O365 and backups
-
@scottalanmiller said in O365 and backups:
@brrabill said in O365 and backups:
@nashbrydges said in O365 and backups:
May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.
Good example is the one @NashBrydges mentioned above...
"May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."
Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.
I think it's important to preface many of your comments with "IMO" to properly qualify them. You don't know anything about the circumstances as to why the backup was required and assume that "You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days". There were many failures in these examples I talked about, most of those in the process for how they handle terminations/departures, but none of these failures eliminate the fact that the backup was both useful and avoided legal complications. In each case, it wasn't "...just political positioning". It doesn't address the root cause, but it sure as hell got them out of potential hot water so if you ask my clients, they wholeheartedly agree that it was beneficial. Sometimes we can't force our clients to fix their broken processes, but when we highlight the risks and propose solutions, a good backup is sometimes a very valid solutions.
The one thing that I'll agree with is that Office 365 backup SHOULD be evaluated against the client's needs and when it fits, set it up.
-
@nashbrydges said in O365 and backups:
@scottalanmiller said in O365 and backups:
@brrabill said in O365 and backups:
@nashbrydges said in O365 and backups:
May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.
Good example is the one @NashBrydges mentioned above...
"May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."
Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.
I think it's important to preface many of your comments with "IMO" to properly qualify them. You don't know anything about the circumstances as to why the backup was required and assume that "You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days". There were many failures in these examples I talked about, most of those in the process for how they handle terminations/departures, but none of these failures eliminate the fact that the backup was both useful and avoided legal complications. In each case, it wasn't "...just political positioning". It doesn't address the root cause, but it sure as hell got them out of potential hot water so if you ask my clients, they wholeheartedly agree that it was beneficial. Sometimes we can't force our clients to fix their broken processes, but when we highlight the risks and propose solutions, a good backup is sometimes a very valid solutions.
The one thing that I'll agree with is that Office 365 backup SHOULD be evaluated against the client's needs and when it fits, set it up.
If you need backups for legal reasons, then that's something that they should know long before someone departs, not after. Evaluating the need for backups doesn't change the need for policies and procedures.
Do your clients agree that the backups are beneficial when doing a valuation of risk, or only in cases where something bad has happened and they "got lucky" that they paid for backups? You have to do it from a non-emotional stance of "what are the risks" and "how much do they cost to mitigate". Definitely anyone who ends up in a disaster is thankful that they had backups, but that doesn't mean that backups were the right choice to have been made. It's like driving without a seatbelt and not getting in an accident, except reverse. But it's still using the outcome of chance to look back at a risk evaluation and determining based on something that isn't a factor, if a decision was good or bad.
-
@nashbrydges said in O365 and backups:
I think it's important to preface many of your comments with "IMO" to properly qualify them.
All comments, by all people, in all cases, IMO, are IMO implied. We speak in our own voice, all of us. No one actually speaks for the laws of the universe or the industry or whatever the alternative to our own opinions would be. While sometimes nice to preface with, under no conditions should it really be necessary.
-
@scottalanmiller said in O365 and backups:
@nashbrydges said in O365 and backups:
@scottalanmiller said in O365 and backups:
@brrabill said in O365 and backups:
@nashbrydges said in O365 and backups:
May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless.
Good example is the one @NashBrydges mentioned above...
"May be true for most cases but can't discount human stupidity or maliciousness lol. Had 3 instances where critical emails were deleted and needed to be recovered. One of those was a departing employee who deleted everything in their inbox and cleared their deleted folder. It wasn't until a month afterward that this was discovered. He thought he was doing the company a favour by clearing out the space. It wasn't malicious but definitely clueless."
Yeah, but that's RIDICULOUS. You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days. It's just political positioning. It's not an actual problem.
I think it's important to preface many of your comments with "IMO" to properly qualify them. You don't know anything about the circumstances as to why the backup was required and assume that "You can't tell me that the email was ACTUALLY useful AND wasn't noticed for over 30 days". There were many failures in these examples I talked about, most of those in the process for how they handle terminations/departures, but none of these failures eliminate the fact that the backup was both useful and avoided legal complications. In each case, it wasn't "...just political positioning". It doesn't address the root cause, but it sure as hell got them out of potential hot water so if you ask my clients, they wholeheartedly agree that it was beneficial. Sometimes we can't force our clients to fix their broken processes, but when we highlight the risks and propose solutions, a good backup is sometimes a very valid solutions.
The one thing that I'll agree with is that Office 365 backup SHOULD be evaluated against the client's needs and when it fits, set it up.
If you need backups for legal reasons, then that's something that they should know long before someone departs, not after. Evaluating the need for backups doesn't change the need for policies and procedures.
Do your clients agree that the backups are beneficial when doing a valuation of risk, or only in cases where something bad has happened and they "got lucky" that they paid for backups? You have to do it from a non-emotional stance of "what are the risks" and "how much do they cost to mitigate". Definitely anyone who ends up in a disaster is thankful that they had backups, but that doesn't mean that backups were the right choice to have been made. It's like driving without a seatbelt and not getting in an accident, except reverse. But it's still using the outcome of chance to look back at a risk evaluation and determining based on something that isn't a factor, if a decision was good or bad.
