The assumption that just because your data is in the cloud it’s not at risk is no longer the reality for organizations using SaaS applications. And, especially so with Office 365.

It’s probably safe to assume that your organization has some portion of operations in the cloud. Some of that is likely in the form of cloud-based applications hosted and managed by a 3rd party. The largest use case today is Office 365. With well over 150 million active users,  Office 365 is a staple for most organizations.

But there’s one problem.

The data in Office 365 is yours to protect. Microsoft is clear that they see any of your data stored in their cloud applications as being your responsibility. And, because Office 365 plays a critical role in your organization’s daily operations, you need the data you rely upon in Office 365 to be accurate and current.

So, here are three ways the data in Office 365 is at risk:

  1. Deletion – Sure, Microsoft has deleted item retention in place, and legal holds can assist as well. But should deletions exceed retention times, and not be part of legal hold (as the majority of data won’t for most organizations), Microsoft doesn’t backup your data. Archive mailboxes could help here, but you’d need to have the archive in place for just the right user well ahead of the deletion.
  2. Threats – Office 365 is a target for many cybercriminal organizations. There are countless stories of phishing campaigns designed to spoof an Office 365 logon intent on stealing credentials. Data deletion and manipulation are a possibility. It’s also been demonstrated that even Office 365 can be held for ransom.
  3. Legal – There are a number of possible requirements your HR and legal teams want met with any and data stored within Office 365. Retention, archive, and eDiscovery requirements can all have implications on the availability, accessibility, and accuracy of Office 365 data.

Avoiding the Risk

As previously mentioned, Microsoft does have some capabilities to assist, but the number one way of ensuring you have viable copies of your data – regardless of whether it’s in the cloud or on-prem – is to have your own backups of it.

Organizations serious about protecting their Office 365 data need to be looking at an ability to proactively backup this critical data with an ability to recover it back into Office 365, to an on-prem environment, or simply to files.

The data in Office 365 is yours and yours alone to protect. The same risks that can occur if it were on-prem still apply to the data when it’s in Office 365.  Having a plan to protect this operationally critical data set needs to be as much a priority as any other on-prem.

To find out more about why and how to backup Office 365, read the third chapter in the eBook, Optimizing Cloud-Based Backup and Disaster Recovery[.