The Office 365 Shared Responsibility Model
February 17th, 2020 by Kris Price
If you are one of the many companies embracing Microsoft Office 365, you may not realise there is a risk that your data could be lost. With Office 365, all your data, including emails, calendars, groups and files, live in a Microsoft cloud that is beyond your control.
But does it matter? After all, Microsoft offers a financially backed guarantee of 99.9% uptime with state-of-the-art redundancy at every layer. But scratch beneath the surface and you’ll find good reasons to back up your Office 365 data to a central backup repository in your own secure data centre or a trusted third-party service provider’s data centre.
Why should you backup your Office 365 data?
1. Microsoft tell you to!
As part of their own terms of service, Microsoft say:
“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services”.
2. Microsoft doesn’t offer a true “backup” of your data
Whilst Microsoft does provide some basic features to protect against damage to your data, it cannot guard against malicious intent to remove data from users or a targeted Malware attack, for example.
Accidental deletion of an email, OneDrive file, or SharePoint item will move the file to the Recycle Bin. You then need to find it and restore it before it expires, so just hope it wasn’t manually emptied by an administrator in the meantime.
3. Compliance
Many organisations fall under strict email and document retention regulations, where failure to comply can lead to expensive fines or worse. By default, deleted Office 365 data is non-recoverable after a maximum of 30 days. Longer retention times are only possible with more costly or expensive editions of Office 365. And if your Office 365 subscription is ever cancelled, all your data is automatically deleted after 90 days.
Having your own backup copies of your Office 365 data ensures you can comply with regulations regardless of your Office 365 edition and whether your subscription is ever cancelled.
4. Liability
The Office 365 terms of service currently limit Microsoft’s liability to $5,000 or your last 12 months subscription fees should anything happen to your data — assuming you can prove it was Microsoft’s fault. In contrast, the liability you might face if your Office 365 data was lost is potentially unlimited. Given the amount of risk you bear, it’s prudent to keep a copy of your Office 365 backup data in a secure, non-Microsoft location.
5. Audit Rights
The Office 365 terms of service give you no audit rights. This is problematic if, as part of an audit, you are required to show the physical location where your data is stored. Maintaining a backup copy of your Office 365 data in a secure location that you can audit may be an acceptable way to work around this problem.
6. Vendor Lock-in
Having all your Office 365 data in the Microsoft cloud effectively marries you to Microsoft, for better or for worse. If you want to keep your options open, then maintaining a backup copy of your Office 365 data makes it much easier to consider migrating to another vendor’s office productivity service.
Third-Party Backup
Third-party backup solutions like BrightCloud Backup for Office 365 provide you with full control of your data. This gives you comprehensive protection for the following items in your Office 365 environment:
Exchange Online
- Mailboxes
- Email (including any attachments, meta data)
- Calendars
- Contacts
- Tasks
SharePoint Online
- Sites
- Calendars
- Contacts
- Discussion lists
- Document libraries
- List content
OneDrive
- All files
Groups
- Groups data
