Secure Collaboration Requires Modern Data Protection

Thomas Sander

By Thomas Sandner, Senior Technical Director Sales at Veeam Germany and Dmitri Zaroubine, Presales Manager for Latam at Veeam Software.

Thanks to collaboration tools such as Microsoft 365, many organizations have been able to quickly and easily offer the ability to work from home to cope with the crisis. However, decentralized working requires a corresponding data backup strategy, which cannot be neglected.

Shared file editing, easy access to content and networking of employees via a central platform (such as Microsoft 365) made it possible for small and medium-sized companies as well as corporations to react quickly to lock-in measures and offer remote working to their own employees. However, these software-as-a-service (SaaS) solutions require a strategy on the part of the respective IT departments that must also include security, backup and data management.

Security Responsibility

A common misconception in connection with SaaS solutions is that the responsibility for protecting and securing data is assumed by the respective product manufacturer. In fact, the opposite applies: vendors, such as Microsoft, offer their products only in connection with a «shared responsibility» model, as far as security is concerned. Hyperscalers only guarantee the protection of the infrastructure itself. This means that the provider is only liable in certain cases, such as a failure in a data center. In this case, the provider must ensure the continuous supply of the software by replicating the data center. The company’s own IT department is responsible for the actual data, configuration and communication that is actually stored in the company via the SaaS solution. It is therefore necessary to devise a strategy precisely for this data and to design and implement a modern data protection infrastructure and reliable data management.

Backup strategies for SaaS solutions

In general, there are two strategies on how backups and data storage can be handled in collaboration tools: Snapshot copy-based storage and object-level storage.

  • Storage based on snapshot copies:

As the name implies, «snapshots» are storages of system backups that occur at specific times and cycles, each determined by the responsible IT departments. Each of these snapshots has a complete copy of all objects added to a backup job, and this copy is not modified by retention over time. This type of retention should be chosen if the company owners plan to create the exact copy of all data stored in Microsoft 365 and then manage it as a single, unmodified entity.

  • Object-level storage:

With object-based storage, all items are kept in the system as long as they are actively used. The IT department sets a reference value for this, for example seven days. If an item reaches this time value without having been modified in between, it is either removed from the backup or archived; again, the decision rests with the IT department. This type of retention is appropriate if the company owners plan to replicate not only the data within the SaaS, but also its retention rules. Typically, this storage strategy is used to comply with regulatory requirements that mandate the deletion of all data beyond a certain age, or it can simply help reduce the storage space needed for a full backup.

Both strategies have different merits and should be chosen based on the specific application.

The most important rule for backups

In addition to specific strategies for backing up collaboration tools, there is also a general rule that must be followed for all copies: the 3-2-1 rule. It means that there should be at least three copies of the data on at least two different media. In addition, one of them should always be stored off-site. With the increasing number of ransomware attacks and the ever-increasing amount of data that companies need to keep their operations running, it is time to add two steps to this rule and create the updated 3-2-1-1-1-0 rule.

First of all, at least one of the copies must be immutable. The background to this is the increasing number of ransomware attacks around the world. These have specifically set out to also encrypt backups and restore data to increase the victims’ distress and get them to pay the ransom. Secondly, no errors during the recovery process should be allowed to occur, because only then can the backup serve its purpose and downtime will be minimized.

How can it be done? An immutable copy can be generated in Linux as an operating system, for example, using «immutable flags», i.e. file system attributes. This defines it as read-only for a certain period of time. This creates additional protection against illegal access, such as through a ransomware attack. Another requirement, that no errors are allowed during recovery, is as obvious as it is alarming in terms of reality: A global data protection survey conducted by Veeam earlier this year showed that around 58% of the restores performed by the companies surveyed failed. However, a failed restore is just as good protection against data loss as no backups at all. That’s why you should regularly check at least one of your backups and test your recovery to rule out errors in case of an emergency. Both processes can be performed, and a specialized backup solution provider can also offer them as a service.

Secure collaboration through data protection

Collaboration tools have become an important component of today’s workday. They facilitate many tasks and enable employees to implement remote work with greater ease. However, companies need modern data protection and well-planned data management to ensure that these tools do not become a gateway for attacks. Therefore, only those who approach their own data with the necessary prudence and a management strategy will be able to reap the full benefits of digital collaboration.