TMCnet Feature
October 13, 2020

Backup OneDrive for Business the Right Way

Access to files and data for your business is no doubt absolutely mission-critical.  Now that the majority of employees are working remotely, having access to important data is arguably even more import.  As businesses transitioned their work strategies to remote work layouts earlier this year, many decided to migrate data to the cloud for easier access. 

Microsoft 365 is an extremely popular platform for cloud Software-as-a-Service (SaaS (News - Alert)) applications including OneDrive for Business file storage.  Just like backing up critical files and data on-premises, it is extremely important to backup files that are housed in cloud environments like OneDrive for Business. 

There is certainly a right way to backup data and a wrong way.  Let’s take a look at how to backup OneDrive for Business the right way and see what steps are involved in making sure your data is protected.  But first, is there really a need to backup your OneDrive for Business data?

Do you need to backup OneDrive for Business?

Some may argue that backing up cloud SaaS environments like OneDrive is simply not needed since these environments are built on top of world class hyperscale data centers.  However, there are simple risks and dangers to your data that even hyperscale cloud data centers can’t totally protect you from.  What are these?

  • Ransomware
  • Your own employees


You would think that in 2020, years after the first ransomware attack took place and years after CryptoLocker and other variants appeared on the scene, we would have a solution for ransomware that makes our data bullet proof.  However, even now, ransomware is a tremendous threat, arguably more of a threat than ever before. 

Due to many attack vectors that can affect your data, ransomware can even encrypt your data that is locked in cloud storage environments like OneDrive for Business.  How is this possible?  There are many different threat vectors that allow ransomware to affect cloud data, but the following are the most likely:

  • Phishing emails
  • Risky applications
  • File synchronization

Phishing emails are still a heavily used tool of cybercriminals.  Phishing emails lure employees to open emails and attachments that masquerade as legitimate communications, only to deliver a payload of malware, including ransomware.  In the current situation where most employees are still working from home, phishing emails pose an even greater threat.  Why so?  There are many reasons for this.  However, it comes down to employees being more distracted at home, more apt to click on appealing topics such as “COVID-19” subjects, and a much more relaxed security atmosphere when working from home. 

Risky applications come in many shapes and sizes.  Employees can often find all-out malicious or risky applications right in the “marketplace” of cloud SaaS environments or even by way of browser plugins.  All it takes is for an employee to grant the permissions requested by a malicious application, and business-critical data can be put at risk.  By granting the OAuth permissions that are used by cloud environments to a malicious application, it can then encrypt, delete, or steal valuable data without any issue.

File synchronization is still a threat to cloud environments.  OneDrive is included as part of the Windows 10 operating system.  It is easy for an employee to configure synchronization between the on-premises OneDrive client and the OneDrive for Business account.  If ransomware infects the on-premises machine by way of a malicious download or web link, the encrypted files are then synchronized with the OneDrive for Business cloud storage.  This will overwrite good copies of business data with those that are encrypted.

Your own employees

It is difficult to think about but your own employees can put your business-critical data in OneDrive for Business at risk.  Employees can accidentally or intentionally delete data from cloud storage.  This can cause business-continuity disruptions that range from mild to catastrophic in just a matter of minutes. 

What about a rogue administrator or another user with high levels of access in the organization who deletes massive amounts of data for unscrupulous purposes?  This can be a disaster that unfolds quickly and suddenly and that has massive impacts on your business. 

Both ransomware and your own employees can cause data loss that is simply beyond the scope of the underlying protections in place with even hyperscale cloud infrastructure backing cloud SaaS environments like Microsoft (News - Alert) 365.  Even “versioning” and other mechanisms that cloud SaaS providers like Microsoft have put in place are not bullet proof and the protections they offer have limits. 

Is there a “right” way to protect your OneDrive for Business data?

There are certainly different schools of thought when it comes to data protection.  However, there are certainly best practices and “right” ways of ensuring your data is resilient to data loss.  Number 1 – backups of your cloud data including OneDrive for Business are absolutely needed, period.  At the end of the day, backup data is in itself, data as well.  There are points to consider to ensure that your backup data is safe as well. 

There is a best practice methodology known as the 3-2-1 backup best practice that sets forth certain best practices to help protect your data at all times with backups.  In addition, your backups themselves need to be protected from data loss as well and various catastrophic events that can potentially wipe out both production data and also backup data. 

