If You’re Not Backing Up Microsoft 365 and Google Workspace, You’re Not Delivering Business Continuity
The combination of rising ransomware attacks, remote workers, and a heavy reliance on collaboration tools like Microsoft 365 and Google Workspace has created a perfect storm for MSPs and a perfect scenario for hackers. MSPs are juggling the risks of limited retention, human error, and complete downtime while bad actors find open door after open door. Access to data from anywhere is vital for today’s hybrid work environments, but without third-party backups through comprehensive business continuity and disaster recovery (BCDR), MSPs and their SMB clients are in danger.
Table of Contents
How confident are you in your ability to recover lost or stolen data in Microsoft 365 and Google Workspace? This article highlights four features for uninterrupted business continuity that also provide rapid and reliable recovery. Consider these questions about your current solution before reading on…
- How long does it take to locate lost data and restore it for client access?
- What is the cost to clients for data storage, including overages and over-provisioning? How do those fees impact your relationship with clients?
- Are you able to meet long-term compliance requirements? If so, what does the management and technical time cost? If not, have you lost clients because of it?
- How do you recover if a client is hit by ransomware or accidental data deletion?
Business Continuity Requires Backups; You Can’t Have One Without The Other
While Microsoft 365 does provide business enablement tools for collaboration and data access anywhere – they do not provide data loss protection. Many assume that a brand like Microsoft includes safeguards against today’s most pressing cybersecurity issues, but it’s just not their thing. This fact is clearly stated in Section 6b of the Microsoft Services Agreement:
We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”
Microsoft 365 has a limited 14-day retention period for deleted data or 30 days with special configuration, but 56% of breaches go unnoticed for months. Even with accidental data deletion – a common problem within collaboration tools – businesses commonly go long periods before anyone realizes a critical file or folder is missing. Maybe an old employee’s account is deleted, someone decides to “clean up” shared folders or a clever phishing attack gives hackers internal system access. However it happens, human error remains the number one cause of data loss and requires proactive protection to ensure true business continuity.
Many MSPs have clients who use Google Workspace., and Google has known vulnerabilities. Google Drive can replicate rogue files already in a filesystem using Google’s Backup and Sync tool. In 2019, Google acknowledged a vulnerability in its Chrome OS “built-in security key” feature.
Around the same time, hackers were able to launch a phishing attack that used Google Drive and Google Docs to disguise emails and embed links containing malware, according to Forbes. In that case, the malicious actors were able to fool employees and bypass security measures configured to protect email.
In Google’s Terms of Service, it does not take liability for data loss:
The only commitments we make about our services (…) are (1) described in the Warranty section, (2) stated in the service-specific additional terms, or (3) provided under applicable laws. We don’t make any other commitments about our services.
Proactive protection for your clients must include backups of Microsoft 365 and Google Workspace data. Without those, you cannot promise clients that they will be able to keep their business running no matter what – and that’s your job as an MSP.
Do you think Microsoft and Google Backup Are Sufficient? Think Again.
Sure, Microsoft and Google do provide some of their own backup tools, but the whole reason third-party services are recommended is to avoid complete downtime. When an MSP allows a client to back up business-critical data to the same cloud where their data is stored, the MSP can’t deliver business continuity. At that point, it’s out of the hands of the MSP, and clients are relying solely on Microsoft or Google.
The problem here is that during infrastructure outages, backups go down too, which means business comes to a screeching halt. And if you think these cloud providers are too big to go down, or it never happens, listen to Microsoft’s own words, “all online services suffer occasional disruptions and outages.” Microsoft 365 has suffered a worldwide service outage that spanned over 9 hours, and Google was down for approximately 6 hours during one of their global outages. Can your clients afford to be without email, contacts, calendars, and work documents for hours at a time?
Data loss happens, even in the cloud and even to the biggest cloud providers out there, but with proper business continuity in place, businesses don’t have to suffer.
Backup, Search, Restore, and Audit with x360Cloud for Microsoft 365 and Google Workspace
Axcient x360Cloud gives MSPs and their clients the Microsoft 365 and Google Workspace backups necessary for uninterrupted business continuity – even during cloud outages. It can automatically discover, backup, audit, search, and restore critical data in Microsoft 365 (Exchange, Mail, Calendar, Contacts, OneDrive, and SharePoint) and Google Workspace (Gmail, Calendar, Contacts, Drive, Sites, and Shared Drives). Data is backed up to the encrypted, tamper-proof Axcient Cloud with access verified, logged, and protected through multi-factor authentication.
