Microsoft’s Shared Responsibility Model and the Importance of Cloud Backup


The year 2021 will likely be looked upon as the year cloud computing became king. Digital transformation has been underway for years, but companies looking for ways to maintain productivity and operations when faced with a global pandemic kicked cloud adoption into overdrive.

When millions of employees were sent home to work, infrastructure-as-a-service, platform-as-a-service, and software-as-a-service solutions made the rapid transition possible.

Many companies are asking employees to keep working from home—at least part of the time—for the foreseeable future. Cloud services like Microsoft Office 365 enable employees to stay connected and collaborative, and other cloud services providers offer the peace of mind that comes with having secure backup and disaster recovery in the face of rising rates of ransomware and other cyberthreats.

Benefits and Risks of Moving Infrastructure and Business Applications to the Cloud

As with any technology, there are benefits and challenges to relying on the cloud for some or all of your critical business functions.

The top benefits include:

  • Scalability
  • Security
  • Automated updates and patches
  • Cost savings
  • Flexibility to work and collaborate from anywhere

The cloud is incredibly secure, but no technology is risk-free. The most common complaints about supporting a business operations via cloud are:

  • Preventing unauthorized access to data
  • Low visibility into business systems and loss of some control over data
  • The potential for compliance and legal issues

The Ins and Outs of Microsoft’s Shared Responsibility Model

As mentioned above, Microsoft Office 365 is one of the top cloud-driven solutions for business productivity and collaboration. Also mentioned above, you need additional cloud solutions to cover backups and disaster recovery.

The reason why you need both is because of Microsoft’s shared responsibility model. Picture this: You are juggling flaming torches while riding a unicycle in the snow. You slip and fall, break your arm, and singe your eyebrows. Is it the torch maker’s fault you got hurt? The unicycle manufacturer’s? Probably not.

Microsoft’s shared responsibility model works the same way. It essentially boils down to this: Microsoft is in charge of global infrastructure and ensuring Office 365 stays up and running reliably, whereas your organization is responsible for controlling access to your systems and protecting the data residing in Microsoft 365 applications.

So now you’re probably asking yourself, “But doesn’t Microsoft store my data so I can access it from anywhere at any time?”

And the short answer is, well, yes. And no.

The native Office 365 backup tools do store a copy of your OneDrive for Business, Exchange Online, and SharePoint Online files to the Microsoft server. However, those backups don’t fully protect you from data loss caused by human error, intentional deletion, external security threats, and programmatic issues.

It is critical to backup your files, applications, and data to a third-party solution because Microsoft 365 doesn’t provide essential safety nets such as long-term retention, point-in-time recovery, and compliance/litigation-friendly backups.

Why It Is Essential to Backup Your Microsoft 365 Data to the Cloud

So what does all of this actually mean in terms of real-world consequences?

First and foremost, without a comprehensive third-party backup and disaster recovery solution in place, one successful ransomware attack or ill-timed natural disaster could wipe out all of your Exchange Online, SharePoint Online, and OneDrive for Business data for good.

Ensuring your cloud backup solution includes point-in-time recovery means you can restore lost data from a point before your files were encrypted by ransomware, or an update when horribly wrong, or Jan from accounting accidentally wiped out all of last fiscal year’s P&L statements.

It is important to consider backup and disaster recovery from a practical as well as a legal and compliance perspective. Many industries are required to store, archive, and backup data according to strict regulations. Some also require companies to retain files and emails indefinitely after an employee separates from the organization.

Microsoft’s shared responsibility model puts that onus squarely on you, and relying on native Microsoft Office 365 backup can land your organization in serious legal and regulatory trouble.

How a Secure Cloud Backup Strategy Can Help

Implementing a solid cloud backup strategy for your Office 365 data is a smart business choice, not only today as we navigate a tumultuous business climate, but also for the long term.

Cloud backups make it easy to restore data from anywhere after a disaster, unplanned outage, or technology failure. And because the cloud lets you schedule frequent, complete backups, 0 percent data loss after an event is doable.

Cloud backups benefit your budget in several ways—for instance, you don’t have to store and maintain hardware—and you can scale storage up or down as your organization’s needs change.

Backing up your Office 365 data to the cloud helps protect your organization from ever-evolving cyberthreats, including new ransomware strains that specifically target backup files.

Office 365 is an essential tool for millions of organizations, and it does what it does very well. However, it is crucial to fully understand Microsoft’s shared responsibility model to avoid potentially devastating data loss.