Another doozy of a cloud disaster… In the latest episode of The Backup Wrap-up, we dove deep into the jaw-dropping tale of KPMG’s Microsoft 365 data loss debacle. This global consulting behemoth found itself in a world of hurt when an admin accidentally nuked months of critical Teams chat data for a mind-boggling 145,000 employees, all during the chaos of the 2020 pandemic. If that doesn’t send a shiver down your spine, I don’t know what will!
(This blog post summarizes the latest episode of The Backup Wrap-up podcast. We’re in a series talking about major cloud disasters. If you’d like to check out the episode, you can do so here: https://www.backupwrapup.com/kpmg-blunder-proves-microsoft-365-needs-backup-cloud-disasters/)
Let’s break down what went wrong. Some well-meaning but misguided Microsoft 365 admin decided to tinker with the retention policy to delete a single user’s Teams chats. Seems harmless enough, right? Wrong! Faster than you can say “oh, snap!” that little tweak ended up applying to the entire organization. We’re talking countless crucial conversations and files, gone in an instant. Can you imagine the panic that must’ve ensued when they realized the scale of this disaster? 145,000 employees, all relying on Teams to keep the wheels turning during the pandemic remote work craziness, suddenly left high and dry. It’s enough to make your head spin!
But hold on, it gets better (or worse, depending on how you look at it). Turns out, retention policies? They’re not the knight in shining armor you might think they are. Sure, they’ve got their place in the compliance and data management realm, but they’re no substitute for honest-to-goodness backups. Microsoft 365’s baked-in retention policies are great at automatically scrubbing data after a set time, but when it comes to protecting against accidental deletions or other data loss fiascos? Not so much. KPMG’s saga is a textbook example of why you need a separate, battle-tested backup solution that can swoop in and save the day when things go sideways.
Now, I know what some of you might be thinking. “But Curtis, isn’t it Microsoft’s job to keep our data safe?” Oh, if only it were that simple! The truth is, there’s a lot of confusion out there about who’s responsible for what when it comes to cloud data protection. Too many organizations are under the dangerous illusion that their SaaS provider, like Microsoft, is the sole guardian of their precious data. News flash: it doesn’t work that way! In reality, we’re all in this together, with a shared responsibility model that puts the onus on you, the customer, to safeguard your own data. Blindly trusting your SaaS provider’s native data protection features? That’s like playing Russian roulette with your critical information!
But wait, there’s more! Losing months of sensitive business communications and files isn’t just a technical headache; it can also land you in some seriously hot water when it comes to legal and compliance matters. We’re talking potential violations of data retention laws, e-discovery obligations, the works! And if you think that’s bad, just imagine how much weaker your position becomes in legal disputes or investigations when that critical data has vanished into thin air. It’s like showing up to court with a briefcase full of nothing!
So, what’s the moral of this cautionary tale? Third-party SaaS backup solutions, my friends. They’re the unsung heroes that can swoop in and save your bacon when disaster strikes. By investing in a dedicated backup tool that operates independently from your SaaS platform, you’re giving yourself an extra layer of protection and peace of mind. Regular backups, easy restores, and the ability to bounce back from data loss debacles, no matter what caused them? That’s the kind of insurance policy every organization needs!
In the end, KPMG’s Microsoft 365 misadventure is a wake-up call for us all. It’s time to stop gambling with our critical data and start taking SaaS backup seriously. Learn from KPMG’s painful lesson and make sure you’ve got a rock-solid, third-party backup solution in place for your SaaS applications. Trust me, when the you-know-what hits the fan, you’ll be glad you did!
Written by W. Curtis Preston (@wcpreston), four-time O'Reilly author, and host of The Backup Wrap-up podcast. I am now the Technology Evangelist at S2|DATA, which helps companies manage their legacy data
