Say you’ve taken the wise decision to have your corporate cloud data be backed up by the Keepit cloud solution: you’ve selected one of our many data centers, configured relevant connectors, and are now seeing how snapshots are blissfully parading into eternal archive as you log in to the Keepit web user interface. But perhaps you want a bit more assurance and perhaps you are not keen on logging into a separate web application several times a day to get that assurance.

Many of our customers have their own monitoring solutions and communication systems that they wish to enrich with information from their Keepit account. Luckily, we have a very elaborate API (Application Programming Interface) to allow for all sorts of queries on the state and history of your backups; while we do publish the full API documentation, some might find a small appetizer easier to comprehend.

If you’re already a Keepit customer and if you have an account and working connectors, then this blog post will guide you through creating a PowerShell API agent that prints the timestamp of the last completed backup on your screen. It is very simple: it will not integrate into any monitoring or alerting system, it will not print fancy messages in any messaging platforms, nor will it draw graphs on its own – but it is a small building block that you can extend and transform into whatever you might need.

Getting Access to the API

In order to make calls to the API, your script needs to have the proper credentials and those are obtained through the web user interface. So, log in with a user that has at least ‘Job Monitor’ privileges and create an API token by doing: Users -> Your user – Edit User (the grey cog wheel) -> Security -> Add API token. Give the token a name and decide when it should expire; the API token cannot outlive the user it is associated with. Click ‘Create’ – confirm your password and you will get an API token username and password. Those you need to store in a secure place.

You are now ready to make API calls. For this example, we will be using PowerShell, and the first API call to be made is the call to obtain your account GUID. Now, the account GUID is also available in the web user interface, but obtaining this via the API is a nice, small exercise to verify that the API token and your script is working. 

Launch your favorite text editor – it can be Notepad, Notepad++, VSCode, Vim, or whatever you fancy the most, create the file accountguid.ps1 and paste this code into it:

try {
        $username = '<API Token username>'
        $password = '<API Token password>'
        $basicauth = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes('${username}:${password}'))
        $headers = @{
            'User-Agent' = 'PowerShell-Keepit-API-Agent-1.0/jakob-dalsgaard'
            'Authorization' = 'Basic $basicauth'
        }
        
        $response = Invoke-WebRequest -UseBasicParsing `
          -Uri 'https://de-fr.keepit.com/users' `
          -Method:Get -Headers $headers -ErrorAction:Stop -TimeoutSec 10 
        
        $userlist = [xml]$response.Content
        $id = $userlist.user.id
        
        Write-Host $id
}
catch {
        $line = $_.InvocationInfo.ScriptLineNumber
        Write-Host 'Cannot query Keepit API due to: $_'
        Write-Host 'at line $line'
}

Make sure to get the backticks and single and double quotes correct – computers can be very pedantic. In this file, you need to put in the API Token username and API Token password where specified. On line 11, this example reads ‘de-fr.keepit.com’ – thus valid for a Keepit account on our German data center – please change this hostname to the hostname of the data center for your account (i.e., ‘dk-co’, ‘uk-ld’, ‘us-dc’, ‘ca-tr’ or ‘au-sy’). Then, in a command terminal, you execute the script by typing:

Powershell .\accountguid.ps1

Depending on your security setup, you might need to confirm that you really want to execute a script, but please do – and you should see the script print out your 20-character account GUID. This GUID can then be used, along with the API Token, to obtain the list of connectors available in your account.

Save the following code block as devices.ps1:

try {
        $username = '<API Token username>'
        $password = '<API Token password>'
        $userguid = '<Account GUID>'
        $basicauth = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes('${username}:${password}'))
        $headers = @{
            'User-Agent' = 'PowerShell-Keepit-API-Agent-1.0/jakob-dalsgaard'
            'Authorization' = 'Basic $basicauth'
        }
        
        $response = Invoke-WebRequest -UseBasicParsing `
          -Uri 'https://de-fr.keepit.com/users/${userguid}/devices' `
          -Method:Get -Headers $headers -ErrorAction:Stop -TimeoutSec 10 
        
        $devicelist = [xml]$response.Content
        foreach ($system in $devicelist.devices.cloud) {
                $name = $system.name
                $guid = $system.guid
                Write-Host 'Name: $name'
                Write-Host 'Guid: $guid'
                Write-Host
        }
}
catch {
        $line = $_.InvocationInfo.ScriptLineNumber
        Write-Host 'Cannot query Keepit API due to: $_'
        Write-Host 'at line $line'
}

Again, put in API Token username and password, the Account GUID, and correct the hostname. Then execute as:

Powershell .\devices.ps1

Your terminal will then be filled with a list of connector names and GUIDs, and among those you will have to select one that can be used in the final script that will be called latest.ps1– this script will print out the timestamp of the latest backup performed by one specific connector:

try {
        $username = '<API Token username>'
        $password = '<API Token password>'
        $userguid = '<Account GUID>'
        $connectorguid = '<Connector GUID>'
        $basicauth = [Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes('${username}:${password}'))
        $headers = @{
            'User-Agent' = 'PowerShell-Keepit-API-Agent-1.0/jakob-dalsgaard'
            'Authorization' = 'Basic $basicauth'
        }
        
        $response = Invoke-WebRequest -UseBasicParsing `
          -Uri 'https://de-fr2.keepit.com/users/${userguid}/devices/${connectorguid}/history/latest' `
          -Method:Get -Headers $headers -ErrorAction:Stop -TimeoutSec 10 
        
        $history = [xml]$response.Content
        $tstamp = $history.history.backup.tstamp
        if ($tstamp) {
            Write-Host $tstamp
        }
        else {
                Write-Host 'Backup not completed yet'
        }
        exit 0
}
catch {
        $line = $_.InvocationInfo.ScriptLineNumber
        Write-Host 'Cannot query Keepit API due to: $_'
        Write-Host 'at line $line'
        exit 1
}

Again, put in API Token username and password, account GUID, connector GUID, correct hostname, and then execute as:

Powershell .\latest.ps1

If your selected connector has completed a backup, you should now, in your terminal, see the timestamp of completion of the latest backup for this connector. It might look something like: 

2022-12-24T18:30:00Z

This would say that the latest backup completed on Dec 24, 2022, at 18:30 UTC. The timestamp is given in the ISO8601 format with the Z designator for UTC.

