Monday, 28 September 2020

The forgotten risk of our new WFH reality

This year businesses across the UK have prepared themselves for the effects of the pandemic - now it's time to check that all new systems are secure.

cartoon image of figures around a laptop with 'data recovery'

Even before the lockdown was announced in March this year, businesses across the UK were doing what they could to ready their business for the effects of the pandemic. While their efforts have been herculean, it is now time to check that all new systems are secure.

 

Most business continuity plans hadn’t addressed the risk of a global pandemic. Yet, despite the lack of readiness that many businesses felt, IT leaders across the UK have kept their organisations running. In many ways, they are the unsung heroes of the Coronavirus pandemic.

The sudden and unexpected need to work from home that many organisations experienced has transformed IT in these businesses utterly. Years of digital transformation were suddenly fast-tracked(1) and implemented within weeks – or days – even in industries and sectors that have traditionally been resistant to change.

The rush to keep operations working

For organisations that had already made the first tentative steps towards cloud migration, the switch was made easier; scaling up what was already in place to allow for home working and transitioning more users to cloud services such as Microsoft 365, for example.

The first priority for everyone has been to keep our organisations operational and support our customers, especially those that are recognised with key worker status. But in the rush to ensure users are productive, make data accessible and get everyone online, it was inevitable that the normal transition process was streamlined.

For the most part, it was the cultural and change-management processes that were dropped from the traditional roll-out processes – rather than communication, it was need that drove user uptake.

However, it is also the case that some organisations have made the shift to cloud solutions without fully investigating the ramifications of those decisions. Now the dust has settled on that rapid transition, now is a great time to review your own shift and ensure that the necessary controls and securities are in place.

The risks of a rapid transition

One of the risks the Grant McGregor team has been highlighting to our customers relates to your Microsoft 365 deployments.

Many organisations understandably assume that Microsoft is providing services around the key services for backup and restore. In fact, this is not the case.

Microsoft’s user agreement clearly states:

“We strive to keep the Services up and running; however, all online services suffer occasional disruptions and outages, and Microsoft is not liable for any disruption or loss you may suffer as a result. In the event of an outage, you may not be able to retrieve Your Content or Data that you’ve stored. We recommend that you regularly backup Your Content and Data that you store on the Services or store using Third-Party Apps and Services.”

This leaves organisations at risk in the event of an outage, cyber attack or other disruption to services. Without an adequate solution in place, you might find yourself unable to restore the information on which your company relies. Whether it’s human error, a phishing attack, ransomware, or a disgruntled employee, without a backup and restore solution, your business is horribly exposed – and possibly non-compliant with regulations (such as GDPR).

Whose responsibility is it to backup services?

As Microsoft makes clear in its Services Agreement, it doesn’t see itself as responsible for retaining your data. Deleted data is only accessible for up to 30 days with Exchange Online and 180 days for SharePoint Online. In fact, Microsoft recommends the use of third-party apps to insure against data loss.

However, organisations shouldn’t automatically assume that, since Microsoft isn’t backing up their data, their IT partner is doing so instead.

Backing up and protecting your data requires a specialist solution. Unless this has been itemised in your service agreement, you can’t assume it is naturally in place.

It is really important that you have this conversation with your IT partner to determine what is in place now, discuss the data that you need to protect – that which is business-critical and that which you have a duty to protect/ keep private – identify any gaps or exposures, and discuss possible solutions.

What does Grant McGregor recommend?

We have partnered with Axcient to offer all of our managed service provider customers a solution to this issues that is simple to implement and use but comprehensive in coverage.

The Axcient x360 Cloud backs up and protects Microsoft 365 data, including Exchange Online, OneDrive, SharePoint and Teams. Comprehensive search and easy-to-implement restore means that, even if the worst happens, you still have access to your data.

If you are already partnering with us, please reach out to our team for more information.

If you aren’t yet partnering with Grant McGregor, but would like advice about how to protect your own cloud deployments and data, our team is on hand to discuss how the solution can help protect your organisation too.

To help organisations manage their cloud data and adapt responsibly in this extraordinary age, we’re currently offering a free trial of Axcient x360 Cloud. Find out more information and sign up for your own free trial here.

Start a trial today

 

References:

1. https://customers.microsoft.com/en-us/story/845268-arup