Why You Should Backup Microsoft OneDrive
OneDrive is a productivity tool which allows file synchronization and sharing for enterprises. It is an important part of the Microsoft 365 offering and is designed for users to store and share files, along with collaboration capabilities that make their daily jobs easier. With OneDrive on the web and desktop, employees can access their business files as well as the files shared by other people or teams. It also provides a generous amount of cloud storage space (1TB) per user that can be increased to as much as 25TB per user depending on the licensing plan one has with Microsoft.
Why OneDrive for Business is so popular
- Accessibility: Data accessibility with OneDrive is easy. Microsoft 365 is served out of Microsoft’s Azure data centers that have a worldwide presence. Users can easily save files in one device, access them seamlessly from another, and also share them with co-workers halfway across the globe in a matter of seconds.
- Security: OneDrive encrypts all data using strong encryption, both in transit and at rest. When sharing files, OneDrive also has the option to enforce link expirations so recipients are required to consume shared content within an allotted period of time. Additionally, administrators can impose permission limits that prevent the possibility of information being shared through file/data transfers with people outside the organization.
- Offline work: With the OneDrive sync client, users can download content to their local workstations and work even without an internet connection. When a user connects to the internet, documents automatically get synced back to OneDrive storage in the cloud.
- Files On-Demand syncing: OneDrive equips users to access files on demand and have only specific files which they prefer to be ‘pinned’ or be downloaded to their endpoints. This allows users with relatively small disk drives on their devices to still store large amounts of data in OneDrive.
So Why backup OneDrive?
The shared responsibility model
Like many other SaaS and cloud vendors, Microsoft works on the model of Shared Responsibility. This means that while they take responsibility for certain things like the infrastructure, network, uptime, and other SLA parameters surrounding the Microsoft 365 offering, there are other things that they expect the customer to be responsible for. Two of the things that customers are responsible for are (i) Data and (ii) Security.
Organizations that use Microsoft 365 should know that it is the organization’s responsibility to ensure that their data is safe and is secured. If a business loses data in OneDrive due to the act of a user or administrator in the organization, Microsoft may not be able to help much other than suggest you look in the recycle bin where deleted data is preserved for some days. Although there are options to purchase in-place archiving from Microsoft – that comes with its own downsides (more on that later).
1. Cloud storage doesn’t necessarily mean safe data
OneDrive storage in the cloud is vulnerable to ransomware because it synchronizes directly with local storage on user endpoints. So, any type of change in the data on the endpoint is faithfully replicated to the OneDrive copy in the cloud. This includes changes that are good and bad. For instance, a ransomware attack, as it rips through files locally and encrypts them, will cause the OneDrive file-sharing engine to synchronize these changes to the cloud storage copy– destroying the copy of data in OneDrive as well.
2. Users who leave the organization
Once employees leave the enterprise and their Microsoft 365 license is relinquished, Microsoft allows 30 to 90 days of time during which it is the company’s responsibility to recover the employee’s data and make a persistent copy. In case a business wishes to retrieve data belonging to employees who have been gone for longer than this time – OneDrive will not be able to fetch and store such data. Microsoft’s in-place archiving can come in handy in such cases, but it comes with downsides and at a cost that many enterprises are loath to incur.
In such cases, enterprises should make alternate arrangements (such as having a robust OneDrive backup process) so that they don’t lose access to important data.
3. Insider threats
Armed with detailed knowledge of physical and network layouts, or with privileged access to critical functions, and with a deep understanding of internal business practices, malicious insiders are always in a position to cause a tremendous amount of damage to businesses if they intentionally or unintentionally delete valuable data out of OneDrive.
62% of insiders with malicious intent are “second streamers,” so called because they seek to create a second stream of income or other benefits by misusing information for monetary or personal rewards. – Gartner study
Regulatory compliance
Most regulations (like Sarbanes Oxley, HIPAA, or the GDPR) require businesses to protect data. A key aspect to achieving regulatory compliance is to have a second or alternate copy of your data, in case the primary copy is damaged or lost. And this includes data in the cloud as well as on your premises.
All of the above are reasons why enterprises invest in backup solutions to protect their data – even data in OneDrive. An enterprise class backup solution like Parablu’s BluVault lets you recover your data when you want – and won’t limit your recovery period to 30 days or 90 days. You won’t have to race against time to make copies of user data when they leave your company. Or be worried that they may delete valuable data before they leave. And last, but not least – it affords you protection in the event of a ransomware attack. You can recover your data on your own terms without having to negotiate with an attacker.
But, what about Microsoft’s built-in archiving feature?