Further Integration

While such a neat PowerShell script is nice to have on the command line, it will bring much more value as part of a monitoring platform or other reoccurring automatic execution. For your business, it might make sense to execute this script once per hour and alert if no backup has been completed for 24 hours. You might want to explore our public API for more information and status.

Keepit is known for delivering a certain quality of User Experience (UX), which is reflected in customer feedback examples, such as: 

‘Keepit’s user-friendliness is a financial win-win’ and ‘I like to call Keepit a Steady Eddie. I know it’s working; I know it’s running, and I don’t have to sweat it.’.

Behind Keepit’s simple design and ease of use lies a deliberate approach, rooted in the idea that our whole system, from the deepest backend layers to the user interface, is built to support a solid User Experience.

However, in the software field, UX has been interpreted in various ways and caused confusion in how it differs from User Interface Design. So, what is UX to Keepit? And how does Keepit go about all this in practicality?

Foundation

UX goes beyond the immediate visual impression and beyond isolated interactions within the product. It is a silent ambassador that ensures a seamless experience throughout any touchpoint. A journey sprinkled with an undefined X factor that leaves our user with instant recognition without the need for explanation -a quality that flows through every vein of Keepit.

An experience starts before the product is even used by our customers. As Don Norman, the inventor of UX, puts it, ‘No product is an island […] It is a cohesive, integrated set of experiences […] Make them all work together seamlessly.’

Leveled circulation

On both conscious and unconscious levels, a human experience is perceived and processed as a sum of different events. The more you know about people, the better experience you will be able to design. To translate such a complex sum into a consistent Keepit experience, we use our Design System as a single documented source.

Here all Keepers will find Design Principles, components, guidelines, patterns, and themes. However, the UX circulates on more levels. To grasp this in a software context, mapping out different levels of the experience can help.

Interaction level

On this level, we work with both look and feel when interacting with the product, from visual design to Information Architecture to navigation. The focus is to design the experience of a certain interaction that a user has with Keepit to perform a task, such as restoring data in Keepit’s application.

However, a user interaction can also exist outside the product interface. One example is receiving support. Each of these interactions are single strokes of experiences that play a role in the relationship with our customer.

On the interaction level, our Design Principles, guidelines, and patterns play a central role. We operationalize this with a pyramid logic in layers, with a theme on the top level and dos and don’ts on the bottom level. Here is an example:

Design Principle: Keepit Sets Me Free

• What users should feel: In every interaction, I as a user should feel the freedom of being in control. This means being offered the most relevant choices at the right time. The choices should lower my cognitive load so that I feel enabled to effortlessly succeed at my tasks.
• Examples of what users should think: ‘I control the situation’ – ‘This is unbelievably easy’- ‘Keepit makes me better at my job’- ‘I get what I need when I need it’
• Examples of what users should see: Recognizable patterns – An easy first entry to the system – Understandable language
• What designers should do: Always give feedback – Build a strong visual hierarchy – Know and understand the user – Always remember what problem we are solving for the user
• What designers should not do: Don’t make the user wait, don’t speak in system language, don’t overload the user with information

Journey level

Zooming into the journey level, we recognize that putting UX first is not isolated in the product interaction itself. The key word here is ‘journey’. Mapping out journeys enables us to discover user needs and pain points, in the quest of providing seamless and consistent experiences across Keepit’s channels.

There are methods to identify key needs and transform them into design challenges. Apart from organized methods, such as usability tests, analytics, and organized customer interviews, there are also more organic user dialogues. From support, through live events, from sales, and so on. In all these touchpoints there are chances to identify key user needs and discover how the Keepit product can solve real user problems.

The key point here is to identify where the needs and pain points are rooted; define the root problem and translate this into design challenges. Further down the road, when ideating on design solutions, the user experience should be consistent in every chosen design solution. Again, this is where the User Experience pyramid, with its design principles at the top, plays its role as a foundation for the other experience levels.

A level connecting the dots

This means that UX is related to the spirit of Keepit, across the whole company. Throughout the different areas of expertise of Keepit, UX connects the dots and remembers to keep the users’ needs at the core of what we do: to deliver simple and safe backup solutions that can set our customers free from the worries of losing data. Keepit’s UX delivers this X factor in its tone of voice, the product’s look and feel, user touchpoints, and customer dialogues.

Keepit’s UX goal is to deliver a consistent heartbeat of look and feel throughout the user journey, anytime, anywhere – pumping it through Keepit’s veins.

UX metrics

As designers, we recognize the challenge in measuring UX, since we are dealing with human behavior and attitude. Here we use deliberate approaches such as confirmation bias. When working on improvements to Keepit’s UX, our main goal is to gather insight, combined with quantitative results.

We want to understand the context and situation that the user is in when encountering Keepit, as well as how this context affects the user.

We also want to know what works, what doesn’t, and why. These insights are gathered through activities such as user interviews and observations. The outcome should be an understanding of user values, supported by quantitative data on average numbers or rates. Additionally, usability metrics give value to the work of measuring. Our different approaches have the common mission of delivering an excellent User Experience, based on data-informed decisions.

Zendesk backs up your data for large-scale disaster recovery — a rare scenario — but it doesn’t provide granular restore of your data, nor does it protect against accidental deletion of or breaking changes to your automations.

