Mid-sized businesses are the most vulnerable when it comes to quickly adopting cloud-first strategies including the Microsoft 365 cloud. Usually they do not have the finances to keep a full time business security IT employee, but they keep far more data, and therefore liability, than a small business typically would in an insecure cloud tenant.
Imagine a business with 50 employees. Due to the Co-Vid 19 pandemic, they need to set up a remote workforce. They assign the person – say, the operations manager - who knows the most about the business to handle the switch to remote. The manager is great at his/her job, but is not an expert in security or cloud technologies implementation.
He/she cherry-picks tools from the Microsoft tool chain, and utilizes them in the way that makes sense at the time.This is where a common mistake is made: Because the manager is not an expert in this arena, they’ll miss out on critical security controls or platform opportunities. When Microsoft hands over a tenant for new use, it’s insecure by design and can require some creative configuration.
This is intentional, as Microsoft 365 is a permissive model, not a restrictive model. Why is this design intentional? Simply, it allows the organization the freedom to work with it as they need to. Unfortunately for many businesses, this is also a liability as employees without IT expertise can easily set up something extremely insecure.
The Data Problem :
Another major mistake that the organization may make is this: They don’t back up their cloud data anywhere. They assumed that it is backed up – which it is. What they don’t realize is that it’s not within their power to restore.
Let’s imagine an important file is accidentally deleted by a new employee. No one can find it anywhere. Microsoft will not restore that file for you. Their backups of your info are saved for Microsoft’s continuity services, not for your organization. At best, Microsoft will advise you to create a backup strategy for your company.
(Not to mention, Microsoft has force majeure clauses. Anything out of their control is considered an act of God, for which they are not liable. Meaning, they are not liable for your lost data.)
This leads to the question, how does one make a business back up strategy? Have another company keep backups of your data elsewhere.
How does one do that?
You could hire an internal IT employee, but that is usually cost-prohibitive for mid-sized companies. Mid-sized companies require that same expertise, security, and backups, but at a reasonable cost. A managed service provider is usually the best option, as the expertise is provided, and the rate is fixed at predictable, monthly basis.
What's at stake?
Let’s look at the hidden cost of failing to adopt a cloud first strategy.Usually, if a company had an example like the above occur, they would take their first copy that they had prior to the data loss and restore that last copy.
What’s wrong with that, you wonder?
So much is lost, in terms of time, work, and money. All of the work that employees had done since that last copy was taken, is a wash. You are still paying Microsoft even though they are not able to restore your data for you. Any costs incurred during the adoption, like data conversion or migration, are also a wash. Case in point: if you paid an IT consultant to migrate your data after the last copy was taken, you are now out the cost of the migration as well. Not to mention legal fees and court fines for lost or exposed data. These costs add up quickly and have stifled or sunk many growing businesses.
Businesses always save money in the long run by simply hiring an MSP, who has the expertise to help you secure, deploy, configure, and back up these technologies.