Why Your Emails Are Not Automatically Secure in the Cloud

Use of the cloud is now standard practice in many companies, and this is hardly surprising given the benefits (scalability, low investment costs, etc.).

The major public cloud providers, in particular, have become an indispensable part of the IT landscapes of many small and mid-sized businesses. With Exchange Online for email communications, the Redmond-based behemoth has successfully expanded the already impressive reach of its Exchange Server in the Microsoft 365 package. And the latest global hack of on-premises Exchange Servers has only added impetus to the grand migration to the cloud (and, thus, often to Microsoft 365). Microsoft has competition in the shape of Google G Suite Google Workspace, a productivity suite favored by an increasing number of companies.

Data in the Cloud are not Automatically Secure

The fire at the data center of cloud provider OVHcloud in Strasbourg this March was heavily covered in the IT media. Data belonging to many customers were irretrievably lost. But what is the link between this event and the services offered by Microsoft and Google?

The principle is the same – as a customer, you are responsible for safeguarding your data against loss. What is known as the Shared Responsibility Model is now a feature of the terms and conditions of most cloud providers. So, archiving emails and backing up data and even applications are usually your responsibility. Many companies are unaware of this fact, while some even choose to ignore it. A total loss, as was the case with the fire at OVHcloud, can have dramatic consequences. Besides the enormous loss of knowledge stored in the emails – much of which had probably been accumulated over many years – there can be legal consequences as well, not to mention the potential impact on staff productivity (lost emails, email servers unavailable, etc.).

Put another way: relatively abstract concepts such as Business Continuity (BC) take on a whole new meaning in cases like these. In a worst-case scenario, your company may need to suspend operations altogether; in many cases, it won’t even be clear when business can be resumed. Systems will need to be completely reconfigured and many data assets may not be recoverable at all.

When it comes to business emails, you should consider the following three points, in particular:

  1. Take responsibility for your own data
    In most cases (depending on the terms of your service or contract), it’s your responsibility – not the cloud provider’s – to back up and archive your data. What’s more, as the user of the cloud service, you are also responsible as far as the relevant data privacy laws are concerned.
  2. Protect yourself against data loss
    Put together a disaster recovery plan for your critical data and applications. Emails should always be archived – not just for compliance reasons. A reliable archiving and backup strategy is the cornerstone of any IT business continuity plan.
  3. Preserve your independence
    These days, the cloud is an indispensable part of the IT strategy of most companies. But don’t become dependent on a single provider. Incidentally, a cloud provider will often point out that it is the customer who is responsible for backing up “own data”. Your data is your capital!

For organizations who use Microsoft 365 or are considering migrating their on-premises Exchange Server to the cloud and Microsoft 365, the market researchers Osterman Research Inc. have put together a white paper explaining how small and mid-sized businesses can adequately protect their business email communications. The white paper examines which features your company needs, and in what scenarios your business might be better served by a third-party solution such as MailStore Server rather than the native archiving options available in Microsoft 365.

Let's talk

If you want to get a free consultation without any obligations, fill in the form below and we'll get in touch with you.