How much the data is worth to you, and the depth of backup you are comfortable with, only you can decide. But since we’re talking about things like automations, macros, and triggers — workflow controls that your entire support organization relies on every day — you deserve to make that decision based on factual information.

If you work in IT: When something goes wrong, you may suddenly be asked to recover lost data with a quick RTO (recovery time objective). If you aren’t able to do that, it puts you in the unpleasant position of having to explain why not, not to mention the business impact of not being able to restore the data the business needs.

If you work in Support: An accidental delete or breaking change in your automations, triggers, macros, or views can tie up your support workflow, thereby risking the smooth functioning of your service organization.

How Zendesk backs up your data
Technically, Zendesk does have features to make your data in their system more available. But these are designed for a specific, very broad, purpose.

All Zendesk data is automatically backed up regularly. Not to protect your account data specifically, but the entire platform in case of a . So Zendesk can recover all accounts if there was, for example, a platform-wide hacker attack, but they don’t promise to recover information for your account specifically if an incident were to occur.

This may not seem like much of a problem; after all, Zendesk hasn’t publicly reported any large losses of customer data. But there are some significant potential problems that can still bite you despite Zendesk’s automated backups.

5 costly problems Zendesk won’t protect you from

1. Somebody accidentally breaks your workflow
Automations are one of the key reasons why companies love Zendesk. But what happens when you lose automations due to a simple mistake? A lot.

Take a look at a typical example of Zendesk automations:

• All billing-related tickets are automatically routed to the finance team.
• If a ticket is left untouched for more than four hours, it is automatically escalated.

Now imagine the havoc caused by losing any of these automations. If you didn’t have these automated processes to begin with, your support system would be far less effective. But if you do have them, your entire support system will suffer if you suddenly lose access to them. You would need to quickly recreate everything, get the processes up and running, and hope the customer forgives you.

In this scenario, if you have a third-party backup tool in place, your automated daily backups of your Zendesk automations mean you can simply restore to a time before the automation was deleted. Search for your automation in the system, and with a few clicks, your automation is restored.

2. You can’t restore data at a granular level
As I mentioned earlier, Zendesk has a disaster recovery feature they use in extreme cases. It is designed to recover huge amounts of data in bulk.

If a disaster happens and Zendesk performs a disaster recovery, you get your data back in a big downloadable blob of CSV or XML data. Recovering a single, important ticket or customer interaction would force you to look for a needle in a massive haystack.

On the other hand, if your data is backed up in a third-party system, you simply “Search.” “Preview,” and “Restore.” That’s it. You find the needle right there, within a minute.

3. You lose all deleted data after 40 days
When you delete an item in Zendesk, it goes in the recycle bin. But it only stays there for 40 days, then it is gone forever. It is very simple, yet far too few Zendesk users realize the finality of this functionality.

You delete so many things every day. Usually, you never think of them again, but every now and then, the wrong item is deleted. Or circumstances change, so you realize you need it back. But forget it — after that just-less-than-six-week window, it’s gone.

Not so with your data backed up with a third party. Everything is still there. You leave your options open.

4. When an employee leaves your company, all her data is automatically archived
Now and then, you probably see support agents leave the company. This is a normal part of the business. As a matter of fact, companies worldwide face a among their support agents.

When the agent is no longer an active user in Zendesk, what happens to all their views, tickets, and other data associated with their account? If you still need access to it, you have three options:

• Continue to pay the fees for the person’s license after they leave. But with a license cost of $49 to $215 per agent per month, that will be an expensive option with a 30% turnover.
• As a best practice, Zendesk recommends you reassign the tickets and downgrade the agent’s account and finally suspend the account. Please keep in mind that downgrading the agent’s account will automatically delete all macros and views permanently. Losing out on macros and views permanently could be a costly mistake.
• When you back up the data with a third-party backup service, you continue to have access to all data. Your data is backed up daily, so you can simply go back to any point and restore or preview any data.

5. Zendesk’s enhanced disaster recovery is expensive
Zendesk will sell you an system that includes multi-zone data replication and a host of other features that help protect your data in event of a disaster. Please note that it is available only in enterprise plans ($215 per agent per month). Even worse, it doesn’t even protect your automations, triggers, macros, and views.

With a third-party backup you can save a lot of money for your organization and benefit from a comprehensive backup starting at a few dollars per agent per month.

A 60-second summary, with the Keepit glasses on
As I mentioned at the start, you will have to assess your risk tolerance if you conclude that suddenly losing your Zendesk data would be too costly, whether, through human error or malicious intent, the time to act is now. There are third-party solutions out there, so you just need to find the right one.

is one of them, designed for fast, easy recovery. And for your convenience, here are five quick benefits:

1. Protect automations — automations, macros, and triggers are the lifeblood of Zendesk, and with Keepit, you can also protect these.
2. Retain unlimited data — all your data is saved in four copies across multiple data centers.
3. Keep backup costs down — With Keepit for Zendesk, you benefit from a comprehensive backup solution with unlimited hot storage and data archiving starting from $2.95 per agent per month.
4. Keep it simple — with an easy interface, anyone can recover data with no training needed.
5. Recover fast — get your data back in seconds. Search-Preview-Restore, using smart search and granular restore.

Many discussions about ransomware recovery focus on getting critical data back where it belongs. While this is absolutely necessary, it’s not always sufficient to allow full resumption of business-as-usual—the actual goal of disaster recovery.

In this session, we’ll discuss the key lessons we’ve learned as a SaaS data protection company about the holistic requirements for resuming normal operations after a large-scale attack or disaster, including restoration, remediation, retraining, and retrospection.

Backups are critical. We all know this is true—not just in an obvious “water is wet” way, but in a more serious “if you don’t drink enough water, you will die” way. At the same time, having a reliable backup system to capture your data and the ability to restore the right data in the right place at the right time is only part of what modern enterprises need.

