Cohesity recently hosted the Tech Field Day group at our corporate offices for Cloud Field Day 5. The Tech Field Day team brought some of their top analysts to review and provide feedback around many of our offerings. During this Tech Field Day event I presented on:
- SaaS data protection responsibility
- Office 365 (O365) Exchange Online features for data retention
- How Cohesity can help backup your Exchange Online Data.
From there we dove into some questions, and then wrapped things up with a demo of our offering which can be found here.
Help me understand – with SaaS – who is responsible for what?
When you break down the data responsibility, it’s important to understand that your data is still your data even when it is in the cloud. As the SaaS customer, your data is vulnerable to the same risks it was on-premises that you worked very hard to ensure was recoverable from any situation. Don’t treat the cloud any differently.
- SaaS Customer Data Risks and Data Responsibility
- Protection from user error or accidental deletions
- Guard against insider threats
- Attempt to detect and prevent security vulnerabilities – ransomware, phishing and viruses
- Develop user application usage policy – do’s and don’ts that can impact the integrity of your data
- SaaS Provider Responsibility
- High Availability of the infrastructure
- Infrastructure Failure
- Application Failure
- Disaster prevention/remediation
When you review this list, it becomes evident that data protection is important at many levels, but ultimately it becomes a shared responsibility. Your SaaS provider will likely cover the high availability component, but your data is your data to protect from varying levels of data threats.
Data Retention Options for Exchange Online
Shifting gears now to the SaaS application O365 Exchange Online. Some may argue that there are options to store and retain your data for O365, and they would be correct. These options do not come without limited flexibility and complexity. Let me explain.
- Limited Flexibility
- Deleted Accounts/Mailboxes – By default, without any additional configuration a deleted account with a mailbox or a deleted mailbox will only remain around for 30 days. Beyond that timeframe the data is not recoverable.
- Deleted Item Recovery/Retention – Similar to a second stage recycle bin, the default for this capability is set to 14 days, and cannot exceed 30 days if changed by the administrator. Most organizations in their on-premises environments have typically relied on this method as a form of granular recovery for individual mail messages. When on-premises, most organizations required anywhere from 45-90 days of data recovery. The max 30-day recovery option is limiting for enterprises on O365.
- Complexity
- Litigation Hold – Any/all mailboxes can be placed on retention hold for compliance purposes. Notice the keyword compliance. The intended use of this data is for the ability to search for data and export it to a pst file for legal situations. The discovery process of this historical data can take time to extract and would not help an enterprise get their data back quickly should this become required.
- Retention Policy – Email items in a mailbox or an entire mailbox can be preserved through retention policy. The complexity comes in during the recovery process. Data must be searched through the eDiscovery console, and then the data can be exported to a pst file, then manually imported into a mailbox. This process is slow and is the equivalent of about 10 steps to complete the process. That may be ok for your enterprise’s smaller searches. However, if something major happened to your data, the recovery time could become lengthy and unknown depending on the number of mailboxes and the amount of data.
How can Cohesity Help?
When using Cohesity to backup your Exchange online data it is possible to back up your mailboxes into Azure Blob Storage or to an on-premises Cohesity. This allows flexibility where the data is kept, but also provides greater control into your Recovery Time Objectives (RTOs). Figure 1 below demonstrates this option visually.
Figure 1
Other benefits of Cohesity include fast backups for 10,000 + users, global search and recovery for mailboxes or individual items, deduplication & compression, and an overall simple backup and recovery process. We also have a tip sheet that highlights our value as well.
Great questions from the Cloud Field Day delegates and the answers
- Question 1 > If you run Dataprotect in the cloud do you need on-premises Cohesity too?
Answer 1 > No - Question 2 > Your on-premises licensing model is storage consumption-based licensing. Does that change if you choose to backup your data in Cohesity Cloud Edition? If no, are you paying for the cloud Blob storage?
Answer 2 > Yes, Cohesity Cloud Edition also has storage consumption-based licensing. As for the Blob storage, yes, Azure resources are separate, page blog, and are a separate cost. Keep in mind that with Cloud Edition you can scale up/scale down your storage consumption. Only paying for what you consume. - Question 3 > Can you take advantage of storage tiering?
Answer 3 > Yes, hot and cold. However, we do not recommend archive though unless it’s for long-term retention, because it can be slower. - Question 4 > Does Cohesity offer backup for other Office 365 services besides backup of Exchange Online?
Answer 4 > Backup for OneDrive was just released, and other O365 applications are road mapped and will be coming soon. - Question 5 > Can I use Cohesity to back up to my O365 data to AWS?
Answer 5 > Yes, we can, but often for customers they have an Azure EA and choose to leave their O365 backups in Azure. Also, from a performance perspective, it may not be a good idea to cross clouds. - Question 6 > If I chose to backup my O365 data to AWS, where would the backup occur to?
Answer 6 > Cohesity Cloud Edition requires compute and storage. On the storage side we use EBS volumes (SD1 and GP2 volume types). The data can tier to other native cloud lifecycle policies to de-stage data. - Question 7 > When registering multiple O365 subscriptions where is the data backup to?
Answer 7 > The data is backed up to the location where Cohesity is installed. This could be on-premises, Azure, AWS, or GCP. - Question 8 > Can you put an approval workflow on a recovery of the data?
Answer 8 > Not natively but it can integrate with Service Now. We do audit that data, and you can also see when data was recovered in the audit logs. - Question 9 > What specific benefits does Cohesity have over a SaaS only offering?
Answer 9 > We offer more than just O365 data protection, and our pricing is storage consumption based. We also deduplicate and compress everything to save on storage costs. - Question 10 > Do you have any APIs that can be leveraged with Cohesity?
Answer 10 > Yes, we have the REST, Powershell, and Ansible APIs. Anything you can achieve through the GUI can be achieved via API.
Wrapping things up!
Protecting your corporate data from the unforeseen is your responsibility. Choosing the right solution will ensure success for any recovery situation.