Data handling is an organization-wide responsibility.
Think of a simple everyday task you perform like creating an outline for an upcoming leadership briefing or building out a contract proposal budget in an Excel spreadsheet. How many times do you save your file as you’re working on it? As you click “save,” do you think back to a time when you lost an important document because your computer crashed?
Whether you’re the individual who compulsively saves a document multiple times or an IT person who’s responsible for copious amounts of data, your backup efforts are motivated by the fear of losing pertinent information.
That fear is the number one reason software-as-a-service administrators backup their Microsoft 365 data. According to a survey of more than 1,500 IT administrators across 14 countries, the 2021 Veeam Cloud Protection Trends report found that 58% of respondents identified accidental data deletion as the number one reason they backup.
In a close second, 57% of respondents said they back-up data as preparation against cybersecurity attacks. In 2020, the FBI’s Internet Crime Complaint Center, or IC3, received 791,790 internet crime complaints in 2020, including phishing, personal data breach, hacktivism, identity theft, extortion, denial of service/TDoS and government impersonation.
But despite the abundance of cyber threats reported, accidental deletion remains IT professionals' primary reason for backup and the federal government is not an exception.
Currently, thousands of state and local governments as well as more than 600 federal agencies are using Microsoft 365. This accounts for hundreds of thousands, if not millions, of federal government employees. These individuals—from public affairs specialists to IT services managers—are using collaborative technologies more frequently than ever before while increasing data storage on their cloud capabilities.
Right now, companies most frequently store data using a hybrid model, relying on both physical and cloud-based servers. According to GovWin, the federal agency demand for cloud computing goods and services will grow by 9.6% by 2024.
As the federal demand for cloud-based capabilities grows, how can government agencies incorporate cloud technology, ease concerns about accidental data deletion and be considerate of cybersecurity?
Federal government agencies all need a back-up plan (no pun intended) that addresses potential data loss, focused on both human error and the environment in which data is stored.
Human error is inevitable—as imperfect beings, we will accidentally delete or misplace our work on our individual devices and on our shared spaces. Minimizing the impact of these errors starts with educating employees on their role, and creating and executing a workplace data loss prevention policy.
One major issue is employee understanding of their role in data deletion. For example, many IT professionals assume that because Office 365 is natively resilient, it doesn’t need to be backed up. Employees may assume that work in the cloud is automatically safe. IT leaders and non-technical team members alike should have a basic understanding of what’s backed up and what best practices are required to ensure user error doesn’t result in critical information loss. While the data in Office 365 has powerful replication built in to ensure no data loss based upon the platform, that doesn’t automatically extend to user data, and the protection offered by central administration of legacy Exchange servers isn’t in place for Office 365 without utilizing third-party software and best practices in ensuring protection against data loss.
Data handling is an organization-wide responsibility. Think about the “who, what and how” of data storage within your organization. Be mindful that not all data or access to it is equal so it is important to ensure policies consider access levels based on the differing workforce needs. This is increasingly important with the rise of remote work across the government.
Let’s not forget security as a top priority, especially in agencies with sensitive work products. Agency IT leaders need to effectively talk about security by defining common cyber-attack types, like phishing campaigns, and giving visual examples. They should collaborate with the operations security team to provide training when necessary and prioritize security for workforce and storage environments.
This brings up the second major consideration for protecting against accidental data deletion: storage infrastructure and backup approaches. Backups are a crucial part of data loss prevention; backing up our data ensures it’s not lost forever. They provide both an additional copy and multiple versions of an application, file system or other resource. This requires an enterprise view of all data, irrespective of where it's located, and policies and supporting capabilities that can implement enterprise protection and policies across the heterogenous environments operating on and off premises.
The best way to safeguard these secondary sources is by maintaining multiple copies of all materials, storing them on more than one type of media and keeping one copy stored outside of the primary data center. This is where the hybrid model shines, cloud and physical backups should be included in the plan.
Finally, data protection systems also need to be secure. A federal solution needs to undergo rigorous testing like architectural analysis, vulnerability scanning, penetration testing and source code analysis. Cloud-based, physical or hybrid capabilities should all have added security protocols and be able to adhere to compliance reviews and federal certifications.
All of this is achievable. In fact, this combined approach which is considerate of the workforce policy and tools to support it will help lessen the impact of data loss.
Mike Miller is the vice president of federal at Veeam.