Restoring data is not the same thing as recovering operations. Restoration is the first step along that path, but not the only one. You can sum this argument up with a single phrase: “restoring data is necessary but not sufficient by itself.”

Before you restore…
Re-read the first sentence above. Before we can proceed with talking about what else a full restoration will take besides just clicking the “restore” icon, I’m going to assume that you have a complete, valid, tested backup of your most important data. (And if you don’t, click to learn how Keepit can get you there!)

What you get when you restore
OK, now you’re all set, right? You’ve got a known-good backup, and you’ve tested your restore procedures. You’re comfortable with the software, you’ve ensured that everyone who needs to conduct restores has the correct permissions, and so on. If not, you probably at least know what areas of improvement you need to focus on (and quickly)!

The next step in the process is understanding exactly what you get when you execute a restore, assuming that it goes perfectly. This will obviously vary quite a bit depending on what you’re backing up in the first place. For example, there are certain Zendesk and Azure Active Directory objects that can be restored in place (that is, the restored object can overwrite the old one), but other objects will only be restored as new objects. Knowing exactly what a restore will give you, where it will go, and what, if any, manual steps might be required post-restore are all key parts of understanding the overall journey.

Now for the fun part
One crucial mistake we sometimes make when talking about restore planning is failing to think about, and plan for, what happens after the restore.

Resuming operations after a cyberattack involves many considerations that you may not have thought about during your restore planning, including the time required to install or reinstall patches and updates on users’ computers, the need to maintain an effective communications channel for your staff while your primary systems are being restored, and non-computer-related issues like making sure that you know where physical assets and people may have moved to during your outage.

There may be other unique considerations that apply to you, too. For example, in 2021, a large auto company suffered a cyberattack that prevented their dealers from ordering cars or parts—so once the company restored their systems, they had a lot of manual and unplanned work to clean up and reconcile their pending orders, update dealers with information on where their parts were, and so on.

None of that cleanup work could take place until the restore was complete and all the data they needed was present.

How to get started
The exact mechanics of how you go from “restore successful” to “we’re back in business” will vary according to many factors, including how large and/or complicated your organization is, how mature your operational processes are, how many additional regulatory requirements you have to deal with, and the nature of the problem from which you’re recovering.

There’s a huge continuum that covers the space from the simple (restoring a single critical file for one user) to the very complex (recovering operations after a large-scale disaster like a wildfire or hurricane).

Investigating, documenting, and practicing what your business needs to quickly get back to normal after the restore succeeds is perhaps the most important single thing you can do to protect your data and your business.

The Keepit Approach to the Five Quality Components of Usability One prominent aspect of Keepit’s cloud backup and recovery solution that customers rave about most is its simplicity and ease of use. Where other similar solutions often require weeks of training, the Keepit solution is plug and play, capable of being implemented and fully operational within minutes – and by everyone on the team. No extensive courses and diplomas are required. The intuitive ease with which Keepit locates and restores files also means our customers are actively incorporating it into their day-to-day internal support operations, rather than just using it for finding and recovering files that have simply gone astray. The ease of use comes from a dedicated design process, which puts usability up front and users in the driver’s seat. There are many different opinions on what the word usability means, so here at Keepit — as with many other things — we are inspired by what we observe in the workplace and then have our take on it that fits our product. The Keepit Design Hierarchy Creating and following a design hierarchy goes to the heart of how we build and continue to improve Keepit’s backup solution. For every design and feature we implement, Keepit follows a clear usability vision that strongly focuses on following a design code. The hierarchy in which we make design and usability decisions is built around Principles, Pillars, and Patterns. Starting with our Design Principles, everything we do is based on these principles: They are abstractions of how we design our products and help designers make the right decisions. Design Pillars are more focused on how we implement designs and how the user should experience the Keepit solution. Pillar example: “The right functionality, at the right time, to the right person.” This Pillar is used rigorously for each feature we create throughout the entire user flow. Is this the right functionality being presented to the user? Is this the right time to show this functionality? Will it work for the person who is going to use it? Finally, we have Patterns. Design Patterns are specific implementations of functionality. This could be how we implement breadcrumbs, how we handle truncation, checkboxes, dropdowns, and wizards, just to name a few. Defining Usability Usability is a quality attribute that assesses how easy user interfaces are to use. The word ‘usability’ also refers to methods for improving ease of use during the design process. The most popular definition of Usability has five components, as explained by the Learnability: How easy is it for users to accomplish basic tasks the first time they encounter the design? Efficiency: Once users have learned the design, how quickly can they perform tasks? Memorability: When users return to the design after a period of not using it, how easily can they re-establish proficiency? Errors: How many errors do users make, how severe are these errors, and how easily can they recover from the errors? Satisfaction: How enjoyable is it to use the design? There are many other important quality attributes, one of which is utility, which refers to the design’s functionality. In other words, does it do what users need? How Keepit Measures Usability Learnability in Keepit: Let us look at the first item: Learnability. The nature of a backup application is not something our users check in to merely to “get a dopamine kick” from watching cool facts about their running backups. Instead, backup is more “set it and forget it,” and usually, our users come to the platform for one of two reasons. One, is to make sure that everything is running as it should. Two, is to restore data that was lost. For many of our users, the fact that the application is so easy to learn and understand saves them much time, money, and the frustration of being unable to find the data that needs to be restored. Memorability in Keepit: Our approach is not just that things should be easy to learn but also that they must be easy to get back into after being away for a period of time. We do this with a consistent system: most things work in a predictable, similar way, following the same ideas. This increases the chance that something is memorable and easy to re-learn. There are, of course, many things we do to improve the memorability of Keepit, with consistency and recognizability of the applications they are backing up being just some of them. Efficiency in Keepit: All of this leads to Keepit’s Efficiency. We like to look at efficiency from the point of view that you should “take the time to look before you jump.” This means we do not consider “few clicks” a success criterion in itself, but rather, we consider “carefully placed” clicks as a step in the right direction – i.e., solving the problem with just the right number of clicks. Errors in Keepit: Naturally, we do everything within our power to ensure the number of mistakes made in relation to the task being solved is at a minimum and that a tight correlation exists between the number of errors the user is making and the solution’s efficiency. Every time the user makes an error, it sends them back into the flow, and they will have to redo actions, which again leads to an ineffective solution. Learnability and memorability directly impact the user’s errors, so everything is connected, as you can see. Satisfaction in Keepit: Finally, there is one more thing to address: satisfaction. Satisfaction is a tricky topic to discuss when talking about a solution that’s practical in nature and does not contain any real incentive to be a pleasurable experience. In the Keepit design, we have gone to great lengths to fight against the tendency of “functional design” that flourishes in the world of IT management tools. Instead, we have moved toward the concept of “emotional design” because IT administrators also deserve good tools. In functional design, where the idea that showing everything all at once means more control and empowered admins, Keepit believes showing the right thing, at the right time, to the right person offers the ultimate degree of control and empowerment. We also believe that creating a pleasurable and satisfying experience with administration tools like Keepit, where everything “just works,” frees up administrators to focus on other priorities. Final Thoughts Despite our mission to create the perfect solution that requires no previous knowledge to recover data, we are painfully aware that achieving perfect usability is a goal yet to be reached. But we strive every day to get there. That said, we recommend that our users regularly make sure they understand the flows and the emergency training so that in the case of an emergency, they know exactly what to do and when to do it, which we’ll save for a future blog post. At Keepit, we put a lot of effort into ensuring that the design leaves little room for mistakes and is easy to pick up again after a long vacation – even for an inexperienced administrator. Help The Keepit Design Team We are always looking for people who would like to provide feedback on our solution and help us create the best design in the world. Please if you are interested in becoming part of the user feedback forum.

