Knowledge base

July 08, 2022

If you don’t back up Microsoft 365 and G Suite, you don’t deliver business continuity

The combination of increasing ransomware attacks, remote workers and heavy reliance on collaboration tools such as Microsoft 365 and G Suite has created a perfect storm for MSPs and a perfect scenario for hackers. MSPs juggle the risks of limited retention, human error and complete downtime, while bad actors find open door after open door. Access to data from any location is vital for today’s hybrid work environments, but without third-party backups via comprehensive business continuity and disaster recovery (BCDR), MSPs and their SMB customers are at risk.

How confident are you in your ability to recover lost or stolen data in Microsoft 365 and G Suite? This article highlights four features for uninterrupted business continuity that also ensure fast and reliable recovery. Consider these questions about your current solution before reading on …

  • How long does it take to locate and recover lost data for client access?
  • What is the cost to clients for data storage, including overruns and overprovisioning? How do those fees affect your relationship with customers?
  • Are you able to meet long-term compliance requirements? If so, what is the cost of management and technical time? If not, have you lost any customers because of it?
  • How do you recover if a client is hit by ransomware or accidentally delete data?

Business continuity requires backups; You can’t have one without the other

While Microsoft 365 tools for business support collaboration and data access everywhere, they do not provide data loss protection. Many assume that a brand like Microsoft contains safeguards against today’s most pressing cyber security problems, but it’s just not their thing. This fact is clearly stated in Article 6b of the Microsoft Services Agreement:

“We strive to keep the Services running; however, all online services experience interruptions and outages from time to time and Microsoft is not liable for any interruptions or losses you may suffer as a result. In the event of an outage, you may not be able to retrieve your content or data that you have stored. We encourage you to regularly back up Your Content and Data that You store on the Services or store using Apps and Third Party Services.”

Microsoft 365 has a limited retention period of 14 days for deleted data or 30 days with special configuration, but 56% of breaches go undetected for months. Even with accidental data deletion – a common problem within collaboration tools – companies often go through long periods of time before someone realizes that a critical file or folder is missing. Perhaps an old employee’s account is deleted, someone decides to clean up shared folders or a clever phishing attack gives hackers access to the internal system. However it happens, human error remains the leading cause of data loss and requires proactive protection to ensure true business continuity.

Many MSPs have clients using G Suite and Google has known vulnerabilities. Google Drive can replicate fraudulent files already in a file system using google’s Backup and Sync tool. In 2019, Google acknowledged a vulnerability in its Chrome OS “built-in security key” feature.

And around the same time, hackers were able to launch a phishing attack that used Google Drive and Google Docs to hide emails and embed links with malware, according to
. In that case, the malicious actors could fool employees and bypass security measures configured to protect email.

Google’s Terms of Service do not accept liability for data loss:

The only commitments we make about our services (…) are (1) described in the Warranty section, (2) stated in the service-specific additional terms or (3) provided under applicable law. We make no other commitments about our services.

Proactive protection for your customers should include backups of Microsoft 365 and G Suite data. Without it, you can’t promise customers that they can keep their business running no matter what – and that’s your job as an MSP.

If you think Microsoft and Google Backup are sufficient? Think again.

Of course, Microsoft and Google offer some of their own backup tools, but the whole reason third-party services are recommended is to avoid complete downtime. When an MSP allows a customer to back up business critical data to the same cloud where their data is stored, the MSP cannot provide business continuity. At that point, it is out of the hands of the MSP and customers rely solely on Microsoft or Google.

The problem here is that during infrastructure outages, backups also go down, which means things come to a screeching halt. And if you think these cloud providers are too big to fail, or it never happens, listen to Microsoft’s own words, “all online services suffer occasional interruptions and outages.” Microsoft 365 had a global service outage that lasted more than 9 hours, and Google was down for about 6 hours during one of their global outages. Can your customers afford to be without email, contacts, calendars and work documents for hours on end?

Data loss happens, even in the cloud and even with the biggest cloud providers out there, but with the right business continuity, companies don’t have to suffer.

Source: axcient

Want to know more?

Get in touch

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Weekly in Your Mailbox.