O365 and backups
-
Let's also ask... how did something "so important" end up in one and only one person's email? Clearly, no one thought it was important enough when it happened. Nor for 30 days during which time they had to recover deleted mail. Only once it was deleted did someone "claim" something valuable was in there.
What if you DID have backups, but they were only for 60 days? Or 90 days? You'd get the same lies.
Bottom line, this is a made up, false problem. Whoever told you that that email was valuable was just pulling your leg. It's not plausible that they actually had that scenario happen AND have valuable email in there that they really needed AND would have been protected against by a backup.
It's easy to think that backups are a panacea, but backups are not of everything and not forever. You HAD a backup, you didn't use it. So the logic that "more" backup is the answer, doesn't logically flow.
Or look at it this way....
- User deleted data (malicious, kind, whatever) where you protected against that? Yes.
- Account was deleted, still needed data from it. Where you protected against that? Yes.
- Did you have a backup? Yes.
The problem was...
- Had protection, but didn't exercise it.
- Had protection, but didn't exercise it.
- The proposed solution is more of the failed solution.
-
Rather than throwing money and buzzwords at problems, consider fixing failed processes. To me, it sounds in that case like backups or the falsely assumed lack thereof, were a scapegoat and are used to cover up the fact that the real issue is fundamentally failed processed.
- Why was critical data left in a personally controlled account?
- Why was critical data accessible to only a single person?
- Why was someone let go allowed access to delete their files?
- Why were the contents of the email not checked right away?
Also, local backups would have protected against this, as well. Not just O365 backups.
-
@scottalanmiller said in O365 and backups:
@brrabill said in O365 and backups:
@nashbrydges said in O365 and backups:
May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.
Good example is the one @NashBrydges mentioned above...
"May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."
Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.
Even in that case, there is yet another layer of recovery via IMAPI magic they can have you do over the phone.
Inbox > Deleted folder > deleted folder recovery > IMAPI recovery
OneDrive has several layers, too (and SharePoint).
You would have to come across some employee who is very malicious and intentionally sabotaging important content, or have an account-level issue.
-
@obsolesce said in O365 and backups:
You would have to come across some employee who is very malicious and intentionally sabotaging important content, or have an account-level issue.
And something like Outlook PST or Thunderbird local cache would protect against the account issues.
I think you'd need sabotage AND an account issue to have things really fail that badly to actually lose the emails.
-
@scottalanmiller said in O365 and backups:
@obsolesce said in O365 and backups:
You would have to come across some employee who is very malicious and intentionally sabotaging important content, or have an account-level issue.
And something like Outlook PST or Thunderbird local cache would protect against the account issues.
I think you'd need sabotage AND an account issue to have things really fail that badly to actually lose the emails.
Exactly.
I mean, I am definitely not saying that having an actual integrated backup is a bad thing. But it is a thing that needs properly analyzed.
-
@jaredbusch said in O365 and backups:
@brrabill said in O365 and backups:
@scottalanmiller said in O365 and backups:
Keep in mind that for SMALL shops, things like Outlook or Thunderbird will prevent most disasters by keeping a close on a local device. Not going to protect against sabotage, but that's rarely what people are paying to protect against. It will protect you against account issues or whatever. And it is basically free and often done anyway.
It's a synced (assume you mean...) clone, though.
So if you delete it and don't realize it for 30 days, it's potentially gone.
You are not understanding. He is talking about Outlook keeping a local OST by default.
The downside there is Outlook also only keeps about 12 months on the OST by default.
But again it is a backup/copy/WTFever that is usually more than sufficient for a SMB.
Especially if you update the defualts to ensure the entire mailbox is kept offline locally.
OST are generally worthless, if you wanted a local copy you'd use a PST.
But in any case both options suck.
-
@dustinb3403 said in O365 and backups:
@jaredbusch said in O365 and backups:
@brrabill said in O365 and backups:
@scottalanmiller said in O365 and backups:
Keep in mind that for SMALL shops, things like Outlook or Thunderbird will prevent most disasters by keeping a close on a local device. Not going to protect against sabotage, but that's rarely what people are paying to protect against. It will protect you against account issues or whatever. And it is basically free and often done anyway.
It's a synced (assume you mean...) clone, though.
So if you delete it and don't realize it for 30 days, it's potentially gone.
You are not understanding. He is talking about Outlook keeping a local OST by default.
The downside there is Outlook also only keeps about 12 months on the OST by default.
But again it is a backup/copy/WTFever that is usually more than sufficient for a SMB.
Especially if you update the defualts to ensure the entire mailbox is kept offline locally.
OST are generally worthless, if you wanted a local copy you'd use a PST.
Not particularly. The protection level we are mentioning here is account loss.
In this case Outlook should still open normally, it will just be "offline". You can then simply export everything to PST at that time.
-
@jaredbusch said in O365 and backups:
@dustinb3403 said in O365 and backups:
@jaredbusch said in O365 and backups:
@brrabill said in O365 and backups:
@scottalanmiller said in O365 and backups:
Keep in mind that for SMALL shops, things like Outlook or Thunderbird will prevent most disasters by keeping a close on a local device. Not going to protect against sabotage, but that's rarely what people are paying to protect against. It will protect you against account issues or whatever. And it is basically free and often done anyway.