While most cloud service providers, including Microsoft 365, offer some degree of data backup, you might be surprised how minimal it actually is. This brings us to the discussion of shared responsibility and why it can’t be ignored if you want complete data protection and backup.    Because Microsoft 365 is so commonplace in business, it’s easy to assume that so long as you stick we them, you have the basics covered. That, unfortunately, is not correct when it comes to cloud backup and recovery. Here are two hard truths you need to take into consideration when you plan your SaaS data protection:

1. Your cloud service providers are not responsible for the safe keeping of your data. 
2. You are responsible for keeping your data and metadata safe.

  In this blog post, you will learn: 

• What shared responsibility means.  
• What cloud services like Microsoft 365 currently offer to retrieve lost data. 
• How to make sure your cloud data is actually secure. 

What You Risk by Not Backing Up Your Cloud Data

Let’s start by looking at the exposure a company faces that does not participate in shared responsibility.    Depending on the nature of one’s business, several risk scenarios could arise if you rely solely on cloud service vendors for backup (and the vendors themselves recommend that you do not rely solely on their services):  

• You lose access to critical intellectual property documentation such as patents. 
• You may no longer be in compliance by losing access to certain required information. 
• The entire company loses access to emails and other collaboration tools such as  SharePoint and other apps, thereby preventing employees from doing anything. 
• Critical systems such as Salesforce, which are based on multiple automations that have been painstakingly built up over time, will need to be rebuilt. 

  When data loss happens to a large business it can result in thousands of unhappy employees and customers. For small to medium-sized businesses the consequences can be even more severe if they lack the IT resources and know-how to immediately address the problem.     The eventual outcomes range from customer inconvenience and disgruntled employees to severe legal problems and potential business catastrophe.  In other words, your business continuity is at stake.

Common Data Loss Threats  

Data loss threats don’t always originate from outside the organization, as demonstrated by a study conducted by the Enterprise Strategy Group (ESG) which showed that human error from within the organization is one of the single biggest contributors to data loss.    A breakdown of data loss causes is illustrated in the following graphic: If you lose data for any of these reasons, cloud vendors like Microsoft will not provide data backup because they adhere to the “shared responsibility” model that states it’s not their responsibility. More on that later. 

The “Backup Features” Currently Available in Microsoft 365 

In essence, cloud service customers have three functionalities that many think serve as backup of their data.  

Litigation Hold 

The purpose of litigation holds is to help if you are involved in a legal process and need to preserve information exactly as it is at a specific point in time. It is clearly not designed as a backup or recovery tool, because:  

• Retrieving just a single email requires going through 8-10 demanding steps. 
• Based on your licensing plan, your cost of storage may be significantly higher. 

Versioning 

Microsoft automatically saves versions of your documents at regular intervals, so you can just go back and open a previous version, right?     Technically yes, but:  

• You only get the random actual documents. What you don’t get is structure—nothing is where you left it, and there are no folders. So, at scale, this quickly becomes unmanageable. 
• If there is a ransomware attack, all versions may be encrypted. 
• There is zero protection against dangerous and potentially crippling ransomware. 

  Speaking of ransomware attacks, check out our popular Disaster Recovery Guide for a seven-step guide on how to keep your business running in a disaster situation. 

Recycle Bin 

Just like the bins around your office, the Microsoft recycle bins are emptied regularly. How frequently depends on the application. For example:    

• In Exchange: mail items disappear after 30 days, and calendar items after 20 days. 
• In Teams: channels, teams, and group items go away after 30 days. 
• In OneDrive and SharePoint, they’re removed every 93 days. 
• In SharePoint backup, items disappear after 14 days.  

  As useful and convenient as they are for users, these features can lull employees into a false sense of security because if the worst happens, they are not reliable.     Now that you know what’s at stake, let’s dive into the issue of shared responsibility. 

