Key Takeaways: 2024 DCIG Report ‘Microsoft 365’s New Best Friend: AI-infused Data Protection Software’

Data security has transitioned from a “nice to have” to arguably one of the top business priorities of our time. High-profile ransomware attacks and data breaches devastate business operations, cost significant sums in ransoms and fines, and lead to lost customer confidence, from which companies may never recover. Rather than solving the data security issue, cloud SaaS has led to more challenges.

Securing SaaS environments like Microsoft 365 is critical to businesses’ modern data protection strategy. The insights provided by the recent DCIG report covering Microsoft 365 data protection indicate that AI-infused technologies help organizations meet the challenges of securing Microsoft 365 and are crucial to success moving forward with the evolving threat landscape.

The ransomware threat is escalating

The rise of ransomware could be described as nothing less than meteoric. Moreover, it does not discriminate as it threatens businesses large and small. In the DCIG report, a Verizon study found ransomware prevalent across all business sectors, including education, finance, food services, government, healthcare, and others, with over 16,000 incidents and over 5,000 breaches in 2023 alone. 

Even though the number of ransomware attacks has remained about the same from 2022 through the end of 2023, business email compromise has doubled over that same time. Microsoft 365 holds around 30% of the global office productivity software market (including email) and 44% of the US market share in services like OneDrive, Outlook, SharePoint, and Teams. It places these SaaS services squarely in focus for attackers looking to compromise critical data.

Microsoft data protection and shared responsibility.

Microsoft has significantly invested in security services and features available on the Microsoft 365 platform. For example, customers automatically benefit from the built-in physical security of Microsoft Azure data centers where M365 is housed.

In addition, Microsoft offers many security tools under the Microsoft 365 Defender umbrella to help organizations identify and remediate threats. They have also introduced a forthcoming solution called Microsoft 365 Backup. It is currently still under preview and will provide a level of data protection for customers in M365.

However, the solution highlights an inherent flaw with most built-in backup solutions provided by SaaS vendors. They are not comprehensive or lack features. It means businesses must lean on third-party backup solutions for much more comprehensive solutions that can provide a deeper and more robust data protection solution.

Shared responsibility

Despite the new Microsoft 365 Backup solution, its stance regarding the shared responsibility model has not changed. Like most SaaS providers, Microsoft operates under a shared responsibility model where Microsoft assumes no responsibility for the data stored in M365. 

Instead, businesses are always responsible for their data, and Microsoft recommends that companies back up their data regularly. The shared responsibility model states that Microsoft is not responsible for outages, disruptions, or data loss due to a cloud failure.

You can read Microsoft’s stance on the shared responsibility model here: Shared responsibility in the cloud – Microsoft Azure | Microsoft Learn.

Factors in choosing a data protection solution for M365

Strategic considerations also come into play when adopting third-party data protection solutions for Microsoft 365. The DCIG report highlights two main factors that businesses should consider when selecting a data protection solution for Microsoft 365:

1. Microsoft 365 Services used: The Microsoft 365 services can significantly impact which backup solution organizations choose. Different companies may utilize different Microsoft 365 services, such as Exchange, OneDrive, SharePoint, and Teams. They must understand the specific data protection requirements for each service used. This assessment helps select a solution that provides comprehensive protection tailored to the services they rely on most heavily.
2. Level of protection offered: Each third-party data protection solution has different features and capabilities. Businesses must evaluate how well a data protection solution protects data stored within Microsoft 365 in terms of backup and recovery and how well it protects against potential threats like ransomware. Modern SaaS data protection solutions must offer high-quality backup and recovery and proactive security features that prevent data loss before it occurs, as we will see below.

Given these considerations, using SaaS solutions like Microsoft 365 needs data protection beyond simple backup and recovery. Data protection that infuses modern technologies such as AI as a holistic approach is vital. Why?

AI is a crucial component in modern data protection

The sheer width and breadth of scale involved with SaaS solutions like Microsoft 365 require organizations to use technology tools that incorporate artificial intelligence for data protection. Since Microsoft throttles access by third-party applications in Microsoft 365 for performance reasons, restoring large amounts of data due to a significant data loss event is not desirable. It may lead to extended downtime recovering data (hours, days, weeks).

