O365 and backups

scottalanmiller

@carnival-boy said in O365 and backups:

Main reason for me to. It's like having your offsite backups stored at Bob's house, but only Bob has a key. I'd want a key, instead of having to always rely on Bob to let me in. Especially if Bob has history of messing me around.

This, I feel, is an analogy of the "account risk" that I mention. Yes, Bob has a backup, but if the failure is Bob leaves, Bob hates you, or Bob forgets who you are, no amount of Bob's backups matter and the risk isn't measured in hardware failure but in a lot of soft things that are hard to predict and are totally vendor and implementation specific and can't be extrapolated from industry norms.

BRRABill

@nashbrydges said in O365 and backups:

May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.

For me, that is exactly the reason you need a backup of O365.

That, and any sort of malicious activity, or MS screw up.

scottalanmiller

@brrabill said in O365 and backups:

@nashbrydges said in O365 and backups:

May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.

For me, that is exactly the reason you need a backup of O365.

That, and any sort of malicious activity, or MS screw up.

All about putting numbers to it. It's the "real risk" of the system. But you have to determine how big that risk is and put a dollar number on it. Identifying what risks are is for the IT side of our brains, that's making a list. Evaluating that risk is for the actuary side of our brains. Take the list and put values to it to see whether they make sense to mitigate.

BRRABill

@scottalanmiller said in O365 and backups:

All about putting numbers to it. It's the "real risk" of the system. But you have to determine how big that risk is and put a dollar number on it. Identifying what risks are is for the IT side of our brains, that's making a list. Evaluating that risk is for the actuary side of our brains. Take the list and put values to it to see whether they make sense to mitigate.

For a small company, for the generally small cost of these backups, I think it's best just to do them.

scottalanmiller

@brrabill said in O365 and backups:

@scottalanmiller said in O365 and backups:

All about putting numbers to it. It's the "real risk" of the system. But you have to determine how big that risk is and put a dollar number on it. Identifying what risks are is for the IT side of our brains, that's making a list. Evaluating that risk is for the actuary side of our brains. Take the list and put values to it to see whether they make sense to mitigate.

For a small company, for the generally small cost of these backups, I think it's best just to do them.

The big questions being.... how much does it cost, and how much value is being stored in email instead of somewhere else?

scottalanmiller

Keep in mind that for SMALL shops, things like Outlook or Thunderbird will prevent most disasters by keeping a close on a local device. Not going to protect against sabotage, but that's rarely what people are paying to protect against. It will protect you against account issues or whatever. And it is basically free and often done anyway.

BRRABill

@scottalanmiller said in O365 and backups:

Keep in mind that for SMALL shops, things like Outlook or Thunderbird will prevent most disasters by keeping a close on a local device. Not going to protect against sabotage, but that's rarely what people are paying to protect against. It will protect you against account issues or whatever. And it is basically free and often done anyway.

It's a synced (assume you mean...) clone, though.

So if you delete it and don't realize it for 30 days, it's potentially gone.

JaredBusch

@brrabill said in O365 and backups:

@scottalanmiller said in O365 and backups:

Keep in mind that for SMALL shops, things like Outlook or Thunderbird will prevent most disasters by keeping a close on a local device. Not going to protect against sabotage, but that's rarely what people are paying to protect against. It will protect you against account issues or whatever. And it is basically free and often done anyway.

It's a synced (assume you mean...) clone, though.

So if you delete it and don't realize it for 30 days, it's potentially gone.

You are not understanding. He is talking about Outlook keeping a local OST by default.

The downside there is Outlook also only keeps about 12 months on the OST by default.

But again it is a backup/copy/WTFever that is usually more than sufficient for a SMB.

Especially if you update the defualts to ensure the entire mailbox is kept offline locally.

scottalanmiller

@brrabill said in O365 and backups:

@scottalanmiller said in O365 and backups:

Keep in mind that for SMALL shops, things like Outlook or Thunderbird will prevent most disasters by keeping a close on a local device. Not going to protect against sabotage, but that's rarely what people are paying to protect against. It will protect you against account issues or whatever. And it is basically free and often done anyway.

It's a synced (assume you mean...) clone, though.

So if you delete it and don't realize it for 30 days, it's potentially gone.

Right, but not realizing it for 30 days. You are getting more and more obtuse to find where it doesn't cover you. It's not perfect, but it's free. And between MS' backups and recovery tools, and your own protection against MS account issues, the coverage is not too shabby for the "included" options without needing to pay for something.

There are certainly cases where paying for full backups makes sense. But I think it's more then edge case than the normal case. It's anything but something you'd "just do" without evaluating as the costs are never that low. If it was nearly free, that would be one thing.

BRRABill

@jaredbusch said in O365 and backups:

@brrabill said in O365 and backups:

@scottalanmiller said in O365 and backups:

Keep in mind that for SMALL shops, things like Outlook or Thunderbird will prevent most disasters by keeping a close on a local device. Not going to protect against sabotage, but that's rarely what people are paying to protect against. It will protect you against account issues or whatever. And it is basically free and often done anyway.

It's a synced (assume you mean...) clone, though.

So if you delete it and don't realize it for 30 days, it's potentially gone.

You are not understanding. He is talking about Outlook keeping a local OST by default.

The downside there is Outlook also only keeps about 12 months on the OST by default.

But again it is a backup/copy/WTFever that is usually more than sufficient for a SMB.

Especially if you update the defualts to ensure the entire mailbox is kept offline locally.