Microsoft does provide what they call an in-place archive for data in Microsoft 365. Think of it as a recycle bin that allows for retention of 30days, 90days, or more depending on the type of Microsoft 365 license you have acquired and archiving features you’re paying for.
But an important thing to understand is the difference between a backup and an archive.It is easy to get the two confused – and there are important differences between them:
- Backup: Data backup protects enterprises’ active and inactive business data. It stores a copy of production information. The original data still resides on the production storage systems. That means if the backup system faces a major data loss, an enterprise can still continue normal operations as the production data is not impacted.
- Archive: Archive solutions are usually used to retain inactive or older data for extended periods. Archives are optimized for low-cost, long-term storage, and don’t always make an alternate data copy Any loss or corruption of an archive system could result in the permanent loss of production information.
The archiving in Microsoft 365 does not result in making a second copy of your data – it is still the same copy, just hidden away from the user’s view and presented differently as an archive copy.
An archiving approach will not satisfy most regulations that require a backup to be made and preserved.
Why BluVault for Microsoft 365?
Parablu’s BluVault for Microsoft 365 offering is designed to protect data in the cloud-like emails in Exchange Online, files in SharePoint Online, and OneDrive for Business. It is a cloud-to-cloud backup which means it has no impact on your end-users nor does it demand anything in terms of additional infrastructure you need to purchase and stand up. It is hosted out of world-class data centers with a presence across the globe and gives an enterprise the support it needs from a regulatory standpoint, as well as defend against ransomware and insider threats.
1. A tamper-proof second copy
BluVault is a backup. Not an archive. It results in making a second copy of your OneDrive data that cannot be tampered with by the end-user. It is protected from ransomware with a virtual airgap. This is particularly important because advanced ransomware attackers now target backups as well.
BluVault also lets the enterprise control encryption keys used when backing up data. These keys can be changed at any time by an enterprise administrator to ensure that the business has sole access to their data – not Microsoft or Parablu or anyone else.
BluVault has built-in features to automate backups via schedules, encrypt data both during transit and at rest, built-in versioning, policy-based controls to select what should (and should not) be backed up, as well as detailed reports and audit logs.
2. Information at your fingertips
With BluVault’s eDiscovery option, all backed-up data is searchable. Users can find any file from the backup vault, at any time, in a matter of a few seconds. Users can search by filename, extension, or even contents within the file and have the results appear. They can even navigate directly to the file location or download the file right away.
The eDiscovery module also enables administrator-led searches that may be required by legal teams or by Human Resources. Searches can be executed for data only on specific users and matching specific word/phrase criteria.
BluVault also supports the Legal/Hold feature that allows administrators to assign special policies to identified users which align to Legal Hold requirements. The aging of backup data is suspended for users in such policies while eDiscovery searches might be ongoing.
3. Centralized management
BluVault’s built-in reports and activity logs make monitoring operations easy and efficient. It has role-sensitive dashboards which automatically adjust its view to the logged-in user – whether they be administrators, delegated administrators, or end-users. Moreover, its ability to delegate administration based on department or geography helps IT teams focus better to quickly identify any anomalies or deviations while data is being backed up. Additionally, it has an intuitive console that is bereft of unnecessary and distracting options and is designed to be simple and easy to use. This empowers enterprises to become much better at monitoring, managing, and controlling all backup activity without steep learning curves.
3. Policy-based backups
BluVault provides policy-based management that allows an administrator to easily control all elements of backup behavior – backup schedules, folders to include/exclude, file types to include/exclude, number of versions to retain, file size limits, user quota limits, etc. Once these parameters are set, all OneDrive for Business accounts pointed to the policy read these parameters and change their backup behavior in a matter of a couple of hours.
4. Audit logs and reports for internal and external auditors
BluVault is completely auditable and it automatically logs all touchpoints in the system and provides several reports which can be scheduled to run or generated automatically. One-click activity reporting features ensure you can always track and manage the movement of data. Reports and audit trails also help to keep organizations on a defensible platform when it comes to regulatory compliance.
5. eDiscovery and Litigation Hold
BluVault provides the ease of searching and finding what you need in a matter of seconds. Powerful search features enable eDiscovery for legal or other needs. Search by filename or keyword. Or, in the case of Exchange Online, search using To:, From:, Subject:, combined with keywords.
As you can see, there are several reasons that make it important to backup your OneDrive data. And several more reasons that make Bluvault the right choice for an automated Microsoft OneDrive backup solution.
If you wish to see Parablu’s BluVault in action, ask for a personalized demo here or contact us at info@parablu.com.