Few people doubted the need to back up email and collaboration data back in the 2000s and early 2010s when the on-premise Microsoft Exchange and SharePoint were the dominant business collaboration solutions.
In the late 2010s organizations started to actively migrate to cloud-based email and collaboration systems. Office 365 (now Microsoft 365) and G Suite (now Google Workspace) emerged as the leaders in this transition, with ~70% and 30% market shares respectively according to the Bitglass’ 2019 Cloud Adoption Report.
The rise of the cloud office suites enabled IT administrators to avoid managing on-premise servers and server software when administering office applications. At the same time, the need to backup Microsoft 365 (and Google Workspace) turned into a hotly debated topic in the IT community.
So why the need for cloud office suites backup is so controversial?
Quality of Third-party Backup Solutions
There are more than 50 vendors that offer Microsoft 365 backup. The service quality and the extent of integration with Microsoft 365 that their solutions provide differ greatly. The largest group of vendors is the traditional backup companies that originally developed their backup suites for on-premise workloads, such as VMware ESX, Microsoft Windows or Hyper-V. Most of their solutions are based on the technology and UI inherited from their original backup suites and may not always scale and work reliably with cloud applications.
Despite the fast growth in the late 2010s, Microsoft 365 backup is a very small market, and most backup vendors remain focused on their core products, setting aside only limited resources for Microsoft 365 backup development. While the total backup market is estimated by IDC at approximately $9 billion, the combined Microsoft Office 365 backup sales are only $100-150 million (1.5-2% of the total backup market in 2019).
Embedded Protection
The built-in data protection capabilities are another reason the need for third-party backup solutions is not obvious. Unlike the on-premise Exchange and SharePoint, Microsoft 365 (and Google Workspace) include built-in data protection features.
For example, items deleted from Microsoft Exchange Online, OneDrive, and SharePoint sites can generally be recovered by admin within 30-93 days after the deletion. Many organizations find this recovery window to be sufficient for their backup policies and therefore don’t need third-party protection tools.
In addition to the post-deletion retention, OneDrive and SharePoint (and their Google Workspace analogs) have configurable versioning capabilities that are integrated into the user and admin interface. The versioning provides an additional layer of protection against the most frequent issues, including accidental overwrites and user mistakes.
Native Archiving Tools
Both Microsoft and Google offer long-term data retention, e-Discovery, and archiving add-ons for their cloud office suites. The products (Microsoft Compliance Center and Google Vault) are available in the premium pricing plans and enable unlimited data retention and versioning.
The native archiving tools are tightly integrated with the office suites and are not limited by the speed and availability of the Microsoft 365 (or Google Workspace) external APIs. Because of the API limitations, all third-party backup solutions have limited backup frequency (usually 1-3x per day) and cover only a subset of supported data sources. The native archiving tools can provide truly continuous data protection (unlimited frequency) and they usually support more cloud office data types than solutions working through external APIs.
The native archiving tools provide strong data retention and data search capabilities, but they don’t have automated recovery options. IT administrators using them as a data recovery solution need to download the data they want to recover, and then restore it manually back to Microsoft 365 (or Google Workspace). In certain cases, when the amount of data is large or the directory structures are complex, this semi-manual approach may not be effective.
Hardware and Infrastructure Availability
One clear reason why the on-premise email and collaboration systems needed backup was the risk of data corruption or loss due to hardware failures. But with the advent of managed cloud services, this has changed, and the providers of the cloud software take responsibility for managing the infrastructure layer and application resiliency.
Both Microsoft and Google provide a highly available and reliable service. The actual uptime for Microsoft Office was 99.97% in Q1-Q3 2020, significantly better SLA than can be achieved by most self-hosted systems. The geo-redundant virtualized storage underneath the cloud office systems essentially eliminates the risk of data corruption or the impact of hardware failures.
Are There Good Reasons to Backup Cloud Office?
There are dozens of other reasons not to use any third-party Microsoft 365 backup or disaster recovery options. But are there any reasons to protect your cloud office data?
Probably the biggest argument – heavily exploited by backup vendors – in favor of using a backup is Microsoft’s and Google’s official positions. Google actively partners with independent backup vendors, and Microsoft clearly states in their Service Level Agreement that “… online services suffer occasional disruptions […] We recommend that you regularly backup Your Content and Data that you store on the [Microsoft] Services”.
Microsoft Service Agreement Service Availability Clause
Final Thoughts
Whether you elect to use the native Microsoft data protection tools or a third-party backup solution, it is critical to analyze their capabilities and limitations to make an informed decision.
Most Microsoft 365 users don’t have a third-party backup, according to IDC Cloud Adoption surveys. This suggests that a third-party backup is not required for every Microsoft 365 organization. At the same time, IT administrators need to carefully assess the built-in Microsoft 365 data recovery features and determine whether the retention limits and the scope of protection are adequate in the context of their business requirements.
A similar review and assessment process must be followed when organizations consider using a third-party Microsoft 365 backup software. All of the solutions have important limitations and will not suit all organizations.