To say that 2020 was a challenging year for public sector agencies would be an understatement. But in some ways, it has simply accelerated workplace trends that would have eventuated anyway.
For agency leaders and their IT teams, keeping staff safe and productive has required changes to support processes to service the needs of workers who are no longer on site, and potentially more vulnerable to cyber-attacks or other data management challenges.
Even as the working world begins to return to normal, it may be many months before workplace populations get back to historical norms, and remote working is likely to be a much bigger consideration in the years ahead.
But even before the pandemic, the trend towards remote working was already becoming prominent. In the US for instance Global Workplace Analytics found that between 2005 to 2017 there had been a 159 per cent increase in people working remotely.
Technology has been a key driver of this trend, with improvements in wide-area connections and the emergence of cloud-based productivity tools such as Microsoft Office 365 meaning workers today are far less likely to be tethered to their workplace.
So if COVID-19 has simply accelerated existing trends, it is vital that agency leaders think about the longer-term implications of a hybrid on-premises/off-premises workforce, to ensure that gains in productivity do not come at the expense of data protection and governance.
One of the key considerations is how to protect the data that workers are creating and using every day, and specifically in that most ubiquitous of productivity tools, Microsoft Office 365.
This is especially important for public sector agencies, where the sensitivity of the data they manage makes data protection a critical issue. Government agencies are a prime target cyberattacks, and hence it is vital the changes in workforce organisation does not lead to a weakening of data protection.
Office 365 has become the standard for office productivity in Australia and around the world, and its migration into the cloud has meant that applications and data are accessible anywhere.
This has proven advantageous for remote workers, but has also raised new challenges in data governance, as the cloud-based nature of Office 365 brings no guarantees that data is automatically protected. Hence it is important that organisations invest in robust centralised protection strategies to protect data from internal and external threats.
The need to ensure the safety of data managed and stored in Office 365 has been noted by the Head of Systems Engineering at Veeam Software, Nathan Steiner.
“Data criticality, security and resiliency are the three most important priorities for organisations going into 2021 to ensure business success and stability,” Steiner says.
“Cyberattacks have increased substantially throughout 2020. And with Microsoft last year identifying over 13 billion malicious emails to launch malware and phishing attacks within its Office 365 services, it has now become a critical imperative that organisations also ensure that their Office 365 instance is protected, secured and made recoverable outside the Office 365 service itself”
The starting point for safely storing and securing data in Office 365 is to understand what protections come pre-integrated – and what do not.
For example, while Office 365 offers georedundancy, this only provides the ability for a service to continue running in the event of its failure of its primary hardware. This does not include the functionality of backup service, which would make copies of complete datasets at predefined intervals and ensures these copies are stored in separate locations for recovery if the primary record is altered or attacked.
There are numerous reasons why any organisation should invest in dedicated cloud backup and recovery services.
Firstly, despite best efforts, malware and viruses continue to wreak havoc on all manner of organisations, and this threat has grown significantly as more workers have begun working remotely. Having a point-in-time recovery capability means an organisation can easily roll systems back to a moment before the damage was done.
It is also important to remember that not all threats are external. Being able to easily perform point-in-time recovery means an organisation can guard against workers who might have stepped around usual security measures, such as a disgruntled former employee that tampers with data before their credentials are revoked, or a current employee who is deleting or altering data to cover up evidence of crime.
And not all problems in data management arise from hardware failures and cyberattacks.
Accidental deletion is a common problem which no amount of user training in policies and procedures can eliminate. The native recycle bins and version histories included in Office 365 provide only a limited capability for data recovery, and cannot protect from the deletion of an entire user profile. A dedicated backup solution however can provide point-in-time restoration of mailbox items by simply reloading data from a point in time before the deletion took place.
Having a dedicated backup tool can also help ensure an organisation remains compliant with changing data retention regulations and provides surety when reporting on protection strategies or during audits. This provides a level of governance that not just meets compliance requirements, but which also meets the expectations of citizens regarding data privacy. While Microsoft has built in some safety nets, such as Litigation Hold, these do not constitute a robust backup solution.
And finally, implementing backup for Office 365 provides peace of mind for those organisations that are transitioning between on-premises Exchange to Office 365 Exchange Online, especially if they are retaining hybrid email deployments. A properly implemented backup solution will manage hybrid email deployments by rendering the data’s source location irrelevant. This allows for data to be stored wherever is most appropriate, including in AWS S3 or Azure Blob, or with a managed service provider.
Public sector agency data is of critical importance, and those citizens and organisations it describes deserve the highest levels of protection in exchange for the trust they give to agencies.
Therefore we believe it is vital that agencies take the steps necessary to properly protect that data by investing in dedicated backup solutions that mitigate risks and ease the process of recovery when problems do arise.