Every client gets the option of backups up front and I suspect like most who support clients, some want it and some don't. As it so happens, these specific clients all wanted backups when presented as an option so in this particular case, they were thankful they were in place.
-
I've said it before, and I'll say it again.
Shit happens. Mistakes happens. People make mistakes.
Maybe in your world you can say...
"Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"
But not everyone can.
-
@brrabill said in O365 and backups:
"Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"
But not everyone can.That's the thing, is you can get it back. And it really depends on the issue.
MS Account issue = .OST still exists, last 12 months of data (by default) is still there.
Deleted account = Do what I do, create a policy to back up O365 accounts to .PST before deleting and pulling license.
Deleted mail = So many levels to get it back without backup.
Small possibility of a malicious user deleting emails at all possible recovery levels... delete, deleted folder delete, IMAPI skills to 3rd tier delete = wtf does that? Buy O365 backup for "malicious suspects", or just for users who for some reason keep such important LoB data in email.
-
@brrabill said in O365 and backups:
I've said it before, and I'll say it again.
Shit happens. Mistakes happens. People make mistakes.
Maybe in your world you can say...
"Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"
But not everyone can.
Yes, everyone can. If you can't, you have to recognize that you work for the dumbest idiot out there. ALL IT has times when things are gone. All of it, no matter what. Period. No ifs, ands, or butts. It comes down to business decisions around how much risk you take versus how much you pay to mitigate it. That's all. Risk is always there. So if you feel you can't say that "sorry, it's gone", then that's just another way of saying that you can't do that job. Since you are doing that job, it's your job to sometimes say that - that's what working in ANY field, means.
None of the things you are saying actually reflect on the reality of the discussion. None of us are saying to go without protection. None of us are saying to not evaluate protection.
What you are saying is that where you work, there is no business or rationality, just a crazy person who demands the impossible. And your response to that is a checkbox for a buzzword. Neither his position, nor your response, make sense. How will you ensure that your backups never fail, and are available forever? You can't, so you can't meet the assumed expectation.
So given that all of that was nonsense, we are back to the fundamental "it rarely makes sense and you need to evaluate business needs and it's an extreme case where an actual issue would come up - a case so rare, that losing backups is probably more likely."
-
@obsolesce said in O365 and backups:
@brrabill said in O365 and backups:
"Sorry, boss, I can't get that file for you. But boss, it's just political positioning. It's not an actual problem!"
But not everyone can.That's the thing, is you can get it back. And it really depends on the issue.
MS Account issue = .OST still exists, last 12 months of data (by default) is still there.
Deleted account = Do what I do, create a policy to back up O365 accounts to .PST before deleting and pulling license.
Deleted mail = So many levels to get it back without backup.
Small possibility of a malicious user deleting emails at all possible recovery levels... delete, deleted folder delete, IMAPI skills to 3rd tier delete = wtf does that? Buy O365 backup for "malicious suspects", or just for users who for some reason keep such important LoB data in email.
And more importantly, anyone with that level of access will certainly be given access to delete the backups, too. Or to have stopped them. So the real questions start to be... what are the backups actually protecting against? They do add protection, no question. But how much? That's what has to be answered.
-
I think that the problem is that there is this emotional reaction to the magic work "backup". And people are used to being given a free pass to simply say "backups are mandatory" without evaluating because the chances that you don't need a backup is so small, that no one really wastes time double checking it. That's fine, but...
This is a case where two or three backups already exist. This is about tertiary or smaller tail backups.
If you didn't have "backups" and you lost data, and the boss said "didn't we have backups?", you'd say "yes, lots of them, they all failed." If you DID have these backups, they might also fail, and you'd be in the same boat.
-
None of that is to say that someone doesn't really need the backups, some people really do. But... in @BRRABill's case, he's giving bad reasons for why he might need them, and not giving the legitimate reasons. That means that the conclusion was reached through an invalid path, if there were real reasons for needing the backups, the emotional ones would not make sense to state. That doesn't mean that the answer is wrong, it means that we don't have a way to tell if it is right.
But shops that legitimately need tertiary and other extreme backups are almost always shops that really know how to evaluate that, too. That the needs are not stated has multiple mathematical reasons for making it the least likely, rather than the most likely, type of scenario to need that level of backup.
It's like going into a car dealership and claiming you need a racecar, but when asked why or how fast it needs to go and you have no idea, that tends to suggest you have less need of one than even normal drivers, let alone actual race car drivers.
-
@scottalanmiller said in O365 and backups:
It's like going into a car dealership and claiming you need a racecar, but when asked why or how fast it needs to go and you have no idea, that tends to suggest you have less need of one than even normal drivers, let alone actual race car drivers.
/me goes back and deletes all those pictures of driving to and from St Louis that include his speed..