The Office 365 Shared Responsibility Model

Every day, millions of companies use Microsoft Office. These companies process and store vast volumes of business and personal data in the cloud. However, Microsoft Office 365 users have a false sense of security. This is due to their belief that their data is always accessible and safe. The truth is, Microsoft's shared responsibility does not imply any backup and recovery options in case of an unforeseen accident or situation where data is lost.

When it comes to user's data, Microsoft uses the shared responsibility model to divide the responsibilities of keeping the safety and security of Microsoft Office 365 between the company and its users.

Now, the question that must be on your mind is what exactly is Microsoft responsible for under its shared responsibility and what is left up to the user?

What is the “Shared Responsibility Model?”
Before cloud backup and other backup tools, organizations were responsible for their own IT infrastructures. What this simply means is that these organizations were responsible for the security of the data centre, and the data within the data centre.

Companies like Amazon AWS and Microsoft Azure began offering cloud-based data storage, and organizations began to move their data storage to those cloud-based services. As a result, they handed over some of the management responsibilities to the cloud service providers.

The shared responsibility model defines the division of responsibilities for the safety and security of data stored in the cloud between the user and the cloud service provider to ensure accountability for the data.

Microsoft's Shared Responsibility Model: Microsoft's Role
The Microsoft Office 365 shared responsibility model states that the company is responsible for the smooth operation, maintenance of the infrastructure and Microsoft Office 365 applications. These responsibilities are:

User Access Control: Microsoft provides security services such as identity protection and multifaceted authentication to ensure that access is only allowed to users with the proper credentials.

Physical Server Protection: Microsoft protects the user's data in its data centres from temporary outrages, natural disasters, unauthorized physical access, or software failures.

System Maintenance: Microsoft guarantees users that the cloud-based applications are available and operate smoothly.

Data replication for redundancy: Microsoft assures the user that if files are mistakenly deleted or damaged, the primary workload is instantly failed over to a duplicate without disruptions for the user.

Hosting Infrastructure: Microsoft's service also includes securing, management, and configuration of the compute and storage services.

Looking at the roles listed above, you can see that none of them covers the safety of user's data. Users usually confuse replication with data protection, but they are not the same thing. Replication cannot replace backups. The role of “replication” is to create duplicates of unintentionally deleted files across every copy.

The User's Role
While it is true that one of Microsoft's roles does not cover the safety of users data, the company still executes some basic security features against ransomware attacks and cyber threats that can compromise customer's information. Nevertheless, users are responsible for the control, management, protection, and access to online data that rests within the Microsoft Office 365 infrastructure.

Security level threats such as financial costs, operational disruptions, and financial costs are solely the user's responsibility.

Now that you understand what the Office 365 shared responsibility is, and that Microsoft is not responsible for the protection of users data, you can check some top backup and recovery solutions for your data on Microsoft office 365.