In brief, the 3-2-1 backup best practice rules states the following:  You should have at least (3) copies of your data, stored on at least (2) different types of media, with (1) copy stored offsite.  Does this type of backup best practice really apply to cloud environments, especially when you are talking about cloud SaaS environments such as Microsoft 365?

Backup OneDrive for Business the Right Way

Following the 3-2-1 backup best practice methodology may not exactly align when looking at cloud SaaS environments. The principles of best practice backup design still apply when backing up your data such as OneDrive for Business the right way.  What are these?

  • Diversify your data
  • Store data on multiple types of media
  • Make sure your data is “offsite”

Diversify your data

You don’t want to have all your “eggs in one basket” so to speak when it comes to your data.  You want to make sure that you have multiple copies of your data that are stored in multiple locations.  When it comes to backing up data, you don’t want to store your backups in the same location or environment as your production data.  If these are stored in the same environment or if you lose your production data, you will most likely also lose your backup data.

When it comes to cloud data that is stored in OneDrive for Business, you want to make sure you don’t store your backups of OneDrive in the same cloud environment.  This is important as many commercial backup products will store the backups of your OneDrive in Microsoft’s cloud environment which is similar to putting your backups in the same environment as production.  Use a solution that allows storing the data in a different cloud environment, separate from Microsoft’s public cloud ecosystem.

Store data on multiple types of media 

This design principle comes from the on-premises world where it is best practice to have multiple types of media involved such as both hard disk and tape devices.  This helps to ensure that you will have at least one copy on a media type that will be available if the other type has been lost or corrupted. 

With cloud environments, there isn’t really different types of media, however, tying into the first point, storing the backups of OneDrive for Business outside of the Microsoft cloud in a different cloud environment can help to satisfy this design best practice for backing up your data to different cloud “media”.

Make sure your data is offsite

Here again, diversifying, storing your data on multiple types of media, and storing your data offsite are all related when it comes to cloud environments.  You want to store OneDrive for Business data outside of the Microsoft cloud environment.  With the many types of cloud storage across many hyperscale cloud service providers, there are certainly a number of options for storing your OneDrive for Business backups in a separate cloud environment.

The key here is using a OneDrive for Business backup solution that is able to offer the option to satisfy the requirements of storing your cloud backups outside of the cloud environment they are protecting. 

Choose the right OneDrive for Business backup solution

One of the most important considerations when you backup OneDrive for Business the right way is choosing the backup solution.  The capabilities of the cloud backup solution itself will determine your ability to follow best practices for backing up your OneDrive for Business environment.  As mentioned earlier, you want to pay close attention to the options the OneDrive for Business backup solution offers for protecting your data, such as where the data is stored.

SpinBackup is a OneDrive for Business backup solution that provides the tools and capabilities needed to backup OneDrive in the right way, and in a way that truly protects and diversifies your data.  SpinBackup is part of an end-to-end cloud backup and security suite called SpinOne that offers a holistic system to both protect and secure your data in cloud SaaS environments.

SpinBackup is a cloud-to-cloud backup solution that allows choosing from the widest range of cloud storage options of any other cloud-to-cloud backup solution on the market.  With SpinBackup, you can store backups of your OneDrive for Business environment in AWS, Google (News - Alert), Azure, or custom cloud environment and choose the particular region you want to store your data. 

Especially as organizations look at O365 backup and recovery, SpinBackup provides all the right features and capabilities for ensuring your data is safe.  These features include:

  • Backs up Outlook, OneDrive, Contacts, Calendars, and SharePoint
  • Automatic backups – 1x to 3x daily
  • Ability to choose the cloud storage environment (AWS, Google, Azure, or custom cloud)
  • Snapshot backup and version control
  • Data migration and local downloads
  • 100% SLA for data recovery
  • Incremental backups
  • Encrypted backups
  • Searchable backups
  • Advanced reporting
  • Meets various compliance regulations including SOC2, EU Privacy Shield, and GDPR

When you leverage SpinBackup in conjunction with the SpinOne solution, the full capabilities offered by SpinOne include a next-generation ransomware protection module that automatically blocks and remediates ransomware infections without any human interaction.  This helps to prevent the need of restoring large quantities of files due to a ransomware attack.   SpinOne’s ransomware protection solution is AI-driven and can effectively recognize ransomware behavior before it has a chance to spread across your environment. 

Be sure to check out SpinBackup and see how it can effectively backup your OneDrive for Business files and protect your business-critical data.

» More TMCnet Feature Articles


» More TMCnet Feature Articles