Office 365 backup. While we can all agree that it’s wise to have data protection and redundancy some capacity, how much you need is a bit more up in the air. Seeing this divide in the community, we reached out to industry icon Tony Redmond and set up a Great Debate to settle things once and for all: do you need a third-party Office 365 backup solution, or are the native solutions enough?
After a riveting debate between Tony and our own John Hodges (and with fantastic moderation by CollabTalk CEO Christian Buckley), attendees had plenty of comments to share. We took the time to speak with John Hodges and get his take on some of the more interesting points discussed post-debate. Enjoy!
Should You Retain Data Forever?
John: Yes, please don’t keep it forever! That’s not very green, and the cost to your lawyers in the next eDiscovery will be a problem!
We actively work on customer accounts that are sadly running low on out-of-the-box storage and considering purchasing new plans from Microsoft to cover the storage gap. I’ve written blog posts from the point of view of a data hoarder before; to be clear, the big risk here is going to be in security long-term, not just the storage.
Is Backup Green?
John: I love this post – it makes me think very serious thoughts about my industry! I’d welcome this as a future point of debate! (@Dux). Here’s my stance so far:
John: All very valid stories! As Tony stated during the debate, you must take the necessary steps to secure your account to begin with—he’s 100% correct in that regard.
Take one of our best case studies at Walls Construction, for instance. If all you do is look to a backup solution to recover from a Ransomware attack without asking how this happened, you’re now returning data to a high-risk environment. Good data governance practices are a must in this layered solution.
At the same time, however, blanketing an environment with a native “set up right from the start” policy around retention is not as simple as many claim it to be.
You may lack the authority to dictate retention policies natively! Backup is squarely in the domain of an IT admin. However, to keep content natively means you’re now subjecting your company to potential impacts that are likely outside your purview—namely that retention policies guarantee the presence of data for future eDiscovery cases if they’re not setup to actively dispose of content first!
You may owe more money in the end than a backup solution!
For an environment that heavily relies on kiosk or student licenses (E1, F1, F3, G1, etc.), you don’t have the licenses required to deploy retention policies on mailboxes and OneDrives for these users. Upgrading to an E3 / G3 can often cost $10/user/month, which far exceeds even the most expensive user licenses we’re familiar with from the backup industry.
In addition, Microsoft limits the amount of “free” storage in SharePoint Online sites for user data. Any data in your preservation hold libraries are counted against this quota, meaning you may be paying high prices per GB going forward for growth in your environment due to retention policies.
Complimented by Michael Weaver: “Where does risk come into this? Is there an argument that the data is safest in the tenant where, if setup correctly, it is safe, and am I adding risk by having this data somewhere else as well? What happens if my backup system / credentials get compromised?”
John: The same due diligence we’re asking you to do natively is the same we’re asking here for any cloud backup vendor, including identifying how that information is stored. AvePoint supports a model where customers can bring their own storage (optional), bring their own authentication (Azure AD), and bring their own encryption keys (Azure KeyVault). In this way, the same diligence you’re following to encrypt and secure data natively is followed by our backup solution!
Files Restore to roll back the changes for your entire Team Files, SharePoint library, or OneDrive over the last 30 days (a worst-case scenario rollback)
Microsoft preserves backups for 14 days, and admins must engage Microsoft support for a full rollback (a worst-case scenario rollback)
To be clear, protecting data with ECM controls is an intentional step. This isn’t on by default. That means even Tejalkumar’s comment isn’t valid – none of this is set from the start! Thank you to Philip for support on this point! Two more quick points:
Retention labels can compliment this for individual files, but for true protection you must start at the Policies level.
Wrap Up
Once again, we wanted to thank all of our Great Debate attendees for engaging with us on this heated topic. With more organizations moving to Office 365 than ever before, knowing how to make an informed ROI-based decision regarding backup is a must, and it’s our hope that the debate itself and this follow-up post helped you do just that. Have a question or comment that we didn’t answer? Leave a comment below and we’ll try to help!
John Hodges is Senior Vice President of Product Strategy at AvePoint, focusing on developing compliance solutions that address modern data privacy, classification, and data protection needs for organizations worldwide. Since joining AvePoint in 2008, John has worked directly with the company’s product management and research & development teams to cultivate creative ideas and bridge the gap between sales and technology – providing a practical target for innovation and a focused message for sales and marketing. John has been actively engaged in the SharePoint community for several years, working with many Fortune 500 companies to drive sustainable adoption of Microsoft technology and optimize SharePoint’s larger purpose-built implementations. John’s insights and opinions on modern Information Technology can be found in various industry publications, as well as throughout this numerous speaking sessions in webinars and at events worldwide.