Your SaaS Data Is NOT Safe

In case you missed my last two blogs on Microsoft 365 and ransomware, here’s the TL;DR: Your SaaS data is NOT safe.

With Microsoft 365 (M365), Microsoft hosts and manages the infrastructure and software to deliver it as a service while providing uptime service level agreements (SLAs) so you have some guarantees that it will be available to your users 99.9% of the time. However, even though M365 hosts YOUR data in their cloud—they are NOT responsible for it and it’s ultimately your responsibility to secure and protect it—whether it’s from accidental deletion from an internal user or from the ever increasing external threats like ransomware.

In this blog, I wanted to provide you with a “one-stop shop” of great content to answer your questions about ways to keep your SaaS and M365 data safe:

• What are your data protection responsibilities?
• How do ransomware and other risks attack M365?
• What safeguards does Microsoft provide or not provide?
• How can you best protect your M365 data?
• How can Cohesity help?

What Are Your Data Protection Responsibilities?

If you walk away from this blog with nothing else, just understanding that your data is your responsibility, you’ll be better off. I suggest you (or your lawyers) read the SLA and EULA agreements from all your SaaS vendors to better understand what they will guarantee and what they will secure and protect. You’ll see that your data isn’t one of them. Take a deeper dive into this topic to learn more about the top trends, myths, and why a third-party option might be the best thing for your business:

• Panel discussion: Protecting your aaS: Microsoft 365 and More
• Webinar: Top Cloud Trends and the Impact on Your Data Protection Strategy (ESG)
• Blog: SaaS Application Data Protection Is Critical for Data Resilience
• Tip Sheet: Top 3 Myths about Backing Up Cloud-Native and SaaS Data
• Tip Sheet: 5 Reasons Your Business Needs to Consider a Third-Party Solution to Back Up Microsoft 365

How do Ransomware and Other Risks Attack M365?

Ransomware is one of the fastest growing cyber threats out there, with reportedly 66% of companies having experienced an attack in the past year according to the Sophos State of Ransomware Report 2022. Just because it’s SaaS and Microsoft has its own security features doesn’t guarantee your M365 data won’t be attacked. In fact, email-based attacks can start with M365 and spread further into other systems creating a huge blast radius of damage. See how ransomware is a growing threat to your M365, your SaaS-based data, and your business:

• Guide: Ransomware Protection for Microsoft 365
• Video: Business Email Compromise—How to Protect Your Data from the Risks
• Video: The State of Ransomware Threats with Increasingly Sophisticated Attacks
• Blog: Think Your Microsoft 365 Data Is Safe From Ransomware? Think Again.
• Blog: Get the Facts About Ransomware Protection and Microsoft 365

What Safeguards Does Microsoft Provide or not Provide?

So here’s the thing—Microsoft doesn’t do nothing to protect your data. But the limited data retention and versioning features that are provided aren’t nearly enough for most enterprises. You need to hit your SLAs, recover all of your data, and get your users back up and running. Think about it this way; just because your car has anti-lock brakes, air bags, and a rear view camera, that doesn’t mean you forgo buying car insurance! Dig deeper with the following assets to understand why versioning and retention are not enough:

• Analyst Report: IDC Perspective: Microsoft’s Office 365 Data Protection Strategy
• Webinar: Sleep Soundly: Your Microsoft 365 Data Can Be Recovered
• Infographic: What You Need to Know about Data Protection for M365
• Multiple Assets: Microsoft 365 Data Protection Pack
• Legal Agreement: Microsoft End User License Agreement (EULA) (See Section 6b)

How can You Best Protect Your M365 Data?

Back to my car analogy. Backup for your M365 data is synonymous with insurance for your car. You need it because the safeguards that Microsoft provides are not enough. The question is what features and attributes should you be looking for in a backup solution for M365? Should it also run in the cloud? Should it be tailored for M365 or support other data? Learn how to select the best backup solution with our M365 Data Protection Pack and dive deeper with the rest of the below assets:

• Multiple Assets: Microsoft 365 Data Protection Pack
• Video: Your Options to Protect M365
• Blog: The Practitioners Guide to Protecting M365 Workloads with Backup as a Service (BaaS)
• Guide: Ransomware Protection for Microsoft 365
• Guide: Data Management as a Service for Dummies

How can Cohesity help?

If you’ve read this far, you’ve probably guessed correctly that Cohesity has an opinion and more importantly a solution on how to protect and back up your M365 data—Cohesity DataProtect delivered as a Service. Our Backup as a Service (BaaS) offering protects your M365 data from ransomware and other threats while providing a single solution for your hybrid cloud data, including your VMs, files, databases, and other cloud data sources. Check out these assets to learn more about our solutions:

• Video: Cohesity DataProtect Delivered as a Service
• Video: Protecting Your M365 Workloads with Backup as a Service
• Panel Discussion: Ready, Set, Go—Get Started with Cohesity SaaS
• Tip Sheet: 4 Ways to Back Up Microsoft 365
• Solution Brief: Comprehensive Protection for Microsoft 365

Get Started—Protect Your M365 Data

Are you ready to get started and try Cohesity BaaS to protect your M365 data? If so, you can go here to watch a demo, join a live demo session, request a free trial, or talk to a Cohesity expert about your specific needs.

Still not sure, or you prefer to binge watch videos rather than read? Learn more on Youtube with our M365 data protection video playlist.