Cloud Software-as-a-Service (SaaS) environments such as Google Workspace and Microsoft Office 365 provide tremendously powerful capabilities to businesses today. These include robust collaboration and business productivity tools. They offer businesses the opportunity to consume resources “as-a-Service” instead of building expensive infrastructure for the same purpose.
Migrating and hosting your data in the cloud has never been easier. However, there is a risk to your data in the cloud that is also common to on-premise environments. That risk is data deletion. What factors can lead to data deletion? How can organizations protect themselves from data deletion in the cloud?
Contents
How can data in the cloud get deleted?
Cloud SaaS environments provide robust features that allow end-users to collaborate, carry on business-productivity tasks, and communicate in ways that would not be possible otherwise. Two of the most popular services often migrated to cloud SaaS environments are file storage and email services. These are arguably two of the most basic and essential services users need to carry out business productivity.
When it comes down to it, cloud data can be deleted just as easily as data existing in on-premises environments. What are common ways that cloud SaaS data deletion can happen? Cloud data deletion can happen as a result of the following:
- End-user deletion
- Malware
- Cloud Infrastructure failure
1. End-user deletion
Arguably the most common way that data deletion happens in cloud SaaS environments results from end-user deletion. Users are the ones that generally interact with data in the cloud every day. They may work with general productivity documents such as Word and Excel documents, PDFs, text files, presentations, and the list goes on. The same scenario that is common in on-premises environments can happen with cloud SaaS. Consider as an example. A user opens a cloud-based document, makes changes, and saves the document. After saving, they realize they deleted the wrong information. However, the document has already been saved.
Another scenario may involve a user who deletes a file from the cloud-based file repository, only to realize they deleted the wrong document. By default, most users have the permissions required to update and delete files to which they have access. This level of permissions may be necessary for business activities. However, it does lead to the possibility of accidental data deletion.
The above examples involve the end-user quickly realizing they deleted the wrong data. What about the scenario where data was deleted and not noticed for days, weeks, or even months? This scenario can potentially be a data deletion where recovery may be difficult if left to cloud SaaS native tools and if a data protection solution is not in place. How so?
Cloud SaaS environments like Google Workspace and Microsoft Office 365 have implemented file versioning for file storage. Also, both have the concept of a deleted items where you can recover deleted files. Businesses relying only on this built-in functionality can experience data loss since these built-in features are limited.
When looking at the data deletion and recovery for Google Drive, Google notes:
“If files or folders are deleted, you may be able to recover the items for your users. This can happen if a user empties their Trash in Drive, or when files and folders in the Trash are automatically deleted after 30 days. As an administrator, you can recover the data within 25 days after the Trash was emptied. After that period, the data is purged from Google systems.
So, after 30 days, the trash is emptied, and administrators have another period to recover these items. However, after that, the data is gone forever. What about the built-in services such as Google Vault that some businesses may see as a pseudo-backup solution? In the same KB:
“If your organization uses Google Vault: You might be able to retrieve data older than 25 days if it was subject to retention rules or holds. A Vault user can search for retained data and export it. However, you can’t directly restore this data to the user’s Drive.”
Another example of a popular cloud SaaS environment is Microsoft’s SharePoint Online. The SharePoint Online environment is an extremely popular cloud document repository used by many organizations for various use cases. Microsoft’s retention policy for SharePoint Online is as follows:
“In SharePoint Online, items are retained for 93 days from the time you delete them from their original location. They stay in the site Recycle Bin the entire time, unless someone deletes them from there or empties that Recycle Bin. In that case, the items go to the site collection Recycle Bin, where they stay for the remainder of the 93 days. For info about restoring deleted items, see Restore items in the Recycle Bin of a SharePoint site and Restore deleted items from the site collection recycle bin. The Recycle Bin retention time is not configurable in SharePoint Online.”
When you delete a site collection, you’re also deleting the hierarchy of sites in the collection, and all content within them:
- Documents and document libraries
- Lists and list data
- Site configuration settings
- Role and security information that is related to the site or its subsites
- Subsites of the top-level website, their contents, and user information
If you accidentally delete a site collection, it can be restored by a global or SharePoint admin using the SharePoint admin center.
Deleted site collections are retained for 93 days. After 93 days, sites and all their content and settings are permanently deleted, including lists, libraries, pages, and any subsites.
So, while there are default safeguards in place, for most businesses with business-critical data, you don’t want to rely on the simple built-in file versioning provided. Additionally, with both Google and Microsoft cloud SaaS environments, file versioning does not span across the entire landscape of services offered (email being an example of this).
