Thought Leadership

Should You Back Up Your Office 365 Data?

Mainstream Technologies GetITback(October 2020) Data backup and disaster recovery are arguably the most business-critical tasks assigned to any IT organization. If you can’t regain access to your data when computers crash, malware attacks or disasters occur, your business may not recover.

More than half of the entire U.S. workforce now works remotely, and most of these folks are using laptops and mobile devices to access and generate business-critical data. However, research finds that remote workers rarely back up data stored on their endpoint devices, dramatically upping the risk of significant data loss.

Cloud-based email and file storage solutions such as Microsoft Office 365 and OneDrive for Business have become widely adopted by organizations looking for more robust collaboration and file storage options for remote workers. These solutions have also helped address the issue of data stored on remote devices. However, many do not realize that with cloud-based services such as Office 365, you as the customer are responsible for the security and protection of your data, including backup and recovery.
Shared Responsibility

Cloud services such as Office 365 operate under a shared responsibility model. Microsoft’s primary responsibility is to maintain its global infrastructure components, ensuring they are functioning and available. These components include such things as data centers, storage, connectivity, and the functionality of the applications. In addition, Microsoft, as the service provider, is responsible for the security of their infrastructure and meeting regulatory requirements regarding data privacy and confidentiality.

Customers, or data owners, are responsible for their data that resides in Office 365. This responsibility includes controlling access, complying with corporate and industry regulations, data retention, protecting from accidental or malicious deletion, and protecting from compromise.
However, a recent IDC survey found that 60 percent of Microsoft 365 users rely solely on Microsoft’s native capabilities to protect against data loss. For example, Microsoft 365 retains deleted files in the recycle bin for one month as a hedge against accidental deletions. This is not a reliable form of data protection.

Replicas Are Not Backups Cloud solutions such as Microsoft Office 365 utilize carefully architected infrastructures with built-in redundancy across datacenters and regions. Data is replicated between regions in near-real-time to eliminate the risk of application downtime.

Replication processes are designed for efficiency. Data modification is rapidly synchronized across regions, ensuring application and data availability. From a customer or data owner perspective, this provides significant benefits but has one critical downside. Not only is good data replicated, but data deletions, modified data, and corrupted data are replicated as well. An accidental or malicious deletion of data or a ransomware attack will immediately replicate across regions.

Protecting Your Data Regardless of Its Location
Extending on-premises data protection to your cloud-based email and collaboration provider helps mitigate the potential for data loss. Providers of enterprise backup solutions have added feature sets that provide protection for Office 365 and OneDrive for Business.

The Mainstream Technologies GetITBack solution includes a robust feature set to protect data both on-premises and in Office 365. Other solutions such as Veeam Backup and Replication offer add-on features that extend capabilities to include protection of Office 365 data.

During the first half of 2020, Microsoft reported a significant increase in identity-based attacks targeting login credentials. Combine this with the increase in remote work and you have an ideal scenario for attackers to compromise your cloud data without gaining access to your corporate network.

The bottom-line is yes, you should be backing up your Office 365 data. It is equally if not more at risk than data stored on-premises. You are the data owner and ultimately responsible for its protection.

Contact Mainstream Technologies today to discuss data protection options for your on-premises and Office 365 data or for assistance in evaluating and securing your corporate network and remote users.

Since 1996, Mainstream Technologies ( has established itself as one of the most respected technology companies in Arkansas with headquarters and data center facilities in Little Rock, and sales offices in Conway and Bentonville. Mainstream’s full range of technology services includes IT Management and Consulting, Custom Software Development, Cyber Security, and Data Center Services. Our team of experienced technology professionals serves public and private sector customers across the United States.

Jeff Pracht
IT Business Development Manager
(479) 715-8629 Office
(501) 529-0008 Mobile

Contact Us

  • Industry

  • Category

  • Regulation

  • Solution