ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    O365 and backups

    Scheduled Pinned Locked Moved IT Discussion
    73 Posts 12 Posters 6.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • NashBrydgesN
      NashBrydges @scottalanmiller
      last edited by

      @scottalanmiller said in O365 and backups:

      @brrabill said in O365 and backups:

      @nashbrydges said in O365 and backups:

      May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.

      Good example is the one @NashBrydges mentioned above...

      "May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."

      Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.

      I think it's important to preface many of your comments with "IMO" to properly qualify them. You don't know anything about the circumstances as to why the backup was required and assume that "You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days". There were many failures in these examples I talked about, most of those in the process for how they handle terminations/departures, but none of these failures eliminate the fact that the backup was both useful and avoided legal complications. In each case, it wasn't "...just political positioning". It doesn't address the root cause, but it sure as hell got them out of potential hot water so if you ask my clients, they wholeheartedly agree that it was beneficial. Sometimes we can't force our clients to fix their broken processes, but when we highlight the risks and propose solutions, a good backup is sometimes a very valid solutions.

      The one thing that I'll agree with is that Office 365 backup SHOULD be evaluated against the client's needs and when it fits, set it up.

      scottalanmillerS 2 Replies Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @NashBrydges
        last edited by

        @nashbrydges said in O365 and backups:

        @scottalanmiller said in O365 and backups:

        @brrabill said in O365 and backups:

        @nashbrydges said in O365 and backups:

        May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.

        Good example is the one @NashBrydges mentioned above...

        "May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."

        Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.

        I think it's important to preface many of your comments with "IMO" to properly qualify them. You don't know anything about the circumstances as to why the backup was required and assume that "You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days". There were many failures in these examples I talked about, most of those in the process for how they handle terminations/departures, but none of these failures eliminate the fact that the backup was both useful and avoided legal complications. In each case, it wasn't "...just political positioning". It doesn't address the root cause, but it sure as hell got them out of potential hot water so if you ask my clients, they wholeheartedly agree that it was beneficial. Sometimes we can't force our clients to fix their broken processes, but when we highlight the risks and propose solutions, a good backup is sometimes a very valid solutions.

        The one thing that I'll agree with is that Office 365 backup SHOULD be evaluated against the client's needs and when it fits, set it up.

        If you need backups for legal reasons, then that's something that they should know long before someone departs, not after. Evaluating the need for backups doesn't change the need for policies and procedures.

        Do your clients agree that the backups are beneficial when doing a valuation of risk, or only in cases where something bad has happened and they "got lucky" that they paid for backups? You have to do it from a non-emotional stance of "what are the risks" and "how much do they cost to mitigate". Definitely anyone who ends up in a disaster is thankful that they had backups, but that doesn't mean that backups were the right choice to have been made. It's like driving without a seatbelt and not getting in an accident, except reverse. But it's still using the outcome of chance to look back at a risk evaluation and determining based on something that isn't a factor, if a decision was good or bad.

        NashBrydgesN 1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller @NashBrydges
          last edited by

          @nashbrydges said in O365 and backups:

          I think it's important to preface many of your comments with "IMO" to properly qualify them.

          All comments, by all people, in all cases, IMO, are IMO implied. We speak in our own voice, all of us. No one actually speaks for the laws of the universe or the industry or whatever the alternative to our own opinions would be. While sometimes nice to preface with, under no conditions should it really be necessary.

          1 Reply Last reply Reply Quote 1
          • NashBrydgesN
            NashBrydges @scottalanmiller
            last edited by

            @scottalanmiller said in O365 and backups:

            @nashbrydges said in O365 and backups:

            @scottalanmiller said in O365 and backups:

            @brrabill said in O365 and backups:

            @nashbrydges said in O365 and backups:

            May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.

            Good example is the one @NashBrydges mentioned above...

            "May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."

            Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.

            I think it's important to preface many of your comments with "IMO" to properly qualify them. You don't know anything about the circumstances as to why the backup was required and assume that "You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days". There were many failures in these examples I talked about, most of those in the process for how they handle terminations/departures, but none of these failures eliminate the fact that the backup was both useful and avoided legal complications. In each case, it wasn't "...just political positioning". It doesn't address the root cause, but it sure as hell got them out of potential hot water so if you ask my clients, they wholeheartedly agree that it was beneficial. Sometimes we can't force our clients to fix their broken processes, but when we highlight the risks and propose solutions, a good backup is sometimes a very valid solutions.

            The one thing that I'll agree with is that Office 365 backup SHOULD be evaluated against the client's needs and when it fits, set it up.

            If you need backups for legal reasons, then that's something that they should know long before someone departs, not after. Evaluating the need for backups doesn't change the need for policies and procedures.

            Do your clients agree that the backups are beneficial when doing a valuation of risk, or only in cases where something bad has happened and they "got lucky" that they paid for backups? You have to do it from a non-emotional stance of "what are the risks" and "how much do they cost to mitigate". Definitely anyone who ends up in a disaster is thankful that they had backups, but that doesn't mean that backups were the right choice to have been made. It's like driving without a seatbelt and not getting in an accident, except reverse. But it's still using the outcome of chance to look back at a risk evaluation and determining based on something that isn't a factor, if a decision was good or bad.