It means companies must leverage a third-party backup solution to ensure their critical data is fully protected, regardless of the data deletion scenario. Using a third-party solution also allows companies to align with backup best practices by keeping backup data stored separately from production data. File versioning from Google and Microsoft inevitably uses the same cloud environment and infrastructure to house the various file versions of your data. It is like putting “all your eggs in one basket” from a disaster recovery perspective.
2. Malware
Malware, and specifically ransomware, is a significant threat to your data. While ransomware does not technically delete your data, the effects are the same. It encrypts the data, so it is unreadable without the encryption key the cybercriminals possess. This encryption process locks the data away, so it is inaccessible to your end-users. Many companies have operated under the misconception that cloud data is somehow “ransomware-proof.” After a major ransomware attack affects their cloud SaaS data, they quickly and unfortunately realize this was is not the case. How does ransomware infiltrate cloud SaaS environments? There are two main ways this happens:
- Compromised OAuth permissions delegation – Compromised OAuth permissions delegation generally happens when a malicious cloud application masquerades as a legitimate or even sanctioned application requesting the end-user grant permissions to the application. Once the end-user grants the permissions, the ransomware has what it needs to start encrypting all resources the user has access to, including shared cloud file locations and even their cloud email inbox.
- File synchronization – Major cloud file storage options offered by Google Drive and Microsoft OneDrive for Business have synchronization utilities that allow on-premises files to synchronize with cloud storage. If an end-user is infected with ransomware, the ransomware will encrypt local copies of files. These are then synchronized to cloud storage environments by Google Drive Sync or OneDrive. Cloud file synchronization provides an easy gateway for ransomware to infect business-critical cloud storage.
Once ransomware infects files, they are as good as deleted until they can either be recovered by the encryption key or restored from a good backup of the data. Organizations must take backups seriously due to the ransomware threat to their data, on-premises, and in the cloud.
3. Cloud infrastructure failure
It might seem ludicrous to think that cloud infrastructure can fail. After all, isn’t this one of the primary reasons thousands of organizations rely on hyperscale cloud service providers such as Amazon, Google, and Microsoft to host their business-critical resources? The major cloud service providers boast uptime and durability ratings that are only a dream for organizations looking to build a comparable private data center environment.
It may seem far-fetched. However, cloud infrastructure failures and outages do happen and can result in data deletion. Over Labor Day weekend in 2019, Amazon AWS suffered an outage in one of their US-east-1 datacenters, resulting in the loss of 1 TB of customer data.
Widespread cloud outages can and do happen frequently. Take a look at the following examples:
- Microsoft Apologizes ‘Deeply’ For Worldwide Azure, Teams Outage (crn.com)
- Prolonged AWS outage takes down a big chunk of the internet – The Verge
- Microsoft outage brings down Azure, Office 365 and Teams – DCD (datacenterdynamics.com)
- Google Workspace Widespread Outage Serves Up a Timely Email Continuity Warning | Mimecast Blog
While we are not saying here that your data is not safe in the cloud, it underscores the importance of taking data protection seriously, even in cloud environments. Your data is ultimately your responsibility.
Cloud SaaS data deletion and recovery
Organizations making use of cloud Software-as-a-Service (SaaS) environments must expect data deletion at some point. Taking charge of protecting your data is the best approach to preventing a business-impacting data disaster. SpinOne is a hybrid data protection and cybersecurity solution that allows companies to backup their cloud SaaS data effectively and provide cybersecurity protection to secure it.
SpinOne allows businesses to protect against the three data deletion culprits discussed and others that may impact your data in either Google Workspace or Microsoft Office 365. It does this by offering the following capabilities:
- Automatic, versioned backups
- Ability to choose where backup data is stored, even outside of the cloud you are protecting
- Artificial intelligence (AI) and machine learning (ML) driven ransomware protection
- Encrypted backups
- Third-party application control
- Insider threat protection
- Compliance tools
It allows protecting services not covered by file versioning or other built-in protections, such as cloud-based email. Using SpinOne, you no longer have to worry about how to recover deleted emails in outlook or the underlying intricacies of cloud backup infrastructure.
Concluding thoughts
Data deletion is a very real threat, even in cloud SaaS environments. Organizations can lose data for many reasons, including end-user actions, malware, ransomware, and infrastructure failure. Data loss results in interrupted business-continuity lost revenue and even lost long-term business if the data loss is severe. Organizations need not leave protecting their data to change or even to the built-in mechanisms provided by cloud service providers. Using a third-party data protection solution like SpinOne is a great way to protect your data.
Be sure to check out more information about SpinOne and download a fully-featured trial version for Google Workspace or Microsoft Office 365 here.