Office 365 is perhaps the best-known software-as-a-service platform I see in organisations today and often the first step for those wanting to take advantage of the flexibility of public cloud.
Many who have moved email, document libraries and communications into Microsoft’s “mega” platform, have done so making assumptions about what Microsoft does and doesn’t do. But the biggest assumption trap I’ve seen people succumb to concerns data protection.
In my experience many who have moved to Office365 have assumed Microsoft is “backing up” and protecting their critical data assets. While Microsoft does offers some data protection, they are not responsible for the protection of your data and certainly are not protecting it from deletion, be it accidental or malicious.
So, if Microsoft isn’t responsible for it, who is? The answer of course is us, me and you, we are responsible for OUR data when it resides within the Office365 service.
How do we protect?
It seems that fundamentally there are two ways to solve the 365 data protection challenge. You can either take a service, or you can do it yourself.
To illustrate these two approaches, I’ve selected Office365 data protection solutions from NetApp and Veeam both offering ways of protecting your data independently of the Microsoft service.
To be clear, I’m not suggesting these are the only two vendors protecting Office 365. There are a wide range of offerings in this space today, but having worked with both recently I thought they provided good illustrations of the alternative approaches.
The aim here is not to prove one approach is better than the other but to discuss why you may wish to use one or the other. As with all IT solution design, there should not be a dogmatic right or wrong. There should just be the right solution, based on your own criteria, to solve the problem.
Do It Yourself
Veeam’s approach is to build your own infrastructure. In their case this consists of a server infrastructure and backup repository.
The “do-it-yourself” approach provides great flexibility. I can house my infrastructure anywhere I like, on-prem, in a co-lo, or even in the public cloud. I can deliver the exact protection policy I want, how often I run protection jobs, how many copies I keep, and how long I retain my data are all completely in my control.
This flexibility and ability to customise in some cases can be crucial. For example, if data sovereignty is a major issue, then having the ability to house both your infrastructure and data repository exactly where you want it is a key part of your protection planning.
Or perhaps you have a hybrid Exchange infrastructure, some mailboxes in 365, some on-prem. There a solution like Veeam’s, which can protect on-prem and cloud workloads with the same solution, is a route you may want to consider.
With this great flexibility comes greater responsibility. The infrastructure is yours to manage and maintain, patch and secure. It’s down to you to size correctly and ensure you leave yourself with the option to scale as needed, it’s also down to you to make sure your setup works and that your data is protected appropriately and maintains it integrity.
None of this work is trivial and should be considered when looking at your service overheads.
As a Service
Building it yourself isn’t the only option. The alternative is to subscribe to a service. In this case I looked at NetApp’s Cloud Control for Office 365 solution.
Built within Amazon’s AWS platform, there is no infrastructure to worry about. Point the service at your 365 deployment and we are good to go.
Decide what parts of the 365 subscription to protect, select a storage repository (some flexibility here with Amazon S3, Azure BLOB or your own NetApp Storage Grid object store) and within 30 minutes you are protecting your crucial data.
From there it’s simple, the service runs, the challenges of patching, performance, scale and availability are all taken out of our hands keeping the management overhead low.
However, with this simplification comes a loss of flexibility. No on-prem Exchange protection, little control over when my backups run and limitations in retention periods, and of course (unless we have on-prem storage) exactly where my data backups are held.
How to decide?
In the end, when protecting Office365 the decision on which approach to take is probably dictated by flexibility.
It’s not about whether one approach is better than the other, it’s about what is the most suitable to meet your needs.
The key is that protecting your data in Office 365 is crucial, it’s important to understand the limitations of what Microsoft do for you already and what gap that leaves in your organisations data protection policies, then find the best way to address that gap.
To summarise I’ve listed some of the key benefits of each approach:
|Do It Yourself||As A Service|
|Flexibility||Planning||Simplicity||Lack of control|
|Control||Management Overhead||Lower Management Overhead||Inability to customise|
|Customisation||Responsibility||Ease of Deployment||Cloud only workloads|
|Protect Hybrid Deployments||Data Sovereignty|
I’ve discussed solutions from Veeam and NetApp in this article, not because these are the only solutions to the problem, but I think they are both good exponents of the differing approaches. However, even within these approaches there are deployment nuances and that’s before you begin to consider all of the other providers of solutions to the problem.
The important thing is to ensure that you protect your Office 365 data, as it is YOUR responsibility and ensuring you meet your organizations data protection demands. Taking a service or doing it yourself, all that matters is you do it, happy protecting!
I understand that O365 has certain data protection capabilities built in…do you know how long data is protected before it gets wiped?
That’s a good question Patrick and the answer is, it’s a bit of a moving feast!
For example earlier this year Microsoft announced OneDrive for business file restore (https://techcommunity.microsoft.com/t5/OneDrive-Blog/Announcing-New-OneDrive-for-Business-feature-Files-Restore/ba-p/147436) a rolling 30 day restore capability.
We also have recycling bins, long term archives, file retention policies etc.
All of which are configurable and offer you varying levels of protection from deletion and data loss.
If the capabilities on those options are suitable for your needs, then they will be fine.
All worth an explore, then take a look to see if there is a gap between what you need and what Microsoft offer and work from there.
Thanks for commenting.
Just as a side note, Cloud Control, (Now called SaaS Backup) can do on prem storage , which allows for customisation and data sovereignty.
Thanks Matt, especially for the new name check! – can’t keep up!!
I do touch on the local storage option for cloud control (oops I mean SaaS backup) within the post, however it is only limited to StorageGrid Webscale as your local repository, so although possible, not quite flexible enough for many, but quite right, it is possible.
Thanks for commenting.