x360Cloud solution unique features
The comprehensive x360Cloud solution includes the following four unique features; built-in, always-on, and created specifically for MSPs and their SMB clients:
Search more than 100 million objects in less than 5 seconds – including email attachments, files, folders, document libraries, historical snapshots, version history, and throughout communications. MSPs can perform micro or macro-level restores with full-text search across data sources and multiple users, along with rich filtering capabilities. Single-click, point-in-time, or specific version restores are fast and secure to keep clients moving. Depending on the data loss scenario, infrastructure, or external requests, data can be exported in two different ways:
- Export to a folder to satisfy e-discovery requests
- Export immutable audit logs and granular backup reports for third-party auditing
#2: Pooled Storage and Longterm Retention
At Axcient, all partners get pooled storage for a flat fee. Our Fair Use Policy allows for ample storage for most use cases, and the data can be pooled. Also, partners can back up any volume of data (C drive, D drive, etc.), and there aren’t any data limit tiers or hidden caps. Data pooling is allowed and coupled with our flat-cost pricing per device or per server. It really is as simple as that without any surprises – something both MSPs and their clients love to hear.
We do it with our proprietary and patented Chain-Free technology that frees MSPs from legacy, chain-based backups. Data is stored in a native virtualized state with a pointer array algorithm, so each recovery point is independent. When corruption occurs, bad data blocks are isolated and independently deleted without risking the integrity of the backup dataset. Previous backups can be recovered without disrupting new incremental backups or the data post-corruption.
We created our Chain-Free technology specifically for MSPs to simplify backup management and lower recurring overhead costs by removing a lot of unnecessary fluff…
- No data loss
- No data bloat
- No wasting time or storage with new chains
- No reseeding
- No cost overages or fees
- No large storage space requirements
- No over-provisioning “just in case”
#3: Certification and Compliance
Chain-free technology also helps MSPs ensure long-term compliance for clients in highly regulated industries like healthcare, government, and legal and financial services. No chains means no time constraints on how long you can back up data. MSPs can easily meet three, five, seven, or even 10-year retention periods. Even if some backups are lost due to corruption, no data is lost because each Chain-Free backup is independent of other backups. Corrupt pieces can be isolated without affecting any other backups.
As additional layers of security, and in order for MSPs to satisfy the compliance needs of clients in specific verticals, Axcient is SOC 2 certified, and x360Cloud can help organizations meet requirements for the following regulations:
- The Health Insurance Portability and Accountability Act (HIPAA)
- The Federal Information Security Management Act (FISMA)
- The Financial Industry Regulatory Authority (FINRA)
- The General Data Protection Regulation (GDPR)
This anti-data loss technology separates data deletion requests from the actual mechanics of deletion. So even when data has been deleted – whether by accident or by bad actors in a ransomware attack – there is a saved and protected snapshot of your data that can be restored from a protected archive. Time gaps between when deletion requests are created, verified, and executed give MSPs time to detect and stop malicious activity. “Honeypots,” or fake signals, give hackers the illusion that they’ve successfully deleted data – so they stop pursuing corruption – but in reality, the data is stored in an isolated archive.
Additional layers of security include the following:
- Human factor controls limit the number of authorized individuals who can create deletion requests within the Axcient organization. This group of individuals is separated from another authorized group of individuals who are responsible for actually fulfilling deletion requests.
- Human two-factor authorization is required through audible confirmation to verify deletion requests. So if a hacker attempts to delete data – and phone, email, and support systems are compromised – the deletion request won’t be processed without audible approval.
- Third-party testing by independent security management companies, FRSecure and Core Security, proves that data backed up in AirGap cannot be deleted.
Are You Ready to See x360Cloud?
See how x360Cloud and Chain-Free technology compares to your current Microsoft 365 and Google Workspace Backup. It might be time for a change.
More Great Stuff From Our Blog:
Check out Part One of our Sales and Marketing Quick Guide for MSPs: Lunch and Learns, Learn how DRaaS Opens New Opportunities for Managed Services Providers, get the skinny on how Axcient supports partners with No-cost Onboarding and Ongoing Training, we dove into how chain-based backup works and why chain-free is the way to be, we talked with Jason Phelps from Huntress Labs about planning for the next ransomware attack, why the current cybersecurity landscape means traditional backup is dead, or learn how you can ditch pricey on-site appliances with Local Cache for Direct-to-Cloud BCDR.
About the Author:
Carissa Johnson // Product Marketing Manager, Axcient
Carissa Kohn-Johnson has a background in behavioral and physical healthcare technology and information technology and currently works as the Product Marketing Manager for Axcient. She has a lot of MSP Channel experience from planning and attending hundreds of conferences and tradeshows, and found her passion in technology, and working with MSPs in particular. Connect with her on LinkedIn – perhaps you can contribute to the Axcient blog?