A Crash Course in Shared Responsibility

What is Shared Responsibility?

Although no official dictionary definition exists, in a nutshell, shared responsibility means you and each cloud vendor take shared ownership for accessing your data in the cloud.     Don’t be surprised to learn that Microsoft is not responsible for protecting your data. They are very clear on this issue. You can read a summary of their shared responsibility policy for Microsoft 365 in this short article, and here’s the bottom line (in Microsoft’s own words):    ‘You own your data and identities. You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control (which varies by service type)’.   Regardless of the type of deployment, the following responsibilities are always retained by you: 

• Data 
• Endpoints 
• Account 
• Access management 

  As you can see in the table below, the division of responsibility between you and Microsoft, depends on your hosting. (For the purpose of this blog post, pay attention to the SaaS column.)  Source: Microsoft 

  As you can see, Microsoft assumes some responsibility for its piece of the cloud service, but it’s up to the customer to protect the critical data that represents the lifeblood of its business.     Microsoft 365 does have some built-in features to retrieve deleted data such as versioning, litigation hold, and recycle bins, however, these also have limitations and are nowhere near viable alternatives to genuine backup. 

Who Uses the Shared Responsibility Model? 

Originally, AWS developed the concept, and today it’s used more or less identically by all cloud services. So, shared responsibility doesn’t just apply to specific vendors or types of services but to cloud computing in general.     If you want to dig deeper and explore how some of the main cloud service providers refer to shared responsibility, follow the links below to learn what each says on their respective websites.   

• Microsoft Azure 
• Google Cloud 
• Salesforce 
• Zendesk 
• Slack 

What Microsoft Recommends Instead: The 3-2-1 Backup Principle 

So, if Microsoft is not responsible for your cloud data, what steps do they recommend?    Simply put, they recommend keeping your eggs in different baskets. The most effective way to safeguard your data is to use the 3-2-1 backup principle, which goes like this:  Store your data separately from your day-to-day operations.     You must keep one copy of your data off site. Years ago, offsite storage was mainly to protect against fire and theft. Today, it’s more complicated than simply separating data geographically. And you can’t fully rely on cloud access, which could be taken offline to protect the providers’ own business interests.    If you want to learn more about what Microsoft recommends what to do if you experience a ransomware attack, you can find a good summary here.      Let’s move on to some actionable advice on what you can do next to bridge the huge security gap left by shared responsibility. 

How to Find a Backup Solution That Works 

If you decide to heed the advice of Microsoft, Google, and the other cloud service providers, and find a reliable third-party backup solution, here are some important considerations: 

1. Find out who is actually responsible for data loss in applications such as OneDrive, Groups and Teams, SharePoint, and Exchange within your organization. Is there a dedicated person or team, or is the responsibility spread across the organization? 
2. Make sure backup copies are stored outside of Microsoft 365’s domain. Always have offsite, immutable, backup copies that are stored separately from your primary data. Never store in the same logical infrastructure as your primary data. 
3. Look for comprehensive coverage for your SaaS data, in order to include as much data and metadata as possible in your backup. 
4. Look for fast and granular recovery so you can recover from a single item, all the way up to the tenant level to achieve precision recovery at scale.  
5. Look for a third-party tool that is compliant and offers long-term retention and a variety of security controls. 

How to Find the Right Microsoft 365 Backup Vendor

There are great solutions available, and like everything else, you need to find the one that best meets your needs. To help you in that regard, here are the most important considerations:    Microsoft 365 coverage 

• Does it support all of Microsoft 365, with all associated data types, such as Teams private chat, channel chat, versioning, and public folders, etc.? 

Data recovery 

• Can you restore all business-critical data in place? 
• Is all data restored in its original format? 
• Is all data restored — from a single item up to tenant level? 

Role-based access control and compliance 

• Can you configure backup admin permissions? 
• Is the audit log tamper-proof? 
• Can you limit access rights across specific data connectors? 

Data storage 

• Are data centers independent from the SaaS provider? 
• Are there options for data residency? 
• Are redundancies built in? 
• Can you store copies of your data in two separate data centers? 

Pricing 

• Is the license model clear and transparent? 
• Is data consumption included? 
• Are there any hidden costs (for example, for departed users)? 

Search capabilities 

• Can you search universally across all snapshots in a single view? 
• Can you preview documents live? 
• Can you control search and restore delegation? 
• Can you perform point-in-time navigation or restore? 

Simplicity 

• Can you easily manage and unify backup sets of cloud apps? 
• Can you share public links to end users, and download all the data types and levels? 
• Is the interface intuitive? 

Backup configuration 

• Is the backup deployment simple and configurable? 
• Can you scale across any size organization? 
• Are the retention policies flexible across the instance? 
• Can you segment Microsoft 365 data to meet business requirements? 

Security 

• Is the storage engine tamper-proof? 
• Are there SSO and MFA options? 
• Are the data centers ISO27001 certified? And what about the software development and operations organization?

Backup management  

• Is the solution 100% cloud-based with no maintenance required? 
• Are new users automatically added to the backup? 
• Can you automate notifications and backups? 
• Is there an open API allowing for third-party integration? 

 

In summary: 

We’ve covered the concept of shared responsibility, touched on what the cloud service providers cover, and where your responsibility lies. We’ve also shared some advice on what you should look for in a backup and recovery solution. I hope you come away from reading this blog post feeling better equipped to perform your cloud data risk assessments. If you have any questions, you are of course welcome to reach out.  

I promised myself I wouldn’t spend any time in this post talking about how the world has changed because of COVID or how people now want / expect / need to be able to do the critical parts of their job from wherever they are, not just from a corporate device on a managed corporate network. So, I won’t.