It's a synced (assume you mean...) clone, though.
So if you delete it and don't realize it for 30 days, it's potentially gone.
You are not understanding. He is talking about Outlook keeping a local OST by default.
The downside there is Outlook also only keeps about 12 months on the OST by default.
But again it is a backup/copy/WTFever that is usually more than sufficient for a SMB.
Especially if you update the defualts to ensure the entire mailbox is kept offline locally.
OST are generally worthless, if you wanted a local copy you'd use a PST.
Not particularly. The protection level we are mentioning here is account loss.
In this case Outlook should still open normally, it will just be "offline". You can then simply export everything to PST at that time.
Yup, it's a "worst case" kind of recovery. But when you've actually hit that level of disaster, the annoyances of PSTs are pretty trivial.
-
@scottalanmiller said in O365 and backups:
@brrabill said in O365 and backups:
@nashbrydges said in O365 and backups:
May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.
Good example is the one @NashBrydges mentioned above...
"May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."
Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.
I think it's important to preface many of your comments with "IMO" to properly qualify them. You don't know anything about the circumstances as to why the backup was required and assume that "You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days". There were many failures in these examples I talked about, most of those in the process for how they handle terminations/departures, but none of these failures eliminate the fact that the backup was both useful and avoided legal complications. In each case, it wasn't "...just political positioning". It doesn't address the root cause, but it sure as hell got them out of potential hot water so if you ask my clients, they wholeheartedly agree that it was beneficial. Sometimes we can't force our clients to fix their broken processes, but when we highlight the risks and propose solutions, a good backup is sometimes a very valid solutions.
The one thing that I'll agree with is that Office 365 backup SHOULD be evaluated against the client's needs and when it fits, set it up.
-
@nashbrydges said in O365 and backups:
@scottalanmiller said in O365 and backups:
@brrabill said in O365 and backups:
@nashbrydges said in O365 and backups:
May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.
Good example is the one @NashBrydges mentioned above...
"May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."
Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.
I think it's important to preface many of your comments with "IMO" to properly qualify them. You don't know anything about the circumstances as to why the backup was required and assume that "You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days". There were many failures in these examples I talked about, most of those in the process for how they handle terminations/departures, but none of these failures eliminate the fact that the backup was both useful and avoided legal complications. In each case, it wasn't "...just political positioning". It doesn't address the root cause, but it sure as hell got them out of potential hot water so if you ask my clients, they wholeheartedly agree that it was beneficial. Sometimes we can't force our clients to fix their broken processes, but when we highlight the risks and propose solutions, a good backup is sometimes a very valid solutions.
The one thing that I'll agree with is that Office 365 backup SHOULD be evaluated against the client's needs and when it fits, set it up.
If you need backups for legal reasons, then that's something that they should know long before someone departs, not after. Evaluating the need for backups doesn't change the need for policies and procedures.
Do your clients agree that the backups are beneficial when doing a valuation of risk, or only in cases where something bad has happened and they "got lucky" that they paid for backups? You have to do it from a non-emotional stance of "what are the risks" and "how much do they cost to mitigate". Definitely anyone who ends up in a disaster is thankful that they had backups, but that doesn't mean that backups were the right choice to have been made. It's like driving without a seatbelt and not getting in an accident, except reverse. But it's still using the outcome of chance to look back at a risk evaluation and determining based on something that isn't a factor, if a decision was good or bad.
-
@nashbrydges said in O365 and backups:
I think it's important to preface many of your comments with "IMO" to properly qualify them.
All comments, by all people, in all cases, IMO, are IMO implied. We speak in our own voice, all of us. No one actually speaks for the laws of the universe or the industry or whatever the alternative to our own opinions would be. While sometimes nice to preface with, under no conditions should it really be necessary.
-
@scottalanmiller said in O365 and backups:
@nashbrydges said in O365 and backups:
@scottalanmiller said in O365 and backups:
@brrabill said in O365 and backups:
@nashbrydges said in O365 and backups:
May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.
Good example is the one @NashBrydges mentioned above...
"May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."
Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.
I think it's important to preface many of your comments with "IMO" to properly qualify them. You don't know anything about the circumstances as to why the backup was required and assume that "You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days". There were many failures in these examples I talked about, most of those in the process for how they handle terminations/departures, but none of these failures eliminate the fact that the backup was both useful and avoided legal complications. In each case, it wasn't "...just political positioning". It doesn't address the root cause, but it sure as hell got them out of potential hot water so if you ask my clients, they wholeheartedly agree that it was beneficial. Sometimes we can't force our clients to fix their broken processes, but when we highlight the risks and propose solutions, a good backup is sometimes a very valid solutions.
The one thing that I'll agree with is that Office 365 backup SHOULD be evaluated against the client's needs and when it fits, set it up.
If you need backups for legal reasons, then that's something that they should know long before someone departs, not after. Evaluating the need for backups doesn't change the need for policies and procedures.
