Microsoft 365 has become an essential tool for many Australian organisations. The ability for teams to stay productive, communicate and serve stakeholders from wherever they are working has been transformative.
As the productivity tools within the Microsoft 365 subscription are used more and more extensively, significant stores of data are retained within the software:
Many organisations assume that data is backed up and secured by Microsoft.
That’s not the case.
Microsoft commits to manage the integrity of their software and services and provides some retention capability. However, as the Microsoft Shared Responsibility model makes clear, responsibility for backing up your files remains with you.
The Essential Eight a series of 8 cyber security risk mitigation strategies. They have been developed by the Australian Cyber Security Centre to help government agencies develop and implement their cyber security strategies.
Strategy number eight of the Essential Eight addresses strategies to ensure information can be accessed following a cyber security incident:
The “Eight” are currently recommended for all non-corporate Commonwealth entities, but the is now recommending that the Eight be mandated.
The mandating of the Essential Eight across government means agencies now need to implement a solution to backup and protect the data generated and stored through their Microsoft 365 subscription.
The Essential Eight requires daily backups, stored offsite of all new/changed data.
An employee with the right credentials could permanently delete user profiles and associated data, entire SharePoint sites and wholesale OneDrive storage.
Many organisations are subject to data retention regulations that Microsoft 365 has not been designed to accommodate.
Microsoft’s software will usually retain deleted data – for instance in the recycle bin – but this is time limited, and once the time limit expires the data is gone.
Without a centralised backup of your Microsoft 365 data, it is very difficult to ensure all user data from all apps is consistently retained.
The ability to discover specific chats, emails, or documents when required – even for users who have left your organisation – is problematic without reliable and comprehensive data backups.
Once you are ready to implement a data backup strategy for Microsoft 365, the next question is where to store the data backups. The Essential Eight states that the data must be stored offsite, which is best practice.
AUCloud Is independently assessed to the PROTECTED level controls of the Australian Signal’s Directorate (ASD) Information Security Manual (ISM). Their Backup for Microsoft 365 solution ensures that your backed-up data is stored offsite in a Certified Strategic Data Centre.