Many businesses today are migrating to cloud Software-as-a-Service (SaaS) solutions. Microsoft Office 365/Microsoft 365 is an extremely popular solution in the enterprise as it provides businesses with the tools needed to empower today’s hybrid workforce. In addition, the aggressive move of data and services to cloud SaaS has shed light on the potential for data loss as many organizations transition to the cloud without a data protection solution in place. Is data protection in the cloud needed?
The importance of Office 365 data protection
As many companies migrate their data to the cloud, they assume their data is protected from data loss due to reasons often seen on-premises. Many even feel they don’t need to protect their data in the cloud as this is an unnecessary extra cost incurred. However, this mindset is often fueled by misinformation, leading to misplaced confidence in data resiliency of data housed in cloud environments, including Microsoft Office 365.
Data loss in the cloud can result from many of the same reasons as data loss in on-premises environments. In addition, cloud providers like Microsoft operate cloud SaaS environments using a “shared responsibility model” that places the burden of protecting your data in the cloud SaaS environment on the customer.
Shared Responsibility Model
As mentioned, today’s cloud service providers operate using a shared responsibility model. Basically, it means the cloud service provider handles certain items related to securing your data, and the customer is responsible for other tasks related to securing their data. It creates a “division of responsibility” that must be given attention to as organizations move resources into cloud environments.
Below is an infographic shared by Microsoft detailing Microsoft’s responsibilities and the customer’s responsibilities for securing and protecting their data. As you can see below, the customer is responsible for:
- Information and data
- Devices (Mobile and PCs)
- Accounts and identities
- Identity and directory infrastructure (mixed responsibility)
Specifically, as noted, the customer is responsible for Information and data. It means that while Microsoft does its due diligence to ensure the infrastructure and all supporting physical components of their data centers are protected, the burden of protecting and securing the data falls to the customer.
Microsoft further explicitly details the following:
Regardless of the type of deployment, the following responsibilities are always retained by you:
- Data
- Endpoints
- Account
- Access management
When it comes to your data responsibility, it by default includes backing up your data so that if all else fails, you can recover business-critical data from backup. Understanding the shared responsibility model for your data helps to emphasize the importance of data protection (data backups). What are the primary threats to your data in the Microsoft Office 365 Software-as-a-Service (SaaS) environment? Let’s consider the following:
- Data loss resulting from end-users
- Ransomware
- Cloud outages
1. Data loss resulting from end-users
It may seem unlikely that data loss in the cloud could result from end-user activities. However, it is still the leading cause of data loss and data breach events across the board in on-premises and cloud environments. Ultimately, humans make mistakes. Mistakes can cost organizations dearly if not considered in a disaster recovery strategy. Even in cloud environments, end-users can still accidentally delete files, take SharePoint sites offline, and accidentally bulk-delete cloud email messages.
Many of the same end-user activities that lead to data loss on-premises still happen in the cloud. These include deleting the wrong files, mistakenly saving files with updated data, or permanently deleting email. While Microsoft Office 365 does have a few protections in place, such as file versioning, and the ability to recover deleted emails for a time, businesses still need to account for the scenarios where the built-in mechanisms won’t help.
In addition, there are age limits on the amount of time Microsoft keeps deleted items and file versions that may not align with the retention policies needed by organizations storing and using data in the cloud. Businesses must protect their Office 365 data with enterprise backups to ensure data is recoverable, no matter the data loss circumstances.
2. Ransomware
Ransomware attacks are growing in sophistication and frequency. It seems there is news of a new ransomware attack on the news each week. In addition, cybercriminals are increasingly using ransomware to quickly get payouts from victim organizations.
New trends are leading to the proliferation of ransomware attacks worldwide. These include Ransomware-as-a-Service and Initial Access Brokers (IABs). Historically, carrying out a ransomware attack was a sophisticated effort. First, attackers had to infiltrate the victim organization, perform reconnaissance, and carry out the ransomware attack. In addition, details regarding collecting payment and other logistics had to be organized by the cybercriminals.