Instead, let me focus on one specific use case: backup and recovery of Office 365 data. Of course, that’s a huge part of what we do at Keepit, and our customers love it. So do analysts. We all know that disasters can strike at any time—ransomware, human errors, and technical failures can leave you in need of recovery at any time of the day or any day of the year. In the old-school world, starting a recovery meant “drive to the data center, put a tape in the tape library, and then run backup software.” With a cloud-native data protection solution like Keepit, there’s no more driving and no physical tapes, but you still have to start the restore.

That’s where our mobile app comes in! You can check the status of your backup and restore jobs and start recoveries from anywhere your mobile device can get a connection! Let’s take a look at how this works.

Checking Job Status

The Connectors page shows you what’s going on with the current set of supported connectors. Right now, the mobile app supports our Microsoft 365 and Google Workspace connectors, and we’re adding support for our other popular connectors. The connector status page shows you the current size and run state of your connectors. You can see in the example below that I have a current backup using the M365 connector and a separate OneDrive-only backup that just finished its first update.

Restoring Data

One of the unique ways Keepit makes your restores faster is by giving you multiple ways to restore data. You can restore data to its original location (“in-place restore,”) to an alternate location, or via a sharable URL. For the fastest possible restore, just create a shared restore link and send it to whoever needs instant access to the data. The recipient can use that link to browse the backup data you’ve chosen to give them and download only what they need, to whatever device or environment works best for them—without having to wait for you or Office 365 to complete the entire restore.

The Keepit mobile app supports both in-place and shared-URL restores. Tapping the connector lets you quickly create a link that points to the most recent snapshot, but if you want to browse the contents of the snapshot, you can do that too—tap the connector, choose “Open Connector,” and browse until you find the data you need. You can filter and sort the results to make it easier to quickly locate your data items. Once you’ve found what you’re looking for, you can restore it in-place or generate a link to send to the recipient for direct access.

The Future

We’re excited to be the first cloud SaaS data protection solution with a full-featured mobile app, and we have a lot of exciting things planned for the future. (Vic, let’s talk about what you’d like to publicly disclose here). We’re always looking for feedback from our customers, too—you can get the app from the Apple App Store or Google Play Store, and we’d love to hear what you think!

As organizations increasingly rely on SaaS solutions for business-critical applications, it’s becoming apparent that even the big providers eventually suffer outages. Recently, Microsoft customers suffered problems with Teams and Exchange Online. That follows an outage by Atlassian a couple months earlier. These SaaS apps are so ingrained in daily operations that they often contain the institutional knowledge critical to run the business. If you’ve ever experienced lack of access to files, messages, and other critical data, you probably are looking for a backup solution to ensure your business can keep running no matter what happens.

When evaluating a cloud backup provider, you’ll likely need to make a business case for the investment. Perhaps the solution’s features such as automated backup, high security, and an intuitive user experience look impressive, but how about the important question?

What’s the ROI? Can you provide a compelling business case to convince the stakeholders and leadership in your organization?

To understand the financial impact of backup and recovery solutions, let’s first evaluate the different costs involved.

What could be the financial impact of not backing up your cloud data?

1. Impacts of Cyberattacks

A study conducted by IT research firm ESG states that 79% of organizations had a ransomware attack within the past year. A devastating ransomware attack could leave employees unable to use core business applications for days, weeks, and even months at a time.

According to Forrester, a successful ransomware attack resulting in disruption to operations for an organization with 5,000 employees for five days would cost more than US$5 million. The same ESG study found that only 50% of the organizations were able to recover all their data in a clean and recent state.

According to Verizon’s Data Breach Investigations, large data breaches (with 100 million records or more) cost, an average of $5 million to $15.6 million and can top out at $200 million.

2. Accidental Deletions

According to ESG’s Tech Validation Report, accidental deletions result in data loss approximately 20% of the time. Verizon reports that 85% of breaches involve a human element. A single document sometimes is worth hundreds of dollars. A properly implemented cloud backup solution allows employees to restore critical data quickly and reliably, indirectly saving millions of dollars for the business.

3. SaaS Licensing Fees

Companies often must keep ex-employee user accounts active after their exit date to access user data which would otherwise be purged by the SaaS vendor. It is common for approximately 10% of employees to leave every year. This number can be much higher if organizations use a lot of temporary staff or contractors. The license fees to keep departed users active can be saved by using a cloud backup provider that retains your data for as long as you’re a customer.

4. Archiving Costs

Are you investing in data archiving repositories? Typically, organizations depend on separate archiving tools to help move inactive data into long-term storage systems. This helps optimize resources in the active system to help users quickly access data. By having a cloud backup provider – especially with unlimited storage & retention as Keepit offers – you can avoid investing in a separate archiving tool.

5. IT Administration Efficiencies

IT administrators typically spend a lot of time off-boarding employees and searching for documents that have been either intentionally or unintentionally deleted. If the time for off-boarding is reduced from an hour to a minute thanks to a backup solution, the net benefit would be thousands of dollars per year. Likewise, searching for hours to find deleted files is time-consuming and costly but with the right backup solution, IT admins can quickly search and find files in minutes.

A solid return on a critical investment

Keepit commissioned Forrester Consulting to conduct a total economic impact (TEI) study to evaluate the potential economic impact for businesses that utilize the company’s data protection services.

Based on interviews with five Keepit customers across a range of industries, Forrester generated a composite organization from which it produced a financial model that outlined three-year, risk-adjusted potential savings from utilizing Keepit. The TEI includes two categories of savings, quantifiable and unquantifiable. Forrester determined that in addition to unquantifiable savings like recovery from a ransomware attack, Keepit offers a 78% return on investment (ROI) and a net present value (NPV) of $225K. To see how a dedicated backup solution can pay for itself in just six months, download the full Forrester TEI study.

The frequency of ransomware attacks is increasing along with the costs to businesses. Having a plan to respond in the event of a ransomware attack is more important than ever. 