            Every client gets the option of backups up front and I suspect like most who support clients, some want it and some don't. As it so happens, these specific clients all wanted backups when presented as an option so in this particular case, they were thankful they were in place.

            1 Reply Last reply Reply Quote 0
            • BRRABillB
              BRRABill
              last edited by

              I've said it before, and I'll say it again.

              Shit happens. Mistakes happens. People make mistakes.

              Maybe in your world you can say...

              "Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"

              But not everyone can.

              ObsolesceO scottalanmillerS 2 Replies Last reply Reply Quote 0
              • ObsolesceO
                Obsolesce @BRRABill
                last edited by

                @brrabill said in O365 and backups:

                "Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"
                But not everyone can.

                That's the thing, is you can get it back. And it really depends on the issue.

                MS Account issue = .OST still exists, last 12 months of data (by default) is still there.

                Deleted account = Do what I do, create a policy to back up O365 accounts to .PST before deleting and pulling license.

                Deleted mail = So many levels to get it back without backup.

                Small possibility of a malicious user deleting emails at all possible recovery levels... delete, deleted folder delete, IMAPI skills to 3rd tier delete = wtf does that? Buy O365 backup for "malicious suspects", or just for users who for some reason keep such important LoB data in email.

                scottalanmillerS 1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @BRRABill
                  last edited by

                  @brrabill said in O365 and backups:

                  I've said it before, and I'll say it again.

                  Shit happens. Mistakes happens. People make mistakes.

                  Maybe in your world you can say...

                  "Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"

                  But not everyone can.

                  Yes, everyone can. If you can't, you have to recognize that you work for the dumbest idiot out there. ALL IT has times when things are gone. All of it, no matter what. Period. No ifs, ands, or butts. It comes down to business decisions around how much risk you take versus how much you pay to mitigate it. That's all. Risk is always there. So if you feel you can't say that "sorry, it's gone", then that's just another way of saying that you can't do that job. Since you are doing that job, it's your job to sometimes say that - that's what working in ANY field, means.

                  None of the things you are saying actually reflect on the reality of the discussion. None of us are saying to go without protection. None of us are saying to not evaluate protection.

                  What you are saying is that where you work, there is no business or rationality, just a crazy person who demands the impossible. And your response to that is a checkbox for a buzzword. Neither his position, nor your response, make sense. How will you ensure that your backups never fail, and are available forever? You can't, so you can't meet the assumed expectation.

                  So given that all of that was nonsense, we are back to the fundamental "it rarely makes sense and you need to evaluate business needs and it's an extreme case where an actual issue would come up - a case so rare, that losing backups is probably more likely."

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Obsolesce
                    last edited by

                    @obsolesce said in O365 and backups:

                    @brrabill said in O365 and backups:

                    "Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"
                    But not everyone can.

                    That's the thing, is you can get it back. And it really depends on the issue.

                    MS Account issue = .OST still exists, last 12 months of data (by default) is still there.

                    Deleted account = Do what I do, create a policy to back up O365 accounts to .PST before deleting and pulling license.

                    Deleted mail = So many levels to get it back without backup.

                    Small possibility of a malicious user deleting emails at all possible recovery levels... delete, deleted folder delete, IMAPI skills to 3rd tier delete = wtf does that? Buy O365 backup for "malicious suspects", or just for users who for some reason keep such important LoB data in email.

                    And more importantly, anyone with that level of access will certainly be given access to delete the backups, too. Or to have stopped them. So the real questions start to be... what are the backups actually protecting against? They do add protection, no question. But how much? That's what has to be answered.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      I think that the problem is that there is this emotional reaction to the magic work "backup". And people are used to being given a free pass to simply say "backups are mandatory" without evaluating because the chances that you don't need a backup is so small, that no one really wastes time double checking it. That's fine, but...

                      This is a case where two or three backups already exist. This is about tertiary or smaller tail backups.

                      If you didn't have "backups" and you lost data, and the boss said "didn't we have backups?", you'd say "yes, lots of them, they all failed." If you DID have these backups, they might also fail, and you'd be in the same boat.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        None of that is to say that someone doesn't really need the backups, some people really do. But... in @BRRABill's case, he's giving bad reasons for why he might need them, and not giving the legitimate reasons. That means that the conclusion was reached through an invalid path, if there were real reasons for needing the backups, the emotional ones would not make sense to state. That doesn't mean that the answer is wrong, it means that we don't have a way to tell if it is right.

                        But shops that legitimately need tertiary and other extreme backups are almost always shops that really know how to evaluate that, too. That the needs are not stated has multiple mathematical reasons for making it the least likely, rather than the most likely, type of scenario to need that level of backup.

                        It's like going into a car dealership and claiming you need a racecar, but when asked why or how fast it needs to go and you have no idea, that tends to suggest you have less need of one than even normal drivers, let alone actual race car drivers.

                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @scottalanmiller
                          last edited by

                          @scottalanmiller said in O365 and backups:

                          It's like going into a car dealership and claiming you need a racecar, but when asked why or how fast it needs to go and you have no idea, that tends to suggest you have less need of one than even normal drivers, let alone actual race car drivers.

                          /me goes back and deletes all those pictures of driving to and from St Louis that include his speed..

                          1 Reply Last reply Reply Quote 2
                          • 1
                          • 2
                          • 3
                          • 4
                          • 4 / 4
                          • First post
                            Last post