Ah, the Cloud, looked upon fondly by many who won’t miss the maintenance and cost of on-premises hardware. Cloud services opened opportunities for more organizations of smaller sizes to use powerful tools and collaborate more efficiently – things that were further from their reach before.
Take Office 365, for example. Before, you would have to run an Exchange server on-premises and license Office for all users. Now, you can use Exchange Online, available through Office 365, with one simple recurring license per user. You can ditch that Exchange server all together. All your worries are gone! … Right?
No, just because you’re moving data and functions to the cloud doesn’t mean you no longer have to worry about protection. Sorry.
The Cloud is beholden to you to stay up and functioning according to the SLAs they set in their agreements with you, but the Cloud isn’t beholden to you to protect your data from attack or to back it up. In a very-challenging-to-find document, Microsoft says this:
Customer Data. You are solely responsible for the content of all Customer Data. You will secure and maintain all rights in Customer Data necessary for us to provide the Online Services to you without violating the rights of any third party or otherwise obligating Microsoft to you or to any third party. Microsoft does not and will not assume any obligations with respect to Customer Data or to your use of the Prod
Keep Up Your Security Game: Spam Filters, Antivirus
Office 365 has a built-in spam filter, true. And it’s been getting better, I’ll give it that. However, it’s still not there. Spam threats out there are still very prevalent; email is a very common way to get malware into your environment. Find a spam filtering product that stays up to date with these threats. Back that up with a good antivirus that will watch for anything your spam filter might (God forbid) miss.
Set Retention Policies
The default Office 365 setup is to keep copies of deleted information (email, calendar, contacts, One Drive) for 30 days. This can be extended to 60 days by using custom scripting.
Go through and set those to your liking ASAP, because that might stand between you and data loss. No one is immune to things like corruption (it’s rare, but it happens) or making simple mistakes. We recently had a dear client experience significant pain when the company’s president accidentally permanently deleted his entire Exchange Online mailbox. They didn’t have retention policies set and they didn’t have a backup. Those emails are gone for good. And that brings me to …
Find a Backup Program to Protect Your Data
Office 365 in particular could contain a lot of your organization’s critical data: email, documents, collaboration groups, etc., depending on how much of those tools you use.
There are several different programs out there you can get that charge you a monthly per-user fee that will back up your email, online storage and collaboration documents. It is your responsibility to back these up – Microsoft won’t.