Nearly 66% of Office 365 administrators use Recycle Bin to back up their data, a practice that could leave data lost and unrecoverable.

Kelly Sheridan, Former Senior Editor, Dark Reading

July 19, 2017

3 Min Read

There are several reasons why Office 365 administrators should not use Recycle Bin to protect their data, but nearly two-thirds continue to do so. This risky and unreliable practice could lead to major loss and its popularity demands stronger protective strategies.

"The Microsoft Recycle Bin is a nice feature, but its job is to help the organization safeguard against accidental data loss," says Rod Mathews, SVP and general manager of data protection at Barracuda Networks. "It's not meant to be a data recovery solution."

Barracuda conducted a survey of general technologists responsible for data protection and recovery to learn about how they safeguard their information. Some of the results, which highlighted the Recycle Bin practice, were "alarming," he notes.

Recycle Bin isn't equipped with the necessary features to protect data stored in OneDrive, Exchange, Sharepoint, and other business services. The information it does protect isn't safe for very long and becomes non-recoverable if it's deleted or ages past the 30-day time limit.

"You won't be able to recover that data in a realistic way by going to the Recycle Bin and restoring emails," Mathews explains. "You'll want a more thoughtful recovery strategy."

Survey respondents represent companies across sizes and industries. While he acknowledges small businesses might not understand the risk of relying on Recycle Bin for data protection, Mathews adds there may be Fortune 500 companies using this method as well.

The rise in ransomware attacks is demanding security leaders to rethink their data protection strategies. Global incidents like WannaCry highlight the danger of not having plans for data backup and recovery. Data recovery may be the only way to avoid paying ransom, and could save a company if the attackers had no intention of restoring the data, as seen in NotPetya.

In an emergency, having backups isn't enough; being able to get to them is just as important. Seventy percent of respondents said data accessibility was equally as important as data availability.

"Depending on the value of the data, companies will invest in different levels of infrastructure to make sure they can recover that data in an appropriate amount of time," says Mathews.

Accessibility is key because more than half (53.4%) of respondents are responsible for data recovery in multiple locations, meaning their systems have to be accessible from different places, using different methods.

About half of respondents said their backups are cloud-based and 76% replicate their data backups in the cloud. Data indicates that the 77.4% who have a disaster recovery plan are using the cloud for both redundancy and accessibility. Mathews predicts we'll see more discussions around how to protect cloud-based environments as more businesses adopt them.

"You need to protect against user errors and malware in the cloud just as you do that kind of protection locally," he emphasizes, noting the Amazon S3 leaks exemplify this. "Cloud providers have protected against a lot of that, but customers still need to think about it."

Researchers also discovered 81.2% of respondents don't test their data protection strategies more than once per year, and about half that number don't test them at all. Testing is critical to ensure data protection is effective but it's also "a huge thing people overlook," Mathews says.

"If they have an issue, how long does it take to get the business back up and running?" he asks. "If you don't have a program, you're going to find out at the worst possible time."

Testing should happen on a regular basis because files change in value, data moves from place to place, and new applications may not be added to the data protection plan. Companies should do random "spot checks": pick a server and make sure you can restore its information.

About the Author(s)

Kelly Sheridan

Former Senior Editor, Dark Reading

Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights