In a previous piece, we focused on how to rapidly implement Microsoft Teams in order to get your employees safely working from home. This is an excellent start, but you're not out of the woods yet.
With your employees now working from home, what you're likely to find is that employees are doing work on their personal machines (as opposed to laptops issued by the company). This means that they may be saving work on their hard drives, as opposed to OneDrive.
In other words, your workforce may be creating and storing mission-critical IP in areas that are beyond the reach of your traditional backup and recovery solutions. In order to build long-term resiliency for your business, you need to build a disaster recovery plan that extends to your remote employees.
OneDrive is Not a Disaster Recovery Solution (On its Own)
With OneDrive, you have a document sharing and storage solution that is baked into every version of Microsoft Office. OneDrive is cloud-based, so it's immune to occasional hard-drive failures, and it's hard to get wrong -- Office will prompt you to save files there automatically. Tempting as it may be to default to OneDrive as a backup tool, there are several reasons not to.
- If an attacker steals credentials for OneDrive itself, it becomes possible for them to permanently delete or corrupt your data. Although OneDrive contains robust ransomware protections, credential theft is still a possibility.
- Employees will often save works in progress on their local drives before uploading finished work to OneDrive. If their hard drive fails or is compromised by malware, then many works in progress could be permanently deleted.
- OneDrive doesn't image the whole hard drive, and it may not automatically integrate with development tools, accounting software, CAD tools, and other productivity tools that aren't based around Office.
It’s possible to expand OneDrive so it backs up entire files and folders – not just files from specific applications. This is very useful – and it can solve the issue raised in our second bullet – but there are still some limitations. Outlook can’t back up Outlook database files, for example, and it can’t backup OneNote files unless they’re stored in OneDrive already. Lastly, OneDrive won’t back up files that have unusually long filenames.
Basically, OneDrive functions as a useful backup tool under most normal workplace conditions, but a true disaster – hard drive failure, malware attack, hardware theft, credential theft, etc. – could result in permanent loss of data or an expensive drip to the data forensics people. If you want to prepare for a real disaster, you must abide by different rules.
OneDrive, Azure and the 3-2-1 Rule
You may have already heard this one before -- keep three copies of your data, using two different types of media, and keep one copy offsite. The 3-2-1 rule is a simple rubric for disaster recovery. It's also the minimum -- you're allowed and encouraged to do more than the rule suggests.
For our purposes, OneDrive counts as an offsite copy of your data, but as we've mentioned, the copy may not be complete. You might want to copy images of your employee's hard drives to physical media that you control, or you may want to make additional backups elsewhere in the cloud.
Using Azure Backup, you can augment OneDrive with a more complete backup and recovery system that's subject to – and in fact better than – the 3-2-1 rule. In addition, it’s easy to extend Azure Back up to your remote employees by installing the Azure Backup MARS agent on their Windows machines. This will back up your employees’ entire hard drives up to three times a day – and you can store many copies of these backups anywhere you need to.
By default, Azure Storage stores at least three copies of your data within the same Azure region using a features known as locally redundant storage. This is an exceedingly low-cost option that provides eleven nines of reliability. Now you have three copies of your data plus OneDrive.
You also want at least two different storage types. This will usually mean storing your backups on a physical disk that you control, but it could also mean storing your data on two different kinds of cloud. Azure offers Cool Blob Storage with a Read-Access Geo-Redundant Storage (RA-GRS) feature. This is low-cost storage (only one cent per gigabyte) for highly-compressed data that you don’t need to access very often – only in case of emergencies, for example. With the RA-GRS feature, your data is stored in a separate geographic location and will fail over if your primary location experiences a catastrophe.
Future-Proof Your Business Continuity Plans with KiZAN
One lesson of backup and disaster recovery is that being prepared means being flexible. When lockdown lifts, your strategy may change again. No matter how your situation changes, KiZAN can help you build a business continuity plan that gives you maximum protection, helping your recovery from disasters no matter what.
For more information, schedule a Disaster Recovery Strategy session.