IT research firm ESG conducted a ransomware study surveying 600 enterprise IT and cybersecurity professionals across North America and Western Europe. Here’s what they found: 

• 79% of the organizations had a ransomware attack within the past year 
• Every sixth company gets attacked by a ransomware weekly 
• Every eighth company gets attacked by ransomware daily 

What’s the impact of a ransomware attack? 

When an organization suffers a ransomware attack, there are many negative consequences beyond the financial losses. According to the ESG study, victims of ransomware attacks suffered the following: 

• 40% of the organizations reported a financial loss 
• 50% reported data loss  
• 32% reported reputational damage 
• 39% reported a direct impact on employees, customers, and partners 
• 30% reported compliance exposure 

As an IT Manager or a cybersecurity leader, can you bear these consequences in the organization?  

What’s the best ransomware recovery strategy?

 

Given the high frequency of these attacks, you need a recovery strategy to mitigate damage to your organization. A successful recovery strategy can help you recover data quickly to minimize the impact on operations. 

ESG research recommends cloud backup as the best practice for cyber recovery. The survey also found that the best-prepared organizations are the ones that have a cloud backup solution. 

How Keepit can play a role in your ransomware recovery strategy

If your organization is ready to get serious about protecting SaaS data and is looking for a solution, ESG recommends that you take a good look at Keepit.

Kerry Dolan, Senior IT Validation Analyst, ESG

Keepit offers an extremely simple, secure SaaS data protection solution that uses a proprietary object store to keep data protected and tamper-proof in its independent, redundant global data centers. With automatic snapshots, no backup scheduling is required, and retention is easy to configure and manage according to your compliance requirements.

Each daily snapshot is permanently preserved so that victims of ransomware can simply roll back to a point in time before the attack and restore their data in place.

Bottom Line

With the high frequency of ransomware attacks, IT leaders should focus on protecting their organization’s mission-critical data and digital assets by preparing and practicing to recover it quickly and completely. ESG recommends cloud backup as the best practice for cyber recovery. Keepit helps you in the cloud backup strategy with a backup that is simple, secure, and fast.   

Keepit backup is: 

Cloud independent – With Keepit, data is stored in a vendor-neutral cloud instead of public platforms like AWS, making Keepit a true third-party backup. 

Immutable – preserves your data permanently, even for data types that the source SaaS applications do not protect. 

Innovative storage architecture – allows super-fast data restores and inspection while giving you predictable restore performance and a fixed storage cost. 

To learn more about how Keepit secures data, read our security guide. 

Many companies assume that if they pay for a backup security infrastructure, their business-critical data will be stored and secured on a separate cloud – but this is often not the case.  

Instead, most alternative cloud backup solutions store your backed-up data on the same public cloud infrastructure that hosts your primary data, which potentially exposes your company to several different risks. 

In their Cloud Computing study published in 2020, Foundry reported the top challenges associated with public clouds to be: 

• Lack of cloud security skills or expertise (30%) 
• Compliance and governance (30%) 
• Security challenge and data privacy issues (38%) 
• Controlling cloud costs (40%) 

By choosing to store your backup data in the public cloud, all of your data (including your only backup copy) is being managed under the same administrative infrastructure. And this is still the case if you choose a different data center for your backup that is separate from your primary data. 

The solution: A ‘true backup’ cloud independent of the public cloud

We believe that offering “true backup” means we can guarantee that your company’s backup data is not stored in the same logical infrastructure as your primary data – regardless of the SaaS application or workload needing protection. 

With Keepit, your company’s backup data is stored on an independent cloud infrastructure in two mirrored data centers in the data center region of your choice, ensuring data availability and sovereignty. 

Keepit is the only dedicated SaaS data protection cloud to date – running on autonomous regional data centers, operating on separate hardware, and managed by trusted employees independent of any public cloud.  

The benefits of building your own private backup cloud 

Having a dedicated private cloud is a fundamental requirement for any legitimate backup solution. Choosing Keepit as your reliable, vendor-neutral backup solution compared to other third-party providers comes with considerable benefits for customers:  

• Pandemic-proof: When the COVID-19 virus spread worldwide, the leading public cloud vendors could not handle customer workloads and pushed customers offline. Meanwhile, Keepit’s dedicated private cloud service continued business as usual. 
• Accessible 24/7: With a dedicated backup cloud, you never lose access to your company’s information or worry about duplication or compressed data. 
• Speedy: With Keepit, the licensing model is uncomplicated, allowing you to get up and running in no time. There are no API transaction fees, network fees, or storage consumption fees. Our intuitive and easy-to-use search tools make sure you can locate, preview, and restore data in seconds. 
• Cost effective:  The higher degree of control Keepit has over the supply chain means considerable cost-saving benefits and easily scalable options. As a Keepit customer, you don’t need to worry about storage consumption fees or hidden costs. Storage is included, and you can expect predictable and straightforward pricing. 
• Constantly evolving: Unlike other third-party security and backup providers, we retain the freedom to innovate and develop our cloud storage technology behind the scenes—something that would not be possible if we were using a public cloud.  

The final word: Keep your digital eggs in separate baskets 

In the realm of backup, “divide” and “separate” are positive terms, and adhering to the 3-2-1 principle is the most effective way to safeguard your data by having it stored separately from your day-to-day operations. 

The 3-2-1 principle of backup mandates that you must have one copy of your data off site. In the days of tape backup, where fire and theft were the only credible threats to your backup data, the off-site copy effectively ensured that your backup data would survive any calamity that could befall your primary data and your primary site.  

In the cloud age, however, backups have become much more complicated: geographic dispersal is insufficient to ensure your data is secure, and hidden risks are introduced by relying on clouds that may be taken offline to protect the providers’ primary business interests. 

You can read more about that in our Security Guide: Raising the Bar for Data Protection in the Cloud Era.