Read time: 8 minutes
Though work from home was in existence much prior to the recent COVID-19 pandemic, the latter has given us enough reasons to adopt and adapt to hybrid work. To sustain the productivity and success of organizations, the latter have welcomed the hybrid working environment and adopted, supported, and maintained the working of organizations. Software companies have also developed numerous software programs to aid and support hybrid work. One of them is Microsoft 365, which has persistently tried to develop and create new programs besides enhancing the existing ones by adding more features to ease collaborations and communication, planning and assigning tasks, etc., for organizations, institutions, professionals, students, and individuals.
But before moving entirely to cloud-based services, users should know how secured their data on the cloud is and what the responsibilities and accountabilities of both the cloud service providers and the users would help in the maintenance and security of data. Moreover, though testing faculties of cloud service providers try their best to keep their programs fool-proof, we cannot deny any unexpected and unexplained issues which may hinder or decelerate the efficiencies or working of the programs. One of the scenarios is concern regarding storage and persistent availability of on cloud, entire data of users using Microsoft 365. Thus, we are here to discuss why it is very important, rather critical, to back up Microsoft 365.
Understanding the shared responsibility model
It is important to understand that for all public cloud services, all the users should follow the ‘shared responsibility model’ and be aware of and understand which security tasks are to be handled by the cloud service provider and you. The workload responsibility varies with the nature of the service – whether it is Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or an on-premises deployment. The last one is not a cloud service. Below we are presenting workload responsibility distribution in a tabular form.
| Responsibility | On-Premises | IaaS | PaaS | SaaS |
|---|---|---|---|---|
| Classification and Accountability of Data | User | User | User | User |
| Client and End-Point Protections | User | User | User | Shared |
| Identity and Access Management | User | User | Shared | Shared |
| Application-Level Controls | User | User | Shared | Microsoft |
| Network Controls | User | Shared | Microsoft | Microsoft |
| Host Infrastructure | User | Shared | Microsoft | Microsoft |
| Physical Security | User | Microsoft | Microsoft | Microsoft |
Understanding responsibilities
In an on-premises deployment which is conventional, all the responsibilities are towards you, i.e., the user. In cloud service, some of these are shifted partially and some entirely to the cloud service provider as we move from on-premises services>>IaaS>>PaaS>>SaaS., as shown in the table above.
- Classification and accountability of data and compliance obligation
Users should ensure their solution and identify, label, and classify their data securely and correctly to fulfill any compliance obligation. They should also distinguish between sensitive and public data and move the data to the cloud accordingly.SaaS solutions like Office365 and Dynamics 365 can protect the data of customers like Office Lockbox and Data Loss Prevention, but ultimately, it is the user who should manage, classify and configure the solutions for their unique security and compliance requisites.
For PaaS solutions, customers should configure and establish the process to protect the data and the feature of the solution, which protects their data like Azure Rights Management Services and provides the capability to protect data and is integrated into SaaS solutions.
For IaaS Solutions, customers should configure and protect the data which is stored and transferred. Data classification should be done by the user. To meet compliance, customers are needed to audit all virtual devices which are deployed within their solutions.
- Client and end-point protection
Since devices used are various and numerous, it becomes essential to define definite limits and responsibilities for devices that are used to connect with the cloud service. Cloud solution providers may offer capabilities to manage end-point devices like Microsoft Intune, which provides secure device management, PC management, and mobile application management capabilities. But the latter still requires accountability of the users. - Identity and access management
It enables the users to access and use resources in their organization. In PaaS and SaaS solutions, it is a shared responsibility and needs proper implementation, like configuring an identity provider, configuring administrative services, establishing and configuring user identities, implementing service access control based on role, and administrative control in both users and control points. Azure Active Directory (Azure AD) is an example that provides multifactor authentication, identity protection, etc.IaaS solutions need customers to configure and manage the identity and access controls over the managed hosts and virtual devices. Though it supports identity and access management for virtual devices, solutions like Azure AD need configuration at the virtual device level. While running IaaS services, you should pay attention to the additional security and compliance responsibilities.
- Application-level control
Applications and services managed by PaaS, like web services, docDb, IoT, analytics, media services, etc., provide a completely secured solution and thus reduce the responsibilities of the users.