However, ransomware groups operate Ransomware-as-a-Service offerings on the dark web that make carry out sophisticated attacks available to the masses. Therefore, even if an attacker does not have the skill needed to develop and carry out a ransomware attack on their own, they can use the RaaS offerings and successfully attack even large organizations.
In addition to RaaS offerings, Initial Access Brokers (IABs) perform the heavy lifting of harvesting credentials and other details needed to infiltrate victim organization networks. High-level credentials can be purchased cheaply from IABs on the dark web, and these can be used in conjunction with RaaS to carry out an attack.
Are cloud SaaS environments like Microsoft Office 365 immune to ransomware attacks? Unfortunately, no. Ransomware attacks can infect cloud SaaS environments using new attacks that compromise OAuth authorization tokens using malicious third-party cloud applications or browser plugins. In addition, phishing attacks and other credential harvesting attacks target accounts without two-factor authentication to infiltrate cloud SaaS environments.
Hacker turned cybersecurity expert Kevin Mitnick demonstrated how easy it is for ransomware to infect cloud services like Microsoft cloud email. In a detailed video, he demonstrated how an attacker could use a sophisticated phishing email to coax an end-user to grant access to a malicious cloud application containing ransomware. The ransomware can then encrypt cloud emails in real-time.
Ransomware is a dangerous threat, even to cloud SaaS environments. Therefore, organizations must have good backups of their data to deal with the potential damage inflicted by a large-scale ransomware attack of cloud data.
3. Cloud outages
Even though it may seem impossible for hyperscale cloud environments with multiple levels of resiliency to go down, they do. For example, on December 7th, 2021, AWS experienced a significant and prolonged outage incident that caused widespread disruption across the Internet, taking down major online services in its wake. Google and Microsoft have also had their fair share of outage events, lasting many hours.
Can customer data be lost when cloud outages occur? Yes, it can. A notable outage of AWS over Memorial Day weekend in 2019 led to around 1 TB of unrecoverable customer data. Again, while cloud service providers have untold resiliency built into their infrastructure, outages still occur and can lead to data loss.
In some instances, as in the Memorial Day event with AWS, recovering data from backups is the only option to recover business-critical data.
Vembu Office 365 data protection
Using an enterprise backup solution allows customers to protect data outside of the protective mechanisms in place from the cloud service provider side. As noted, the shared responsibility model dictates that safeguarding your data is ultimately your responsibility.
Proper data protection relies on having the tools and solutions to capture critical backups of your business-critical data. Vembu Backup for Microsoft 365 and Vembu Cloud Backup for Microsoft 365 provide secure backup and recovery solutions for Microsoft Office 365/Microsoft 365 environments.
Using Vembu Microsoft 365 backup solutions, customers have the following capabilities:
- Exchange Online Backup – Backup your entire Exchange Online domain. You can backup data to your on-premises Vembu backup repository or in the Vembu Cloud
- OneDrive for Business Backup – Backup all documents, including text documents, spreadsheets, presentations, photos, PDFs, and other file types
- SharePoint Online Sites Backup – You can backup your SharePoint Online data. This includes Sites, Libraries, and folder/items
- Contacts and Calendar Backup – Backup your contacts and calendar items from Exchange Online
- Teams Backup – You can backup Channels, Libraries, and Folder/items from Teams
- Group/Shared Mailbox Backup – Do you have a group/shared mailbox? You can backup shared/group mailboxes, including group conversations, and group OneDrive & calendars
- Secure Data Transfer – Transfer your data securely using AES 265-bit encryption
- Ability to view and export individual email items – Granular access to email items for viewing and recovery
- Anywhere anytime access – Access your backups from anywhere using the Vembu Cloud
Using Vembu Microsoft Office 365 backup solutions, organizations can protect their business-critical data from the evolving threats to cloud SaaS data from the likes of end-users, ransomware, and cloud outages. Vembu provides a robust solution providing businesses with the tools needed to protect critical data from data loss due to these threats and others.
Learn more about the Vembu Microsoft 365 backup solution here: Microsoft Office 365 Backup and Recovery
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.