ITWeb, in partnership with Rubrik, conducted a survey on M365 data protection during August 2022.

The objective of the survey was to create awareness amongst corporate South Africa that M365 data is susceptible to ransomware and other cyber attacks, and in reality needs to be protected.

A total of 104 responses were captured, with 64% of respondents being at executive or middle management level. While 44% of respondents came from the IT sector, the remaining 56% come from a wide range of major industry sectors, with finance and government being the best represented.

Here are some of the key findings:

  1. The majority (62%) of respondents said they leveraged the full M365 collaboration
    suite including Microsoft Teams, while 14% said they had the full M365 suite and
    Dynamics, 12% said they used M365 for email only and 10% said they used it for
    email, document and content management with Sharepoint and OneDrive.

  2. A quarter (25%) of the survey’s respondents have more than 1 000 M365 users, 8% say they have between 500 and 1000 M365 users, 10% have 250 to 500 users, 19% have 50 to 250 users and 38% of respondents have fewer than 50 users.
  3. Three quarters of the respondents (75%) to this survey consider M365 to be a Tier 1 application within their organisation. 15% say that M365 is important to their business but not critical, and 10% say that while it’s not critical at the moment, but as they further invest in M365 it will be in the future.
  4. When it comes to their ransomware strategy for M365, 59% of respondents say they have an additional existing third party backup provider for M365. Almost a third of respondents (31%) say they use only native tools from Microsoft such as retention policy, litigation hold and e discovery. 10% of respondents say they have no protection.
  5. Asked what they would do in the event that ransomware attacked their M365 data, 68% of respondents say they have a structured ransomware recovery process and the right tools to recover. 20% of respondents don’t have a ransomware recovery process and 12% say they aren’t sure and would like to review their risk posture.
  6. When asked if they were familiar with Microsoft’s recommendations for ransomware protection for M365, respondents answered as follows
    • Yes, we are aware Microsoft recommends in its Microsoft 365 service agreement “that you regularly back up your content and data that you store on the services or store using third-party apps and services”. (69%)
    • No, we are not aware and would like to understand more from you. (18%)
    • Yes, but we are happy with native tools from Microsoft. (13%)
  7. When it comes to applying Zero Trust principles in their M365 environment, half of respondents (50%) say they only have multi factor authentication; a quarter (25%) have fully implemented Zero Trust architecture and a physical air gap; 13% say they haven’t implemented Zero Trust principles or architecture in their M365 environment; and 12% say they aren’t sure and would like to review their risk posture.
  8. Just under half of respondents (41%) say they prefer a fully managed service to protect their M365 workload. 35% say they manage it themselves, and 23% say they’d like a fully managed service but cost is a prohibiting factor.
  9. The most important features when considering M365 protection are listed by respondents as follows:
    • Tight Microsoft partnership, product roadmap and necessary integrations to safeguard our investment in long-term protection. (65%)
    • Secure, air-gapped and immutable backups with encryption at rest and in flight. (44%)
    • Granular role-based access control with multi-factor authentication separate from MSFT global admin credentials. (42%)
    • One-time OAuth and service principal authentication with ongoing user auto discovery and inherited protection policy. (41%)
    • Complies with both MSFT and CISA guidance and best practices. (40%)