In IaaS, it is the responsibility of users to protect and secure the operating system and application layers of virtual devices they deploy from any attack and not compromise. - Network control
Network control comprises configuring, managing, and securing the network components like virtual networking and balancing load DNS and gateways. It helps the services to communicate and interoperate.In SaaS solutions, management and security of network controls are taken care of as part of the software as the network infrastructure is extracted from them.
In PaaS solutions, just like SaaS solutions, the service provider does the configuration.
In IaaS solutions, it is the shared responsibility of the user and the service provider to deploy, manage, secure, and configure networking solutions that are to be applied. - Host Infrastructure
Responsibility for host infrastructure comprises configuration management, securing compute, storage, and platform services. Host services like operating systems of the service will be operated and secured by a cloud solution provider.In IaaS, it is shared responsibility with users in order to assure optimal configuration and security of the service. This responsibility comprises configuring permissions, and network access controls are needed to ensure correct communication of networks and attaching and mounting of correct storage devices.
- Physical Security
Parts of physical security comprise building facilities, servers, and networking devices. Cloud solution providers have security processes and policies for the protection of infrastructure from any unauthorized physical access maintenance. In case of occurrence of any disaster, then there is a new physical location as well for continued service(s). Other fields for security are capabilities like cooling, air quality management, device management, and power regulation.
Reasons to backup office 365
Before we discuss various scenarios and reasons when and why you need a backup of your Microsoft 365 data, it is good to know why you should upgrade your Microsoft 365 subscription.
- Deletion of data
Whatever be the reason for the deletion of data, from deliberate, accidental, and intentional deletion of the original files or removing duplicate files, it may result in data loss if there is no backup of it. So if you have an Office 365 backup solution, you can easily retrieve or restore the same. - Ransomware attacks and phishing
Ransomware attackers intrude and get access to the data of an organization through a cloned email with an attachment containing a virus to encrypt the data. They then demand ransom to decrypt the same, and if the organization fails or delays, they then erase the data. Similarly, your credentials are accessed through phishing resulting in account compromise. But when you back up Microsoft 365 data, it automatically scans your backup archive to detect ransomware. Similarly, a new feature Microsoft advanced threat protection protects your data from phishing, but at times users may not even come to know when it gets into the traps of intruders. - Entry of malware and virus through OneDrive
You can sync your OneDrive data to a desktop and vice versa. Though you can access your Microsoft 365 files and data through this and can store and sync them, its use is prone and vulnerable to virus or malware attacks.In scenarios like this, your desktop is attacked and affected by malware or virus. If you have configured the OneDrive application, that too will get infected, leading to the corruption of your data.
- Limitations of eDiscovery
eDiscovery tool of Microsoft 365 is generally used for legal purposes like identifying and retrieving archived data of an organization to use it as evidence in litigation or inquiry. However, it is not a complete backup mechanism. - Teams data structure
Though Teams stores its data in chronological order, for security and compliance purposes, Microsoft automatically removes them after a particular time. But for compliance with the Retention Policy, data is moved to the hidden folder in respective mailboxes. In Microsoft 365 Business subscription, if you have enabled that data to be stored in Exchange mailbox, SharePoint, and Exchange Public Folder, it will be stored there. There are situations when you can no longer restore deleted files of Teams, in which case you would realize that had you taken the backup of the same, you would have been able to retrieve the data any time. - Outage and shutdown
Many a time, users witness outages and shutdowns of Microsoft Cloud services during which they are not able to access any data. In such times, Microsoft data backup proves to be very helpful. - Illicit consent acquired by third-party applications
Sometimes third-party applications installed on your Microsoft 365 account grab your consent illegally through a phishing attack or by inserting illicit code and stealing your data. In such cases, backup of your data works wonders in retrieving it back.
Conclusion
In the present blog, we have discussed that Microsoft 365 users should know that Microsoft 365 is not solely responsible for the entire cloud data of its users, and it believes in and follows shared responsibilities. We have also tried to discuss the latter. The most important thing to bring home to our readers is that backup of entire Microsoft 365 cloud data is essential as in any case of loss of data for any reason, you are able to get it back from your backed-up data for which you need a reliable third-party program like Kernel Export Office 365 to PST. which is not only easy to use but an efficient tool too.
