Amidst an alarming increase in ransomware attempts and data security breaches in the cloud worldwide, Obsidian Systems, a provider of open source software solutions, advises African companies to reassess their data protection strategies for the Microsoft Office 365.
Despite Microsoft's robust and secure infrastructure, companies should not ignore its key role in the shared responsibility model. Many companies, large and small, mistakenly assume that their data is fully protected by their cloud service provider. However, this misconception exposes them to considerable risk, especially with regard to data residing in production and sandbox environments.
“Data protection is an intrinsic responsibility of all companies,” says Muggie van Staden, Managing Director of Obsidian Systems. “This includes the data that goes in, lives and goes out of the system. Maintaining proactive, long-term protection for all of our IT environments is vital.”
Even apart from malicious users, there are many scenarios that can result in data loss. For example, accidental deletions, ransomware attacks, and delays in restoring data can have serious implications for organizational operations. Regulatory fines, encrypted and unusable data or potential interruptions in business continuity are some of the scenarios that companies may face.
To combat these risks, Obsidian advises enterprises to focus on four fundamental Microsoft 365 data protection needs: Data isolation, extended retention, flexible restore, and Service Level Agreement (SLA) compliance:
- data isolation: It is crucial to maintain separate backups outside of source environments. This best practice mitigates risks associated with data corruption and ransomware attacks.
- extended retention: Long-term data retention with no built-in limitations can protect against accidental deletions and ensure recoverability, even when data losses are not discovered until months later.
- flexible restoration: Fast and full fidelity data recovery options can keep activity interruptions to a minimum. Companies should not underestimate the potential time required to fully restore all site data and structures.
- Compliance with the SLA: Businesses need specific controls to meet Recovery Point Objective (RPO) and Recovery Time Objective (RTO) requirements. Meeting these standards is not just a matter of compliance; it's about ensuring business continuity.
“I can advise all companies to use multi-layered security, which encompasses measures such as virtual air-gaps of backup data, 256-bit AES encryption, early threat detection capabilities and zero-trust access controls,” says van Staden.
In today's digital landscape, African companies cannot afford to be complacent. Data protection is a vital component of risk management and should be a top priority in every company's strategic planning.
