it, and should be tested in advance to identify and address any issues before a real attack. Luckily, the cloud enables businesses to seamlessly test their recovery processes by allowing easy access to data, providing plenty of preparation time.  

Object-level immutability. Some cloud providers offer immutable storage capabilities that prevent anyone, even a systems administrator, from tampering with, modifying or deleting data for a set period of time, keeping files safe against disruption. This feature can even help prevent ransomware attacks from the start, when bad actors attempt to encrypt the data. Immutability acts as an important extra layer of protection for organizations’ cloud backups.

It is clear that security threats for Office 365 and other cloud-based SaaS users are not going away anytime soon. Users can no longer ignore these security concerns and must do all they can now to protect their valuable data assets against cyber risks. And this begins and ends with effectively prioritizing cloud backups before it’s too late.

About the author: David Friend is the CEO and co-founder of Wasabi Technologies, his fifth tech startup. Wasabi is ushering in a new generation of cloud storage solutions. Prior to Wasabi David co-founded Carbonite, one of the world's leading cloud backup companies. David graduated from Yale and was a David Sarnoff Fellow at Princeton