Why cloud backup?

Most people and companies would never take risks with data stored on premises.  Yet when it comes to cloud data, a ‘debate’ seems to have emerged as to whether one need even consider backup.

Although this article focuses on Microsoft Office365, a similar argument would also apply to any Software as a Service vendor – e.g. Dropbox or G-Suite.

In this article, we’ll clear up some of the misconceptions in this debate.  First off, isn’t the cloud itself a type of backup?

The cloud IS my backup

When I create or update a new Word document on my computer, it is automatically synchronised up to Office 365. That means I have a copy of my file in the cloud.  Backup done!  Right?

I then also synchronise (or ‘sync’) my phone, tablet, and laptop to my Office 365 account. Now I’m creating even more copies, so why would I need a backup system?

To see what is happening here, we need to understand two terms: synchronisation and replication.

Synchronisation keeps two or more copies of data in the same state.  It usually runs without user involvement as a background process on your devices.

Once synced to the cloud, Microsoft will also replicate your data.  Replication is part of the cloud infrastructure, and simply means that multiple copies are made of your data and stored in different locations. Users have no control over replication either.  

In the case of my Word file, the data is synchronised to the cloud, and it is replicated within Microsoft’s data centres for high availability, performance, and redundancy. The problem with synchronisation and replication is that they are wholly automated.  Any changes are continuously synchronised from my computer to the cloud.

It doesn’t matter whether the changes are intentional, accidental, or malicious.

So, what are the implications?

Common cause of data loss

Most people are fixated on data loss from the bad guys. It’s true that that is something to be aware of. However, 64% of data loss is down to simple user errori.

Data loss isn’t limited to data deletion.  It could also be the loss of an important macro, a complex Excel formula or accidentally scrambling the values in an important document table.

If I’m busily working on my file and autosave is on, within milliseconds my errors and accidents are already synced up to the cloud.  Result? I now just have several copies with the same errors.

Sure, I might be able to use ‘Undo’.  But what if I only realise the error a few days later?  Or my device chooses that inopportune moment to crash?

So, to be clear: the cloud isn’t a “backup”. 

But surely Microsoft themselves back up everything in the cloud?

Microsoft backs up everything, so I don’t have to!

This is partly true.

Microsoft does back up all Office 365 data every 12 hours.  And every backup is retained for 14 days.

However, they have designed this mechanism for disaster recovery, i.e. their disaster – not mine.  They would use these backups to restore their data centres in the event of catastrophe.

In theory I could use these backups if I had no other options. Basically, I would have to raise a support ticket with Microsoft. They will then restore the entire SharePoint site or OneDrive account from their backup.  When they do this, they will overwrite everything that is currently there – even the things I want to keep. 

Ironically, without additional steps, the restore itself could result in some data loss!

Ok, leaving aside Microsoft’s backup.  Surely, I can just get my data back from the Recycle Bin?

I can restore from the Recycle Bin

This is also partly true. Like the familiar Recycle Bin on Windows, Office 365 maintains a Recycle Bin in the cloud. If you realise that a file or Outlook item has been deleted, you can easily restore it from the Recycle Bin. 

Of course, this is no help in the case of corruption, ransomware, and accidental or malicious changes. The Recycle Bin protects only from deletions.  If my files were corrupted before they were deleted, I will simply restore corrupted files.

Recycle Bin does not help if I want to restore a file or folder to its state before I last saved it or prior to several changes – perhaps going back several months, or even longer.

Ultimately, all hope hinges on the supposition that since the original deletion, I or somebody else has not emptied the Recycle Bin!

And here’s the rub: an important difference from your familiar Windows Recycle Bin  is that the cloud-based Recycle Bin is time-limited.  This means it automatically empties itself of its old content.  

OneDrive comes with a 30-day Recycle Bin (93 days for SharePoint). Outlook will retain an entire deleted mailbox for 30 days, and individual items deleted within a mailbox for up to 30 days too. 

It might be worth considering also, that the average time to discover a data loss is about 140 days, and security breaches even longerii.  Well outside all the Recycle Bin time limits.

Therefore, you really shouldn’t rely on Recycle Bin as a backup strategy.

I can use file versioning

On Office 365 every time I save a file, a new version is created. Under normal circumstances I would only be interested in the latest version.  However, if I accidentally corrupt a file, I can go back to an earlier ‘clean’ version of my fileiii.

An important caveat is that some types of file cannot be versioned (e.g. some types of CAD files). Furthermore, versioning applies to files only – I cannot restore an entire folder to an earlier point in time.

And a word of warning: versions can themselves be deleted – and cleared out of the Recycle Bin!  This means that they offer limited protection from deliberate, concerted efforts to delete data.

So how should I back up my cloud data?

Hopefully now we’ve understood why cloud backup is a prudent protection against data loss. Microsoft even recommend that their customers make use of a third-party backup solution in their service agreementiv.

What should I consider when choosing a backup solution?

  1. Where is my data? Is it in the cloud? On premises?  Both?
  2. How is my data distributed? On staff computers, file servers, email servers, databases, multiple sites, multiple clouds?
  3. Do I need to back up system as well as operational data?
  4. Is any of my data already backed up?  Where are my vulnerabilities?
  5. Where and how are my current backups stored?

How do I evaluate the solutions? 

  1. Will the solution mitigate all my data vulnerabilities?  Do I need multiple solutions?
  2. How will it fit with my existing IT and backup infrastructure?
  3. How easy is it to install, configure and operate?
  4. Is the backup process and storage secure?
  5. How easy would it be to restore data?
  6. Will my internet connection be adequate for the volume of data transfer needed?
  7. Does the backup run on or to an independent datacentre or to a well-recognised cloud provider (e.g. Microsoft Azure, Google Cloud Platform, Amazon Web Services)?

As always in IT, context and the requirement guide the appropriate solution. The right backup solution could make the difference between a minor hassle and a major disaster.


i) The IT Compliance Policy Group: http://www.itpolicycompliance.com/

ii) Most companies take over six months to detect data breaches: https://www.zdnet.com/article/businesses-take-over-six-months-to-detect-data-breaches/

iii) Restore a previous version of a file stored in OneDrive: https://support.microsoft.com/en-us/office/restore-a-previous-version-of-a-file-stored-in-onedrive-159cad6d-d76e-4981-88ef-de6e96c93893

iv) Microsoft Service Agreement: https://www.microsoft.com/en-us/servicesagreement

Daishik Chauhan
Latest posts by Daishik Chauhan (see all)
The Business Bulletin

Don't miss out...

Enter your email address to ensure you receive the next edition of The Business Bulletin as it is published.

Daishik Chauhan

Daishik Chauhan is a full-stack contract software developer, software and IT consultant, and Microsoft Azure solutions architect. Through his company, Crucis Consulting Limited, Daishik specialises in technical and business analysis, delivery planning and coordination, and Microsoft database and software consultancy.