Your files are in the cloud, so they’re safe, right? There are many persistent misconceptions about the public cloud. Let there be no doubt: you also need backups of files you store in Microsoft 365 in case something goes wrong.
Many organizations rely on Microsoft 365. Microsoft’s cloud suite not only gives you access to familiar applications like Word, Excel, and the (over)zealous AI assistant Copilot, but also provides peace of mind that your files are in a safe place. But is that really the case?
There are still many persistent misconceptions about the public cloud. The public cloud has gained a reputation as a secure vault for your data and files. This is partly justified, as providers like Microsoft invest in physical and digital security of their data centers. However, this gives users a false sense that the basic rules of security no longer apply in the cloud.
Making backups, for example, is sometimes too easily forgotten. If files are in the cloud, they’re safe, right? Until something goes wrong and you don’t have a backup. We’ll explain in this article why you should also make backups of files you store with Microsoft, because Microsoft won’t do it for you.
read also
Create Backups of 365 Files, Because Microsoft Won’t Do It for You
Is Microsoft 365 Safe?
Subscribing to a 365 subscription entitles you to 1 TB of storage space per connected user on Microsoft’s cloud servers. This limit is the same for private and business users. Those who use Microsoft’s services without paying only get 15 GB of cloud storage. OneDrive and SharePoint are the well-known storage tools for the 365 ecosystem.
Are OneDrive and SharePoint safe vaults for your files? Microsoft 365 storage provides built-in system-level security, as this support page describes in detail. For example, OneDrive encrypts files both at rest and in transit. OneDrive also contains built-in monitoring tools to detect suspicious activity on your account.
Shared Responsibility
Microsoft 365 is a reliable solution, but Microsoft doesn’t do everything for you. It uses a ‘shared responsibility’ principle when it comes to security. A crucial principle of Microsoft 365 is that the user owns their data. This is stated in black and white in the terms of service under the chapter Your Content. Microsoft may not access your files without permission, but the ultimate responsibility for securing those files lies with you.
Microsoft provides the tools to secure your files, such as MFA or creating locked folders, but it’s up to you to use them. Think of Microsoft 365 like a safe: if you leave the key lying around, even the strongest safe can’t protect your valuable possessions.
The same applies to backups. Microsoft says it makes a replication of your files to a second data center, but that’s only to guarantee availability. That replica, unlike the original version, is not yours. A lost file cannot be recovered with it. In other words, it’s not a full-fledged backup.
Ninety Days
No matter how well Microsoft claims to have its affairs in order, no cloud provider can offer a hundred percent guarantee. A fire or water damage in a data center or a cyberattack on the provider are just a few emergencies that can affect your files. By replicating your files, Microsoft reduces the risk of disaster on its end.
The chance is perhaps greater that the cause of data loss occurs on the user side. A poorly secured Microsoft 365 environment offers intruders free access to your files. In this situation, Microsoft washes its hands in innocence. It doesn’t have to be a dramatic scenario; even canceling or expiring your subscription can result in data loss.
Fortunately, Microsoft isn’t the worst, and you won’t normally lose your files from one moment to the next. The most recent version of your files is kept for up to thirty days, as long as your available storage space isn’t full, giving you a chance to restore a file that was accidentally or maliciously deleted. Even after your subscription expires, there’s a transition period of ninety days before your files depart to the eternal digital hunting grounds.
3-2-1
To make a long story short: back up your files, even if they’re in Microsoft’s cloud or that of another provider. Microsoft’s cloud is well-secured, but as an end-user, you are responsible for making backups. The 3-2-1 rule for backups is no less relevant in the cloud.
It never hurts to refresh the rule. Those who strictly follow the 3-2-1 rule have at least three versions (a primary version and two for editing), on at least two different media, of which one is external. Microsoft 365 is one possible (external) medium in this formula, but to be protected against all possible forms of calamity, it’s best to keep another version of your files on your PC and on other physical or digital media as a backup.