For example, as mentioned in the DCIG report:

• A specific application can make no more than 10,000 API requests to Outlook in a 10-minute
• Applications can upload no more than 150MB into Outlook in a 5-minute period

It emphasizes that preventing data loss in the first place is critical. For this reason, the DCIG report highlights the need to integrate AI into modern data protection strategies. Only with the help of AI can organizations detect and respond to modern threats in real time and anticipate and mitigate potential breaches before they occur. 

AI can detect and mitigate threats faster and more efficiently than manual human intervention. It can also learn and adapt to new threats and provide dynamic defenses that traditional tools cannot match. This capability is vital given the increasing sophistication of cyber-attacks. 

Modern attacks now often involve complex ransomware schemes that evolve quicker than traditional responses can keep up with. With AI-enabled speed and effectiveness, businesses can successfully defend their critical data in SaaS solutions.

AI-infused protection with SpinOne

SpinOne’s data protection and cybersecurity approach, highlighted in the DCIG report, uses behavioural analysis to monitor suspicious activities. It can monitor activity across hundreds of thousands of Microsoft 365 user accounts in thousands of businesses. This proactive monitoring gives organizations the AI-enabled speed and effectiveness needed for modern data protection. It efficiently backs up data across various Microsoft services and incorporates advanced AI capabilities to detect, isolate, and remediate ransomware attacks.

SpinOne protects M365 data in three ways:

• It quickly backs up Microsoft 365 data, achieving top backup speeds
• Data is restored to Microsoft 365 efficiently, often completing the process within two hours
• It provides comprehensive protection for Microsoft 365 data by identifying and isolating ransomware, stopping ongoing attacks, and restoring compromised data
  

Compared with Microsoft Defender

How does it compare with Microsoft Dender for Microsoft 365? In a head-to-head test, SpinOne identified and isolated 11 ransomware strains in a controlled test environment. This result was significantly better than that of conventional security solutions like Microsoft Defender, which struggled to detect several common strains under the same conditions. Notably, the Defender detection settings used are settings that will likely be common in the enterprise.

In the test, SpinOne detected all threats, generated alerts for administrators, isolated and stopped the in-progress ransomware attacks, and then proactively identified and restored changed, deleted, or encrypted data. This type of cybersecurity automation allows organizations to react quickly and decisively when a ransomware attack occurs.

Granular protection

In addition to fully protecting OneDrive, Outlook, SharePoint, and Teams, it provides deep and very granular levels of protection for SharePoint and Teams. Its protection includes the often-overlooked Content Database, Settings and Views, and Site Groups in SharePoint, and it also provides 1:1 user message and Group Mailbox Calendar protection in Teams.

Aligns with data governance and backup best practices

SpinOne also allows organizations to choose the geolocation and the specific cloud provider where backups are housed. This capability helps businesses to align with compliance and data governance requirements easily. It also helps to avoid a scenario where your backup data is housed in the same location as your production data, such as your production data and backups being located in Microsoft Azure.

Considering Microsoft’s data throttling in Azure, SpinOne offers one of the only SLAs in the industry, providing a 2-hour ransomware recovery service level agreement (SLA). This industry-leading SLA allows data recoveries as fast or faster than any competitor in the market.

It offers three flexible options for businesses to add AI-infused data protection to Microsoft 365. These include the following:

• Backup and Archive
• Backup with Ransomware Detection and Response
• Backup with Data Loss Prevention (DLP)
  

Wrapping up

The DCIG highlights the advantages of AI-infused data protection, especially for users of Microsoft 365. As ransomware and other cyber threats evolve, using AI data protection to rapidly adapt and respond to threats becomes essential. Organizations should consider advanced backup and security solutions like SpinOne not just as an additional layer of security but as a critical investment in their operational integrity and business continuity.

You can read the full DCIG Technology Report and data protection insights here.