Yeah if you delete it from the local copy, doesn't it also delete it from the Office365 copy?

scottalanmiller

@brrabill said in O365 and backups:

@jaredbusch said in O365 and backups:

@brrabill said in O365 and backups:

@scottalanmiller said in O365 and backups:

Keep in mind that for SMALL shops, things like Outlook or Thunderbird will prevent most disasters by keeping a close on a local device. Not going to protect against sabotage, but that's rarely what people are paying to protect against. It will protect you against account issues or whatever. And it is basically free and often done anyway.

It's a synced (assume you mean...) clone, though.

So if you delete it and don't realize it for 30 days, it's potentially gone.

You are not understanding. He is talking about Outlook keeping a local OST by default.

The downside there is Outlook also only keeps about 12 months on the OST by default.

But again it is a backup/copy/WTFever that is usually more than sufficient for a SMB.

Especially if you update the defualts to ensure the entire mailbox is kept offline locally.

Yeah if you delete it from the local copy, doesn't it also delete it from the Office365 copy?

Yes, but you can still recover from something accidentally deleted. If you delete them from there, you can go to the Recover Deleted Items system in O365 to get them.

How many layers of protection is enough?

scottalanmiller

Let's try it another way, what is the exact scenario that you fear that you are valuing as risky enough to warrant the cost of backups? Keep it concrete, many much money (can be per user if you want) is it worth to protect again what exact risk?

BRRABill

@nashbrydges said in O365 and backups:

May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.

Good example is the one @NashBrydges mentioned above...

"May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."

scottalanmiller

@brrabill said in O365 and backups:

@nashbrydges said in O365 and backups:

May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.

Good example is the one @NashBrydges mentioned above...

"May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."

Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.

scottalanmiller

Let's also ask... how did something "so important" end up in one and only one person's email? Clearly, no one thought it was important enough when it happened. Nor for 30 days during which time they had to recover deleted mail. Only once it was deleted did someone "claim" something valuable was in there.

What if you DID have backups, but they were only for 60 days? Or 90 days? You'd get the same lies.

Bottom line, this is a made up, false problem. Whoever told you that that email was valuable was just pulling your leg. It's not plausible that they actually had that scenario happen AND have valuable email in there that they really needed AND would have been protected against by a backup.

It's easy to think that backups are a panacea, but backups are not of everything and not forever. You HAD a backup, you didn't use it. So the logic that "more" backup is the answer, doesn't logically flow.

Or look at it this way....

1. User deleted data (malicious, kind, whatever) where you protected against that? Yes.
2. Account was deleted, still needed data from it. Where you protected against that? Yes.
3. Did you have a backup? Yes.

The problem was...

1. Had protection, but didn't exercise it.
2. Had protection, but didn't exercise it.
3. The proposed solution is more of the failed solution.

scottalanmiller

Rather than throwing money and buzzwords at problems, consider fixing failed processes. To me, it sounds in that case like backups or the falsely assumed lack thereof, were a scapegoat and are used to cover up the fact that the real issue is fundamentally failed processed.

1. Why was critical data left in a personally controlled account?
2. Why was critical data accessible to only a single person?
3. Why was someone let go allowed access to delete their files?
4. Why were the contents of the email not checked right away?

Also, local backups would have protected against this, as well. Not just O365 backups.

Obsolesce

@scottalanmiller said in O365 and backups:

@brrabill said in O365 and backups:

@nashbrydges said in O365 and backups:

May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.

Good example is the one @NashBrydges mentioned above...

"May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."

Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.

Even in that case, there is yet another layer of recovery via IMAPI magic they can have you do over the phone.

Inbox > Deleted folder > deleted folder recovery > IMAPI recovery

OneDrive has several layers, too (and SharePoint).

You would have to come across some employee who is very malicious and intentionally sabotaging important content, or have an account-level issue.

scottalanmiller

@obsolesce said in O365 and backups:

You would have to come across some employee who is very malicious and intentionally sabotaging important content, or have an account-level issue.

And something like Outlook PST or Thunderbird local cache would protect against the account issues.

I think you'd need sabotage AND an account issue to have things really fail that badly to actually lose the emails.

JaredBusch

@scottalanmiller said in O365 and backups:

@obsolesce said in O365 and backups:

You would have to come across some employee who is very malicious and intentionally sabotaging important content, or have an account-level issue.

And something like Outlook PST or Thunderbird local cache would protect against the account issues.

I think you'd need sabotage AND an account issue to have things really fail that badly to actually lose the emails.

Exactly.

I mean, I am definitely not saying that having an actual integrated backup is a bad thing. But it is a thing that needs properly analyzed.

DustinB3403

@jaredbusch said in O365 and backups:

@brrabill said in O365 and backups:

@scottalanmiller said in O365 and backups:

Keep in mind that for SMALL shops, things like Outlook or Thunderbird will prevent most disasters by keeping a close on a local device. Not going to protect against sabotage, but that's rarely what people are paying to protect against. It will protect you against account issues or whatever. And it is basically free and often done anyway.

It's a synced (assume you mean...) clone, though.

So if you delete it and don't realize it for 30 days, it's potentially gone.

You are not understanding. He is talking about Outlook keeping a local OST by default.

The downside there is Outlook also only keeps about 12 months on the OST by default.

But again it is a backup/copy/WTFever that is usually more than sufficient for a SMB.

Especially if you update the defualts to ensure the entire mailbox is kept offline locally.

OST are generally worthless, if you wanted a local copy you'd use a PST.

But in any case both options suck.