Bar Hori, Regional Sales Executive at Commvault for Africa.

Office 365 (O365) is one of the most widely used tools for productivity and collaboration and is an increasingly popular option for businesses of all sizes in Kenya. Software as a Service (SaaS) solutions like O365 offer businesses many benefits, including cost effectiveness, flexibility and consumption on demand, as well as increased availability.

However, availability of data does not guarantee that it is secure and protected from harm, particularly in light of the growing threat of ransomware. Data protection remains the responsibility of the owner of the data, and mitigating the risk of cyberthreats is essential.

A growing threat

Ransomware has run rampant since the beginning of the pandemic as the landscape has shifted in favour of cybercriminals, with many people working from home, and without the tight security protocols of the traditional office environment. The Interpol African Cyberthreat Assessment Report highlighted 72 million threat detections in Kenya over the course of 2021. Security firm Kaspersky reported 32.8 million attacks in the country in the first half of 2021 alone, and the threat continues to grow.

While cloud data may appear to be safe, because it is always available, the reality is that it is exposed to the same risks as data on premises, and this includes ransomware. If a ransomware attack is successful and a machine is infected, the entire cloud database could potentially be infected, in the same way as a physical server. There is also the risk of accidental deletion or malicious and intentional removal of files, which are not the responsibility of the cloud provider. SaaS solutions and the cloud may have many benefits, but the risk of, and responsibility for, data do not go away.

The concept of shared responsibility

Microsoft operates what they call a Shared Responsibility model, which very clearly states that “for all cloud deployment types… you are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control.” This means that it is critical for organisations of all sizes to ensure that they have effective O365 data backup in place. Without this, a ransomware attack would leave businesses with few options other than to pay up or lose valuable data.

In addition to ransomware, the risk of service disruption in cloud services remains a possibility. Issues such as power outages can cause problems with data transfer into the cloud, and businesses have a responsibility to ensure the validity and safety of their data. Backup as a Service (BaaS) offers ease of use and fast time to market without the need to procure additional hardware and can give businesses peace of mind that their data is protected in case of any data loss event, from ransomware, to accidental loss, or even malicious deletion.

Manage your data for maximum business benefit

Lack of data management has repercussions beyond the inability to recover from ransomware and data loss events, as it can also cause compliance challenges. When it comes to accidental or purposeful deletion, there is limited ability to recover files natively within O365, but if the deletion is not discovered in time or someone is trying to cover their tracks, then data management solutions become essential. Without the ability to provide a clear audit trail for eDiscovery, businesses may find themselves in trouble.

The reality is that regardless of where data is located, whether on prem or in the cloud, the risks and responsibilities remain the same. Protecting data quickly and securely via BaaS gives peace of mind that the most valuable asset of your business is safe from harm, with affordable enterprise-grade protection and no hidden costs involved, at the click of a button.