The short answer is yes, and the long answer is more complicated.
In particular we are talking about OneDrive and SharePoint. Both products have built-in versioning, which in my experience works well. So if your files are all encrypted but OneDrive keeps old versions of your documents, why would I need a third-party backup?
There are two main issues:
Firstly, while the versioning restore works very well when restoring a single file or folder, but not so much for restoring 10’s or 100’s of thousands of files. In fact it’s difficult to actually work out how to do this and (from experience) it doesn’t work very well. The last time I had to attempt this process for a client I ended up having to manually recover the files and the process was a nightmare.
Secondly, not all ransomware attacks (or other reasons to restore) are immediately discovered. If the issue that creates the need to perform a restore isn’t discovered for weeks or even months, the recovery process will be far worse, if not impossible.
But I hear you say, won’t OneDrive alert and query me if I have a lot of files encrypted? Sometimes. And only if it passes certain thresholds. And only if you haven’t got annoyed with these messages and turned off that option.
And that’s only if you’re using your computer and the ransomware attack is automated.
If there is a RAT (Remote Access Terminal) type attack on your system, the Black-Hats will disable all these warnings and remove all copies of your data from the 365 servers as well as on your computer. Remember if you can access your data and old versions, so can the Black-Hats and then they can (and will) remove or encrypt all versions.
Let’s have a closer look at the built-in Microsoft options to protect our SharePoint data:
Versioning is the first step when it comes to preventing data loss in SharePoint. New versions of files are automatically created when a file is modified or re-uploaded. This allows you to go back to an older version of the file at any time you want.
SharePoint Recycle Bins
SharePoint comes with two recycle bins. When a file is deleted in SharePoint or OneDrive, it goes to the (first-stage) recycle bin. It’s kept for 93 days total in the recycle bin unless it is manually deleted from the recycle bin.
Files that are deleted from the first-stage Recycle Bin are moved to the second-stage recycle bin. Only site administrators have access to the second stage, preventing users from accidentally emptying the second stage as well.
Files are kept for the remaining 93 days in the second-stage Recycle Bin. So, all files are always retained 93 days in total from the moment that they are deleted.
Retention policies are designed to determine which data can be deleted and when. Policy rules allow you to target specific content based on conditions such as keywords and determine how long you want to preserve that data.
The biggest advantage of retention policies is that they create an immutable copy of the data when an item is created or modified (a copy of the file that cannot be changed). This allows you to always be able to restore the original version of the file.
Retention policies can even be configured in such a way that once they are turned on, they can’t be changed or turned off anymore.
Keep in mind though that retained data counts towards your SharePoint storage quota.
Microsoft Support – restore request.
Microsoft does perform backups of your data. They create a backup every 12 hours and keep it for 14 days. In this way, in case of data loss, the global administrator can contact Microsoft with a restore request.
But there is one major catch here: you can’t request an individual file or folder restore. Microsoft only restores the complete site collection to its original location.
Why shouldn’t you rely on the built-in SharePoint backup options?
The built-in Microsoft options might at first glance appear to be sufficient to recover from any issue, but in my opinion, they are not.
The biggest problem with the built-in solutions is the ease of restoring data.
Recycle bins are fine when you need to restore a couple of files. But have you ever tried restoring a complete document library because someone forgot to turn off synchronization before deleting the synced files?
You can’t simply select a folder or document library in the recycle bin. The only option is to select all files per page and restore them. Or you might have to use a PowerShell script to select the correct files from the recycle bin and then restore them.
And what are your options after 93 days? As I mentioned before, it’s not guaranteed that lost or damaged data will be noticed within this timespan.
You could create a retention policy and preserve all data forever. This approach will cost you some SharePoint storage, but that isn’t really the issue. Again, it’s ease-of-use.
Have you ever tried restoring data with content search or eDiscovery?
You will need to collect all the data based on date, location, or keywords, then export it, and then import it manually back to SharePoint.
I can tell you from experience that the built-in Microsoft options are not convenient or easy to use if you need to recover more than a handful of files.
CyberX Backup System
So is the CyberX backup system compatible with Office 365?
The good news is that it is, and with minimal additional work to implement. We can even support Mac users who are using Office 365.
Note, that the above comments regarding SharePoint, also apply to other Cloud file-sharing / collaboration solutions (like Dropbox); so unless you have a ransomware secure backup system (such as the CyberX Backup System) you are at risk of losing your valuable business data if something “major” goes wrong.