Every once in a while, when I speak to organisations about their cloud backup strategy, I get blank stares. “Is a backup solution even needed in the cloud? Doesn’t Office 365 and our other SaaS (software-as-a-service) vendors backup our data for us?”
It’s not that leveraging a third-party backup solution is the answer for every organisation, but every organisation does need to create a backup strategy and compare to their SaaS vendors to determine if any gaps exist.
Even SaaS providers explicitly state that protecting data is the customer’s responsibility. Microsoft Office 365 has some of the best data protection available, but it's designed as a base layer of coverage.
For example, they are very clear that their native backup protection extends to files deleted less than 93 days ago. Restoring files deleted for longer than that is just one example of an area organisations may want to consider protecting themselves.
When it comes to Office 365 backup, you need a solution that works for your assets and aligns with your service-level agreements (SLA).
Here are four data protection components for a smart cloud backup strategy that will ensure a smooth continuation of business operations across virtually all scenarios:
1. Create Office 365 data recovery standards
Building an effective backup to Office 365’s data protection starts with addressing two main factors: Recovery Point Objective (RPO) and Recovery Time Objective (RTO). Understanding your organisation’s goals for each of these categories allows you to work backward, crafting a data recovery solution that’s built around your needs.
Your RPO is the widest time frame in which data can be restored from a backup. Setting this range affects how often your content is backed up and determines your ability to recover certain items. A well-communicated RPO allows your organisation to prepare for backups and draws a clear line of recoverable information, helping fend off requests you can’t fulfil. When crafting or polishing your company’s RPO, consider:
- Timeliness: You back up endless streams of information, but not all of it has equal significance. Classify data in tiers based on importance, ensuring that business-critical documents and content can be restored to the most updated moment possible. All of your data remains protected, but organising it in this way shifts priority to areas that help you resume regular operations more quickly.
- Granularity: If you need one individual document restored, you shouldn’t have to worry about unearthing large swaths of similar information. Along with frequency, consider how granular your backups need to be in order to maintain normal business functions. Planning for these situations saves you trouble and time later on.
In addition to the level of information recovered, the RTO, or expected duration for restoring content, forms an important part of data protection plans. Outlining how long it will take to regain access to content helps pinpoint recovery points and better organise your data. When you establish data tiers, you are able to promise users that important data will be safe within a set time frame.
When paired with the RPO, your RTO influences specific service-level agreements for content. While defining these parameters, think about factors like the importance of the information you’re backing up, how soon business users will need content restored and how much data can be restored within a certain amount of time.
2. Get familiar with Office 365’s built-in protections
If you don’t know the extent of Office 365’s native data protection capabilities, you will encounter difficulty finding ways to fill in its coverage gaps.
Although you should do a deeper dive into the system, the gist is this: Microsoft’s recovery functionality is not unlimited. Your content will survive 93 days in the recycle bin or 14 days in Microsoft-owned backups, but longer-term recovery efforts require a third-party backup solution.
Microsoft also restores content at the site-collection level as an in-place restoration, effectively erasing any updates or additions you’ve made since the last backup. This tight window may not match with your RPO, necessitating other backup options.
Microsoft’s timeframe for restoring content is 48 hours, which may (or may not) be an acceptable SLA for your organisation. Plus, changes made since the last RPO will be lost, causing further delays in resuming operations. These scenarios aren’t far-fetched, and without a backup plan, they could place a significant burden on your users and organisation.
3. Find solutions to Office 365’s shortcomings
If you’ve researched Office 365’s native capabilities and found disparities with the RPOs and RTOs you set for your organisation, you should move forward with a plan to fill these gaps. As you weigh third-party data protection options, factor in these features:
- Recovery speed: Find a solution that enables you to restore user content within a short time frame. When recovery takes too long, business gets bogged down and attention zeroes in on your job. As an administrator, you can avoid the hot seat by increasing your capability to restore content on-demand and in accordance with the timeline promised in SLAs.
- Content fidelity: To what level does your content need to be restored? For example, in some situations, you may need data restored not just to its original location, but with its version history and metadata intact. The restoration should also work within your data classification system.
When developing an Office 365 data protection plan, granularity should be a top priority. Your plan should be set up to restore content without large disruptions to business procedures, and with a primary focus on granular recovery of business-critical information. Incorporate your data tiers into SLAs so everyone knows what to expect — and IT teams have breathing room — during potential catastrophic system failures.
4. Check all the data-recovery boxes
Being fully aware of SharePoint’s strengths and limitations lets you establish a data protection plan that is practical and tailored to your organisation’s operations. To successfully prepare for a data-loss situation (and avoid a flood of concerned emails directed at the IT department), ensure your restoration strategy includes:
- Well-defined data tiers, based on sensitivity and business importance
- Accurate service-level agreements covering the speed, scale and methods of content restoration
- Clear Recovery Point Objective and Recovery Time Objective
- Solutions for gaps in the native backup, including individual item restoration and long-term backups
By being proactive, you can counter potential data-protection issues before they even occur, reassuring your organisation that you will be prepared and secure in the event of temporary data losses.
Antoine Snow, solutions engineer, AvePoint