Learn why they might be exposed and how to fix it.
According to some estimates, over 1 million companies use Microsoft 365 (M365). Because they’re working with a trusted brand, businesses often think their data stored on the platform is protected by Microsoft, but that is not the case – Microsoft doesn’t natively back up users’ M365 data. Under its shared responsibility model of cloud security, users are responsible for securing their data.
Unless these companies have invested in a backup and recovery solution specific to M365, they are unprotected. Microsoft’s terms of service even recommend using a third-party backup service to protect any data stored in Outlook Online, SharePoint, OneDrive, and Teams.
The combination of the platform’s widespread use and its well-known security deficiencies means that organizations using the M365 tools are vulnerable to various attacks. MSPs must support these clients with backup and recovery solutions for the entire Microsoft 365 suite.
What are your SMB clients using for backup and data retention controls?
For MSPs, it’s crucial to find out what SMB clients are using to protect their M365 data – their answer could provide an excellent opportunity to offer data protection tools and services.
MSPs can also educate clients about the need for robust data backup and recovery that can reduce business disruption after a server failure or network breach. Companies need solid backup solutions so they can access older data to meet compliance auditing requirements in many industries. Microsoft’s data retention controls and archive add-ons are insufficient for these purposes, too.
Emphasizing the business benefits of backup and recovery is critical. The security stack features are interesting, but clients also want to be able to conduct their business with minimal disruption. Data access is vital for business continuity, and MSPs can help clients meet their business goals by keeping it safe.
For MSPs to provide that protection, a robust backup and recovery solution is needed that covers the full suite of M365 tools, such as Teams, OneDrive, SharePoint, Exchange Online, and Power Apps.
MSPs should offer a system that meets the following criteria:
- Provides comprehensive protection for all applications, data, and systems
- It is easy to use, configure, and maintain
- Provides extensive M365 support
- Offers unlimited backup
- Provides a fast, user-friendly data restoration process with enough granularity to recover single files or emails
- Provides backup for SaaS applications
- Offers sufficient encryption to protect all data across the platform
- Prepares transparent reporting
The Barracuda Cloud-to-Cloud Backup platform offers this type of unlimited backup for Microsoft 365 data. However, a security tool or system must also be coupled with best practices for both the client and the MSP to provide comprehensive protection. These MSP best practices include
- Backup data regularly to reduce disruptions during an incident.
- Understand clients’ regulatory compliance needs regarding data protection and storage.
- Help customers regularly test their backup and recovery systems, ensuring users are trained on the system and know their roles in the process.
With the right security tools, MSPs can secure data for existing clients and open new opportunities to provide backup and recovery for new SMB clients who may not realize how exposed their Microsoft 365 data is. By initiating conversations about the need for backup and providing an easy-to-use tool to help them recover data quickly, MSPs can address a real client pain point while also growing their business.
Chris Crellin is senior director of product management for Barracuda MSP, a provider of security and data protection solutions for MSPs. He is responsible for leading product strategy and management.