Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Understanding shared responsibility

Issue 6 2025 Infrastructure

Data management is increasingly coming under the governance spotlight, yet a significant vulnerability often goes unnoticed. Many businesses operating on Microsoft 365 assume their data is comprehensively backed up. While Microsoft provides infrastructure resilience, a key distinction in its shared responsibility model leaves individual business data – or tenants – exposed to accidental or malicious deletion.

“This is not a flaw in the system,” says Craig Freer, director at Qwerti, a local managed service provider, “but a feature of its design. Microsoft ensures the operational continuity of its services. If a data centre were to fail, the company would restore its servers, ensuring the underlying infrastructure remains stable and your data at that macro level is safe.


Craig Freer.

“However, the responsibility for protecting data at the individual tenant level lies with you, the individual business. Under its standard retention policy, Microsoft retains data for 30 days before permanently deleting it. If an employee accidentally deletes a critical folder, or a disgruntled leaver maliciously wipes an entire Teams environment, it creates a significant gap in protection that many organisations are simply unaware of.”

Risk across the operation

The threat is not just theoretical; it impacts the three core pillars of a modern business’s IT systems. Firstly, there is Exchange and email – the lifeblood of daily correspondence. Perhaps the least mission-critical layer, its loss can nonetheless disrupt operations and cause vital confidential information to permanently disappear.

Secondly, OneDrive contains individuals’ personal work data. The loss of this information can set projects back by months and potentially represents a catastrophic loss of intellectual property and productivity.

Finally, and perhaps most seriously, there is the collaborative environment of Teams and SharePoint. This is where shared organisational knowledge resides. “Its deletion can wipe out years of collective work, and make recovery a near-impossible task,” states Freer.

Worse yet, these vulnerabilities are not just limited to human error or malicious insiders. “A successful phishing attack could give hackers control of the whole system, allowing them to encrypt or destroy data with impunity.”

The governance imperative

For most companies, data backup is no longer just an IT function; it is a board-level mandate. Governance and risk committees routinely ask for proof of backup and evidence of successful restore tests. Microsoft’s infrastructure-level resilience alone does not meet the requirement for granular, tenant-level data protection. This means many organisations, particularly in highly regulated sectors like financial services and law, may be unknowingly non-compliant with their own governance mandates.

“Addressing this vulnerability requires a strategic shift in how businesses view cloud data,” comments Freer. “The solution is not to abandon powerful platforms like Microsoft 365, but to augment them with a dedicated, cloud-to-cloud backup solution.”

“An effective approach should be seamless and automated, and operate in the background. It should not require any actions from individual users or software installation on their devices,” Freer continues.

“It also needs to be cost-effective and scalable. In this context, ‘scalable’ means it offers unlimited storage to avoid escalating costs through constantly having to upgrade storage pools as data volumes grow. Additionally, it must be comprehensive enough to protect all three data environments – Exchange, OneDrive, and Teams/SharePoint.”

Finally, a truly strategic solution should support data archiving. When an employee leaves, their data often needs to be retained for compliance, but paying for a full, active license is costly. The ability to convert a live backup into a lower-cost archive license preserves a snapshot of the data indefinitely, providing a practical and affordable solution.

“By adopting this kind of dedicated backup strategy, businesses can close a serious security gap, ensure compliance, and safeguard their most valuable digital assets,” Freer concludes.

Find out more at www.qwerti.co.za




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

New commercial and technical appointments at Veeam
News & Events Infrastructure
Veeam Software has announced two senior appointments in its South African business as it continues to invest in local market growth and partner and customer engagement.

Read more...
Access as a Service is inevitable
Technews Publishing SMART Security Solutions ATG Digital Access Control & Identity Management Infrastructure
When it comes to Access Control as a Service (ACaaS), most organisations (roughly 90% internationally) plan to move, or are in the process of moving to the cloud, but the majority of existing infrastructure (about 70%) remains on-premises for now.

Read more...
Privacy by design or by accident
Security Services & Risk Management Infrastructure
Africa’s data future depends on getting it right at the start. If privacy controls do not withstand real-world conditions, such as unstable power, fragile last-mile connectivity, shared devices, and decentralised branch environments, then privacy exists only on paper.

Read more...
Access trends for 2026
Technews Publishing SMART Security Solutions RR Electronic Security Solutions Enkulu Technologies IDEMIA neaMetrics Editor's Choice Access Control & Identity Management Infrastructure
The access control and identity management industry has been the cornerstone of organisations of all sizes for decades. SMART Security Solutions asked local integrators and distributors about the primary trends in the access and identity market for 2026.

Read more...
Protecting high-value data from AI
CASA Software Infrastructure Information Security Products & Solutions
As artificial intelligence accelerates the speed and sophistication of cyberattacks, protecting high-value data, such as financial records, legal files, patient data, intellectual property, and compliance records, has never been more urgent.

Read more...
Integrated security key to protecting cloud applications
Infrastructure Information Security
Cloud-native applications have transformed the way businesses operate, enabling faster innovation, greater agility, and enhanced scalability. Yet this evolution brings an equally complex security landscape.

Read more...
The global state of physical security
Genetec News & Events Infrastructure
Physical security has become a strategic business function, improving IT collaboration and decision-making. Moreover, interest in AI has more than doubled among users, and organisations seek flexibility to deploy workloads on-premises, in the cloud, or hybrid.

Read more...
SA availability of immutable backup storage appliance
CASA Software Infrastructure Security Services & Risk Management
CASA Software has launched the newly released Nexsan VHR-Series, a fully integrated, enterprise-class, immutable backup storage appliance purpose-built for Veeam software environments, with usable capacity ranging from 64 TB to 3,3 PB.

Read more...
What is your ‘real’ security posture?
BlueVision Editor's Choice Information Security Infrastructure AI & Data Analytics
Many businesses operate under the illusion that their security controls, policies, and incident response plans will hold firm when tested by cybercriminals, but does this mean you are really safe?

Read more...
What is your ‘real’ security posture? (Part 2)
BlueVision Editor's Choice Information Security Infrastructure
In the second part of this series of articles from BlueVision, we explore the human element: social engineering and insider threats and how red teaming can expose and remedy them.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.