Do your clients agree that the backups are beneficial when doing a valuation of risk, or only in cases where something bad has happened and they "got lucky" that they paid for backups? You have to do it from a non-emotional stance of "what are the risks" and "how much do they cost to mitigate". Definitely anyone who ends up in a disaster is thankful that they had backups, but that doesn't mean that backups were the right choice to have been made. It's like driving without a seatbelt and not getting in an accident, except reverse. But it's still using the outcome of chance to look back at a risk evaluation and determining based on something that isn't a factor, if a decision was good or bad.
Every client gets the option of backups up front and I suspect like most who support clients, some want it and some don't. As it so happens, these specific clients all wanted backups when presented as an option so in this particular case, they were thankful they were in place.
-
I've said it before, and I'll say it again.
Shit happens. Mistakes happens. People make mistakes.
Maybe in your world you can say...
"Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"
But not everyone can.
-
@brrabill said in O365 and backups:
"Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"
But not everyone can.That's the thing, is you can get it back. And it really depends on the issue.
MS Account issue = .OST still exists, last 12 months of data (by default) is still there.
Deleted account = Do what I do, create a policy to back up O365 accounts to .PST before deleting and pulling license.
Deleted mail = So many levels to get it back without backup.
Small possibility of a malicious user deleting emails at all possible recovery levels... delete, deleted folder delete, IMAPI skills to 3rd tier delete = wtf does that? Buy O365 backup for "malicious suspects", or just for users who for some reason keep such important LoB data in email.
-
@brrabill said in O365 and backups:
I've said it before, and I'll say it again.
Shit happens. Mistakes happens. People make mistakes.
Maybe in your world you can say...
"Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"
But not everyone can.
Yes, everyone can. If you can't, you have to recognize that you work for the dumbest idiot out there. ALL IT has times when things are gone. All of it, no matter what. Period. No ifs, ands, or butts. It comes down to business decisions around how much risk you take versus how much you pay to mitigate it. That's all. Risk is always there. So if you feel you can't say that "sorry, it's gone", then that's just another way of saying that you can't do that job. Since you are doing that job, it's your job to sometimes say that - that's what working in ANY field, means.
None of the things you are saying actually reflect on the reality of the discussion. None of us are saying to go without protection. None of us are saying to not evaluate protection.
What you are saying is that where you work, there is no business or rationality, just a crazy person who demands the impossible. And your response to that is a checkbox for a buzzword. Neither his position, nor your response, make sense. How will you ensure that your backups never fail, and are available forever? You can't, so you can't meet the assumed expectation.
So given that all of that was nonsense, we are back to the fundamental "it rarely makes sense and you need to evaluate business needs and it's an extreme case where an actual issue would come up - a case so rare, that losing backups is probably more likely."
-
@obsolesce said in O365 and backups:
@brrabill said in O365 and backups:
"Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"
But not everyone can.That's the thing, is you can get it back. And it really depends on the issue.
MS Account issue = .OST still exists, last 12 months of data (by default) is still there.
Deleted account = Do what I do, create a policy to back up O365 accounts to .PST before deleting and pulling license.
Deleted mail = So many levels to get it back without backup.
Small possibility of a malicious user deleting emails at all possible recovery levels... delete, deleted folder delete, IMAPI skills to 3rd tier delete = wtf does that? Buy O365 backup for "malicious suspects", or just for users who for some reason keep such important LoB data in email.
And more importantly, anyone with that level of access will certainly be given access to delete the backups, too. Or to have stopped them. So the real questions start to be... what are the backups actually protecting against? They do add protection, no question. But how much? That's what has to be answered.
-
I think that the problem is that there is this emotional reaction to the magic work "backup". And people are used to being given a free pass to simply say "backups are mandatory" without evaluating because the chances that you don't need a backup is so small, that no one really wastes time double checking it. That's fine, but...
This is a case where two or three backups already exist. This is about tertiary or smaller tail backups.
If you didn't have "backups" and you lost data, and the boss said "didn't we have backups?", you'd say "yes, lots of them, they all failed." If you DID have these backups, they might also fail, and you'd be in the same boat.
-
None of that is to say that someone doesn't really need the backups, some people really do. But... in @BRRABill's case, he's giving bad reasons for why he might need them, and not giving the legitimate reasons. That means that the conclusion was reached through an invalid path, if there were real reasons for needing the backups, the emotional ones would not make sense to state. That doesn't mean that the answer is wrong, it means that we don't have a way to tell if it is right.
But shops that legitimately need tertiary and other extreme backups are almost always shops that really know how to evaluate that, too. That the needs are not stated has multiple mathematical reasons for making it the least likely, rather than the most likely, type of scenario to need that level of backup.
It's like going into a car dealership and claiming you need a racecar, but when asked why or how fast it needs to go and you have no idea, that tends to suggest you have less need of one than even normal drivers, let alone actual race car drivers.
-
@scottalanmiller said in O365 and backups:
It's like going into a car dealership and claiming you need a racecar, but when asked why or how fast it needs to go and you have no idea, that tends to suggest you have less need of one than even normal drivers, let alone actual race car drivers.
/me goes back and deletes all those pictures of driving to and from St Louis that include his speed..