Office 365 has proven highly popular with public sector organisations across Australia, thanks to its advanced functionality and cloud-based accessibility.
But while Office 365 stores data in the cloud, it does not automatically protect that data from all forms of malicious or accidental interference. Microsoft operates a shared responsibility model, which means users must take on the priority of ensuring data is appropriately backed up and recoverable.
In January this year, executives from numerous public sector organisations gathered in a virtual forum to discuss strategies around the appropriate storage, protection and recovery of data in Office 365.
Hosted by Veeam, the virtual Government Data Security and Office 365 roundtable talked through the key risks and reasons WHY Office 365 needs a data protection strategy attached to it, including descriptions of strategies that public sector organisations could use to ensure data could be safely stored and recovered when required.
Attendees described the pressure they faced in trying to provide appropriate protection for citizen data and the need to ensure they complied with regulatory requirements, as well as their desire to ensure compliance did not introduce additional management burdens.
The following key learnings were highlighted:
- Office 365 is becoming an increasingly attractive target for malicious activity: The number of users of Office 365 exceeded 258 million in 2020, and its rapid growth makes it a prime target for malicious activity. Also, as users of Office 365 grow, so too do the opportunities for inadvertent mishandling of data. Hence having the ability to recover data in the wake of an incident is now critical.
- Data in the cloud is not always protected by default: While cloud-based applications offer numerous security access features, and often provide the advantage of centralised management, data is not always backed up by default. Microsoft operates a shared responsibility model for Office 365 which means users must make their own provisions for how data is backed up and recovered.
- Internal users are also a risk: While it is important to guard against external interference, many instances of data theft or tampering have come from within, such as when perpetrators of fraud have sought to cover their tracks. Backup software is essential for providing clean instances of data and to help identify when data has been tampered with.
- Not all data loss is deliberate: Users will make mistakes, such as accidentally deleting data. This is a critical issue for public sector agencies, especially when that data relates to the citizens they serve. Having a strong cloud data retention capability to meet granular and various tenanted govt service agency requirements, ensures citizen data can be quickly restored, leading to a better experience and outcome for citizens.
- A strong cloud data retention policy equals peace of mind for administrators: In a perfect world, data retention policies would not be necessary. But the scope for malicious and accidental tampering or deletion makes such policies essential. For managers in public sector organisations, it is vital to know that backups are available and easily accessible when needed. This capability can also help to ensure agencies can meet legal and compliance requirements. As one attendee said, this provides peace of mind that is important for helping them sleep at night.
- Functionality should not introduce complexity: When selecting a backup technology provider for Office 365, it is important to choose one that offers powerful features without over-complicating the operating environment. Backup solutions should not introduce additional administrative overheads, and the process of defining and implementing policies and facilitating data recovery should be straightforward and fast to enact.
Veeam Backup for Microsoft Office 365 provides a comprehensive solution for backing up and restoring data from across the Microsoft Office 365 application suite as well as data from on-premises Microsoft Exchange and SharePoint implementations. This ensures that data from all parts of the Microsoft environment can be appropriately protected.
For more information or to talk to one of the team at Veeam please visit Veeam.com
