Contact Us: 888 965 9988

Blog & News

How Secure is Your Office 365 Data?

Aug 8, 2019, 16:10 PM by Alex Simons

o365 Backup

According to the Q1 FY19 results, Microsoft Office 365 now has more than 155 million monthly active users. This represents a growth rate of over 3 million users per month since November 2015 – making Office 365 (o365) Microsoft’s fastest growing commercial product ever [1].

Gartner reports that 1 in 5 corporate employees are using an o365 cloud service [2]. These rapid adoption figures have made o365 the most widely used cloud service in the world.

Microsoft provides a powerful array of cloud-based productivity applications throughout the o365 platform. Due to the wide range of SaaS capabilities - there’s even a misconception that backup and disaster recovery is provided within the public cloud infrastructure. The data already resides in a secure cloud environment, right?


Microsoft is quick to point out that they are responsible for the availability of the infrastructure. But not the data. That is yours. You control it. And it is your responsibility to protect it. So what do you need to protect o365 data from?

Let’s take a look.

How Data is Lost in the Cloud

With the growing popularity of o365 usage, there is one issue that is not widely publicized – data loss. According to recent study by market research firm, Aberdeen Group, over 32% of the 123 surveyed organizations reported losing data in a SaaS application. These are the top 5 leading causes for SaaS data loss [3]:

Office 365 Data Loss

Data: Aberdeen Group

As you can see 64% of data loss is associated with user error.

In the words of Albert Einstein, “Only two things are infinite, the universe and human stupidity, and I’m not sure about the former.”

There’s a common perception that the cloud minimizes the margin of human error due to the ease of use. But it’s actually opposite. The collaborative nature of o365 actually creates a higher to potential to make mistakes where so much information is shared.

SaaS applications can also be a hacker’s dream. With information as accessible as ever, all it takes is the credentials of one employee to wreak havoc on an environment. These risks were actually reduced through on-prem data storage. But that’s not the case with o365 and other SaaS applications.

Also, what happens if you end your subscription? Do you trust Microsoft to retain your information in their data centers after you decided to cancel? Retention fees are notoriously spotty and you’ll see that Microsoft doesn’t implement long term archiving solutions for their former customers.

The need for SaaS applications to overwrite themselves also causes some concern. o365 needs to be updated in real time on a fairly regular basis. What happens if there’s a bug in the update or if you have a synchronization error? Is the data safe from deletion? What happens if you’re running an outdated version? SaaS adoption figures are taking off at a pace where your organization may be trying to balance 50 different applications.

In the words of Jason Buffington, Vice President of Solutions Strategy at Veeam Software, “As you move to cloud applications, unless you’re using one of the few SaaS data-protection solutions, your data has just gone from well protected to unprotected.”

Einstein Quote

What Levels of Protection Does Microsoft Provide?

To cite the Office365 Trust Center, “With Office365, it’s your data. You own it. You control it.”

It’s obviously important to examine the terms and conditions of any agreement you commit to. Microsoft doesn’t specialize in data backup with their o365 products, so they have clauses in their SLAs protecting them from liability against customer data loss.

Read the fine print:

Microsoft Quote to Backup your Office365

Microsoft is telling you to back up your o365 data.

And if you can prove that Microsoft lost your data (keyword if), Microsoft limits their liability to direct damages up to $5,000 or a one year refund of the subscription.

Critical systems and applications tend to reside on o365 backup workload. So there’s an obvious mismatch between the real cost of data loss and the Microsoft liability clause.

What Levels of Protection Do You Need?

Cloud infrastructure is challenging to quantify.

We’ll spare you from the scary statistics which cite the average cost of downtime at $17,244 per minute [4]. The reality of the situation is that the productivity costs, gross annual revenue, opportunity costs, and risk implications are all unique to your business.

But the financial impact of o365 data loss is directly correlated with the business value of the data. Take a moment to think about what applications you have running in o365. What are the availability requirements in the event of an outage?

Start with the recovery time objectives (RTOs). There are plenty of software offerings that can back up o365 workloads. But how can you spin up your environment in a timeframe that supports your pace of business.

Are there any industry regulations that you need to consider?

If you process personally identifiable information (PII) of European residents – you need to be cognizant of the EU General Data Protection Regulation (GDPR) – as failure to comply can lead up to 1,000,000 euros or 2% of business revenue.

Do you make regular changes to your IT environment?

If so, consider a scalable solution that can keep pace with limited manual overhead. There are plenty of variables to consider when assessing the data protection requirements of your o365 environment.

So how do you align the features and functionality with your business requirements?

Bridge the Gap with a Cloud-to-Cloud Backup Solution

O365 Diagram

Cloud-to-Cloud (C2C) backup is the practice of replicating data from one cloud environment to another. The SaaS backup methodology enables your IT department to take advantage of o365 without the risk of data loss. The flexible cloud architecture also eliminates capital hardware expenditures and enables automation for increased operational efficiency.

KeepItSafe Data Protection-as-a-Service (DPaaS) solutions leverage the 2019 Veeam Innovation Award Winning o365 backup solution for our cloud-to-cloud service offerings. Our cloud-to-cloud solution has the ability to back up your entire o365 environment and manage the data protection through an easy-to-use interface that quickly assures protection and recoverability, while scaling as your organization grows.

Take back control of your o365 data.

Schedule an Office365 Data Loss Prevention Consultation today.


Subscribe to our Newsletter

Enter your email below to be notified about new articles.

Download Analyst Report

Disaster Recovery Planning

“Disaster Recovery Planning: Getting from Good to Great”