Your SharePoint Online data is at risk, despite Microsoft being secure, reliable, and providing a robust uptime SLA.
Microsoft protects against data loss due to infrastructure failures or malicious actions on their side, however, Microsoft cannot adequately protect you against human error or malicious acts on your side. [Read Part 1 and Part 2 of this series for more background.]
The same risks for data loss due to accidental or malicious deletions apply to SharePoint Online content associated in Sites, OneDrive, Groups, and Teams. The native protections Microsoft offers don’t meet the need for fast, accurate recovery in those scenarios, as you’ll learn in part 3 of our Office 365 Data Protection series.
SharePoint Default Retention Times
As we saw in Part 1, folders for email default retention times can be perilously short. Likewise in SharePoint Online, OneDrive and other services that rely on SharePoint as a file store, the length of time that a deleted item is retained can vary based on several factors, but is never longer than 93 days.
When an item is deleted in SharePoint Online it is retained in the first stage recycle bin for 30 days. After 30 days, or after a user deletes the item from the first stage recycle bin, it moves to the Site Collection Recycle Bin where it sits for no more than 63 more days for a total of 93 days. If the user has the rights, they can also purge the item from the Second Stage Recycle bin effectively permanently deleting the item before the 93 days has elapsed.
Online Litigation Hold and In-Place Hold
eDiscovery and Litigation holds for data recovery are not the best approach. (Further, In-Place Hold is not currently available for Office 365.) Remember that litigation holds are part of a larger compliance policy and legal retention strategy for the enterprise. Litigation Hold is a business process. The business, with input from the legal team, should define the policy for legal holds.
If every item in a Site Collection is on hold, retention policies will not work on the schedules defined by the business. This could add new risks, because content that should have been destroyed on schedule will be discoverable in legal proceedings. Even if you use these features to preserve your organization’s data, it’s unlikely you’ll be able to rapidly and efficiently restore your data, which is the entire point of having a solid backup AND restore solution.
Use the Right Tool
Backup software for SharePoint Online meets different use cases than Litigation Hold or archive software. Backup software automatically makes a copy of SharePoint data and ensures it’s available so data can be rapidly returned to production in the event of data loss. Litigation Hold is a business process, and using it broadly or improperly for your Site Collections will add legal risk. Archive software provides long-term data retention for data that is no longer actively used.
When planning to rapidly recover from data loss due to accident or malicious acts, SharePoint admins should choose the right tool for the job — third-party backup and recovery software. The advantages are:
- Backup data is stored in a different, secure location. Although Microsoft’s own data storage is secure, it’s a best practice to distribute risk by distributing the physical location of data stored in a backup. Ideally, the solution will ensure that data is protected at rest with 256-bit AES object-level encryption and in transit is with Secure Socket Layer (SSL) encryption.
- Recovery is fast and easy. Compared to In-Place and Litigation Hold data recovery, a third-party backup tool automates much of the restore process. When business continuity is at stake, being able to recover lost data in minutes or hours is a much better option than needing days or weeks for recovery.
- Site structure is preserved and can be recovered. Not all third-party backup and restore software can do this, but it’s vital to reduce recovery time for SharePoint Online admins.
- A better approach to insider threats. If a malicious insider were to delete key elements of a Site Collection, or even an entire site, how long would it take you to recover? The manual effort needed when using Litigation Hold or archive tools for recovery make purpose-built backup and recovery software is a better approach.
Don’t wait until you experience data loss in SharePoint Online. Prepare now to rapidly restore content associated with Sites, OneDrive, Groups, and Teams — see how much easier it can be when using Spanning Backup for Office 365.
*** This is a Security Bloggers Network syndicated blog from Spanning authored by Matt McDermott. Read the original post at: https://spanning.com/blog/sharepoint-online-data-protection-why-its-needed-now/