Can you use Microsoft OneDrive for Business to back-up your Endpoints?
I get this question a lot – especially from Microsoft customers who have recently purchased Microsoft Office 365. Several of them receive up to 1TB of cloud storage per employee, in the form of Microsoft OneDrive for Business – and they think they’ve solved their Endpoint Backup problem. There was one CTO who I recently spoke with that said “Isn’t the whole point of having a cloud file storage service, that people don’t need enterprise backup software anymore?”.
The answer is a little complicated. So, let’s break it down.
Most file storage services (OneDrive for Business included), broadly provide the following things:
- Storage in the cloud
- A means to view, upload and download files using a web browser
- An optional client which allows for automatic sync of the files into a specific folder on your endpoint computer
- Features like ‘sharing’ – which allows you to share a file or set of files with other users.
While file storage services can perform some of the functions a backup requires, they fall short in some critical areas. Importantly:
- The ability to identify files on your endpoint computer that are eligible for backup (preferably based on a policy you can set), and copy them to the cloud. Not simply in one folder, but across your entire computer.
- Keep the copy of data in the cloud insulated from actions on the client. For example, deleting a file on the cloud in response to a deletion on the client. Or allowing a file that infected by ransomware to be deleted on the cloud and replaced by its encrypted version. These would defeat the purpose of having a real time enterprise backup in the first place.
- Ensuring that the data in the cloud environment is safe from prying eyes, by encrypting it with keys known only to the organization, but not to anybody else.
Endpoints Backup to OneDrive for Business
So, going back to the original question of whether file storage services can still be used for effective endpoint backups – the answer is still YES if you can do the following:
- Make sure you’re not relying on the sync client that is provided by the file storage service or using a manual/scripted method to upload or copy files to the cloud.
- Invest in reliable enterprise backup software that can utilize cloud storage as a backup target. Look for software that can minimally do the following:
- Allows you to set policies that define what files/folders you’d like to backup across your endpoints. You should be able to specify file and folder paths, select files by extension or MIME type, and also specify what types of files and folders you want to exclude.
- Perform incremental backups – i.e. identify files that have been modified and move only those to the cloud. Or even better, maybe even move only portions of the files that have changed – this could be especially useful for very large files like PSTs that change very little every day.
- Schedule backup operations that can be controlled via policy over several hundred or even several thousand computers.
- Be able to resume a failed backup from the point of failure.
- Be able to backup files in use or that are ‘locked’.
- Be resource-sensitive and use techniques like compression and de-duplication to save network bandwidth and storage space.
- Allows you to manage data retentions by file versions – so you can get back data from a previous day or even a previous week.
- And of course, make sure that your organization’s privacy is protected by ensuring that the data is sent to the cloud after it is encrypted using your keys.
Until now, Endpoint backups have tended to be low on the list of priorities for IT organizations. But with recent incidences of high profile data losses, increased regulation and ransomware attacks, they’ve become unavoidable. A clean backup every day is still the best defense against ransomware.
Endpoint backup strategies through the years have tended to be of the form of “we ask our users to copy their important data to the file server” or more recently “we’re asking users to copy important data to their OneDrive folder”. But user behavior is hard to change and it is common to find critical office documents under “My Documents” or some other folders on a user endpoint.
If you haven’t considered a professional approach to endpoint backup, it is time to do so.
What I have listed above is only a small subset of features which are important for good backup software – but these are particularly important when backing up to a cloud target. And of course, make sure that the vendor you pick supports the cloud target of your choice.
The cloud’s got your back(up). Safer and more secure than ever.