4 Reasons to Back Up Microsoft Exchange Online
Many organizations today are migrating business-critical data to cloud Software-as-a-Service (SaaS) environments. Among these, Microsoft Office 365 is one of the most popular solutions available. Accelerated by the onset of the global pandemic in 2020, many organizations are now heavily relying on and using cloud SaaS environments for business productivity to support the hybrid workforce. One of the popular services that often gets migrated first to cloud SaaS environments is email. Microsoft Exchange Online is part of the Office 365 suite of services available. After businesses migrate their email services to Microsoft Exchange Online, are backups of the Exchange Online service necessary? Let’s look at 4 reasons to back up Microsoft Exchange Online and see how this can be done effectively.
Is backing up Exchange Online really necessary?
Some organizations may wonder if backing up their Exchange Online environments is really necessary. Yes, it is. Why? Even though hyperscale cloud service providers like Microsoft maintain extremely resilient environments from a hardware and infrastructure standpoint, your data is your responsibility. In fact, cloud service providers like Microsoft operate under what they call a “shared responsibility model.” In legal speak, it means that if you suffer data loss, it is your responsibility and they are not liable. You can read about the shared responsibility model in detail here.
While cloud infrastructure failure is on the list of reasons to back up your data, there are reasons why you could suffer data loss when there is absolutely no infrastructure failure. These types of data disasters are equally as dangerous and can lead to tremendous data loss.
4 Reasons to Back Up Microsoft Exchange Online
There are many reasons that businesses should be backing up their Microsoft Exchange Online environment. However, let’s key in on the following reasons:
- Cloud infrastructure failure
- Data loss resulting from end-users
- Data loss resulting from ransomware
- Compliance and data migration
1. Cloud infrastructure failure
While it is rare to have a cascading cloud infrastructure failure that results in catastrophic data loss, it can happen. Back in 2019 on Labor Day weekend, Amazon AWS suffered a catastrophic cascading hardware failure that resulted in around 1 TB of customer data vanishing.
Amazon AWS US-East-1 region suffered a major power failure and subsequent generator backups also failed. This took down a large number of critical infrastructure, resulting in servers and storage going down. While engineers were able to recover a large majority of the systems, the 1 TB of data was not recoverable. This included several customer’s business-critical infrastructure systems.
2. Data loss resulting from end-users
This is arguably the most common culprit behind data loss in many organizations – end-users. End-users commonly are responsible for deleting data they should not have deleted and even intentionally deleting the wrong data, mistaking it for something else. Historically, the user who deletes an office document or performing a File > Save, instead of a File > Save As accounts for a large number of helpdesk calls.
When it comes to Microsoft Exchange Online, this is no different. Often, a user may delete an email thinking it is not important, only to realize days, weeks, or months later, the email contained valuable or even business-critical information needed to carry on business continuity.
In Microsoft Exchange Online, when a user permanently deletes a mailbox item including an email, calendar item, or task, it is moved to the Recoverable items folder > subfolder Deletions.
What actions trigger this operation?
- Deleting an item from the deleted items folder
- Purging the deleted itmes folder
- Using the SHIFT+DELETE key combination when deleting an item
By default, the operations listed above are retained for 14 days using the default settings. Exchange administrators can increase this to a maximum value of 30 days. Until the 30-day threshold transpires, users can recover items from this location.
Organizations who want to have a longer time period before the items are purged from the system permanently need to provision their own third-party backup solution to have further control over the longevity and restore points of their business-critical data.
3. Data loss resulting from ransomware
There is arguably no greater threat to business-critical data than ransomware. During 2020, ransomware attacks have surged 800%. Also, 73% of all ransomware attacks were successful. We saw high-profile ransomware attacks on companies, including Garmin, Carnival, and others. Ransomware is immensely successful for cybercriminals. They know that they have a high-likelihood of successfully extorting millions of dollars from large enterprise organizations who can’t afford the downtime on their business-critical systems.
New and very sophisticated modern ransomware is extremely cloud-aware and often targets critical data that exists in cloud SaaS environments. We often hear about how file storage is encrypted with ransomware. However, cloud email such as Exchange Online is not immune to the effects of ransomware. Kevin Mitnick, a famous hacker turned security consultant, demonstrated what he referred to as “Ransomcloud” that was able to effectively encrypt a user’s mailbox in real-time.
All the attacker needed the user to do was grant cloud SaaS OAuth permissions to the malicious application which is sent to the end-user via a phishing email.
Exchange Online is not a service contained in Office 365 that Microsoft even offers any kind of file/email versioning. Protecting your organization against these types of attacks is absolutely critical in a day in age where phishing emails are extremely sophisticated and difficult to recognize, even to trained eyes, and the prolific nature of ransomware.
Compliance and data migration
Another compelling reason to backup your Microsoft Exchange Online environment is compliance. Many organizations may be required to keep a certain length of data for audit and legal reasons. Having third-party backups of your data ensures that you are in control of the data retention for your organization and not reliant on the built-in means to do this within Microsoft Office 365.
Also, using third-party backups for data migration allows easily moving data between Office 365 Microsoft Exchange Online accounts. If another employee is taking over the role of a former employee, being able to move the emails from the old account to the new account means you can keep an extremely lean number of Office 365 user licenses and you are not having to keep these around simply for data access.
Backup Microsoft Exchange Online with NAKIVO
Starting in NAKIVO Backup & Replication v9.2, released in February 2020, NAKIVO has provided the ability to backup and restore Microsoft Office 365 Exchange Online. Each version since the v9.2 debut release for Office 365 backups has steadily added new and more powerful capabilities to protect your Office 365 environment. What functionality does NAKIVO provide with the latest release of NAKIVO Backup & Replication?
- v10.3 (beta, GA release imminent) – backup contacts and calendars
- v10.2 โ SharePoint Online Backup
- v10.1 โ Backup and recovery of Microsoft 365 OneDrive
- v9.4 โ Microsoft Office 365 (Exchange Online)
NAKIVO is aggressively adding great new features to round out the capabilities of NBR in regards to Microsoft Office 365 backup and restores.
Using the functionality NAKIVO provides for Microsoft Office 365 Exchange Online backups, organizations can effectively protect their business-critical email data residing in Microsoft Office 365 and ensure if they suffer from a catastrophic infrastructure failure, end-user mistake, or even ransomware attack, they can get their data back without issue.
Wrapping Up
In our post, 4 Reasons to Back Up Microsoft Exchange Online, we have covered four very important reasons that having a third-party backup of your Exchange Online data is the smart thing to do. It is never a good idea to simply rely on the built-in protections afforded in cloud SaaS environments. By having a third-party backup, you are in control of your data as it should be. You get to determine the retention of your data, not the vendor, and ultimately you have access to your data any time you want, even if the cloud environment is down.
Using NAKIVO Backup and Replication is a great way to ensure your Exchange Online data is protected. NAKIVO offers arguably one of the best, most cost-effective, Exchange Online backup solutions out there with great capabilities and features to protect your data. Check out NAKIVO below where you can download a fully-featured trial version for your lab environment.
Check out some of my previous NAKIVO posts here: