group having serious discussion about cybersecurity

OneDrive as a backup solution?

As we look at OneDrive it’s important that we note some functional differences between OneDrive and other true backup services.

OneDrive is a Synchronization Service intended to make your files available to you, the user, on a spectrum of devices, from anywhere.  This is most often helpful for people who use desktops, people who travel a lot for work, and who prefer to bring only their tablets (or smartphones) on travel, working from home, or other such flexible work environments.  OneDrive for business gives you the ability to leave your work computer and equipment behind altogether, but still access your files from the web anywhere you are by logging into the web-portal.  OneDrive best described as Microsoft’s competitor to DropBox with the added benefits of being included in your O365 subscription, controlled by your IT group, and available in a unified portal with your other O365 products.

It’s important to note though that OneDrive is not a Backup Service in the traditional sense; rather OneDrive is intended to replicate changes to your document out to the cloud, immediately, for availability from any of your devices.

That being said, OneDrive for Business does have a few small protection characteristics that mimic traditional backup services. In the future, I believe it is Microsoft’s intent to become more competitive with backup service providers, but they are not there yet, as noted in the following examples.

Deletion Example for OneDrive:

If you delete a file from your computer, it is also deleted from OneDrive – right away – within seconds.  After deletion, the file is available in your local computer’s Recycle Bin (or Trash on a Mac). In this scenario, the deleted file is also temporarily available inside of the Recycle Bin of your OneDrive portal on the web.

However, if your Recycle Bin is emptied after deletion, or if the web-based Office 365 Recycle Bin is emptied after deletion – the item is permanently lost.

Comparison to traditional backup services: Backup Services keep copies of each iteration of your files. However that storage comes at a cost, and with consideration for storage limitations/billing this can become cost-prohibitive. There is a trade-off.

Modification/Change/Corruption Example for OneDrive:

If a file on your computer is changed, that change is immediately transmitted to OneDrive over your network connection. So if your file is accidentally corrupted, or maliciously encrypted, OneDrive will still pick up that change.  The synchronized copy of the file in OneDrive will now also be corrupted or encrypted.

Version History:

Let’s say you make an accidental change to the document on your computer and save it.  This change is automatically sync’d with OneDrive within seconds.  However, in this situation – you CAN log into the Office 365 portal, and find the document – right click it, and select Version History  [This feature has been limited in the past to just file-types that Microsoft can understand (.docx, .xlsx, etc.)].  Assuming the file meets the Version History capabilities, you can download a copy of the previous version, get rid of the most-recent one, and then re-add the previous version of the file into your OneDrive folder; and carry-on.  This process takes a few moments, but saves you the pain of having to recreate the whole document.

However, in the case of the most common (and certainly ever-growing) chance of being infected with Encryption/Ransomware Viruses (CryptoWall, CryptoLocker, Locky, etc).  These viruses perform in a variety of ways, but typically their behavior includes renaming and encrypting the files in question.  Part of the reason they do this is because it circumvents the versioning history and recycle bin features – further complicating the chance of recovery.

OneDrive uses the Version History feature not for backup protection from malicious efforts, but rather as a convenience mechanism against unwanted edits and accidental deletion. This misses the scope of true Backup Services which are intended to protect you from yourself, as well as to protect you from others.

Encryption Example:

Let’s say I have a file called Notes2.docx – and I upload it to OneDrive.  Then I get a virus! (YIKES!) It encrypts the file, and then renames that file to CorruptNotes.Thimble.  OneDrive syncs this immediately. Now in my OneDrive folder, I cannot find a document called Notes2.docx anywhere.  The renaming has moved the file around based on its new name, but there’s also not a copy of Notes2.docx in the Recycle Bin.  Hidden amongst the names of corrupted file names now in my OneDrive folder, I could right-click on each one, go to Version History and try to walk through restoring each individual file in the manner I previously described (with some added steps to repair the file-naming) – but there is no BULK rollback functionality, and what if I have 100 files, or a thousand, or 5000 files or MORE?

Also – Version History is LIMITED and does not apply to all file-types – typically just those files that Microsoft natively knows how to handle.

Comparison to traditional backup services: Backup Services provide bulk-rollback functionality, do not typically care about file-type, and also provide bulk file export functionality in the event an entire device has been compromised.

These scenarios are where true ‘Backup Services’ are extremely desirable – backup solutions keep versioning of everything that has changed since the last backup, regardless of file-type.  Typically these software options are also decent at compressing this data to maximize your storage space – vice keeping full raw file sizes as OneDrive does.

Additional Considerations:

Beyond these scenario based limitations, there are also some granular constraints for OneDrive that can be reviewed at the following link:

  • Special Character Limitations
  • File Size Limitations
  • File Type Limitations
  • File/Folder Name Character Limitations
  • Etc.

https://support.microsoft.com/en-us/help/3125202/restrictions-and-limitations-when-you-sync-files-and-folders

Summary:

It’s still a trade-off in the industry – and at the crux of it all is price and seamless integration.  Mozy Pro, Datto, (and other products like them) offer Backup & Sync options – which provide both backup/restoration capabilities, and the instant-sync/web-portal functionality of a Sync client.  The drawbacks with these solutions are typically the additional cost and the reality that these outside options are rarely a seamless integration with the other Office products.

In this day and age, and investment ahead of time is always better than the devastation of compromised data lost to the ether of the internet or malicious corruption.

 


Steven Jordan, PMP
With a passion for leading projects and the teams involved, Steven facilitates the delivery of services and solutions to our valued clients.  We believe that clients big and small can benefit from the project management skill-set that helps to bridge the gaps between technology, resources, and our clients’ needs.  Steven assists in keeping the lines of communication open between engineering resources and our clients, all while maintaining transparency and translating complexity.  Technology is rarely as easy as we want it to be and Steven drives towards delivering a streamlined service experience to our clients.