Email is one of the most important communication platforms for most organizations. Organizations have been rethinking where email is housed for quite some time now. Most businesses who start their migration to the cloud generally migrate email and file storage as part of the initial move to cloud services.
Microsoft 365 with its Exchange Online email platform has gained momentum and is currently one of the most popular cloud Software-as-a-Service (SaaS) offerings that organizations are choosing as a preferred cloud SaaS solution. When your business migrates to cloud SaaS environments, you must think carefully about protecting your data. This includes data that exists in cloud environments like Microsoft 365 such email.
In this post, we will take a closer look at protecting your Microsoft 365 Exchange Online email and why that is important. Additionally, how can you easily recover deleted emails in Office 365?
You may wonder why protecting your Office 365 email is an important task to consider as you move your email services to cloud SaaS environments. When it comes down to it, you are responsible for your cloud data. Cloud service providers such as Microsoft, Google, and Amazon all have disclaimers when you sign up for services that spell out your responsibility for your data. They will certainly make sure the underlying infrastructure that houses your data is available and working properly. However, this does not protect you in all scenarios or situations where you can experience data loss with cloud services such as email.
What dangers lurk for organizations housing email data in the cloud?
Let’s see how each of these require organizations to give due attention to protecting cloud email data.
First of all, what is ransomware 2.0? When referring to ransomware 2.0, we are talking about the latest types of ransomware that are cloud aware and able to interact with and encrypt cloud data. What are the characteristics of ransomware 2.0?
Ransomware 2.0 is a description of ransomware that has evolved from the early traditional variants that have long plagued on-premises environments. New types of ransomware have even more capabilities, including the ability to infect your cloud SaaS environment. They are also using new sinister techniques such as not only encrypting your data but also threatening to leak data if the ransomware is not paid in a timely manner.
How can ransomware infect cloud SaaS environments and infect cloud services such as cloud-based email in the first place? New ransomware variants are making use of OAuth 2.0 permissions delegation that is used across cloud environments to easily gain the permissions needed to encrypt files and services that reside there.
OAuth permissions delegation allows a cloud application to be delegated the permissions by a user to perform certain tasks and integrate with the environment without knowing the user’s password. This is possible by way of an authentication token issued to the application. You commonly see OAuth authentication at work with mobile devices. When you see the prompt that requests you to Allow permissions for the application to read your device storage, contacts, network, and other data, this is OAuth permissions at work.
The same is true with applications that request access to your cloud environment including email. The possibilities are very scary when you think about a malicious application that is masquerading as a legitimate tool or service that requests to have access to your environment.
Kevin Mitnick demonstrated what he coined as “Ransomcloud” software that was able to pose as a legitimate Microsoft security tool, request permissions to a user’s Exchange Online email account, then proceed to encrypt user emails in real-time.
The malicious application takes advantage of OAuth permissions delegation that a user grants in behalf of the application. Once the permissions are granted, the application assumes all the rights and permissions of the end user over their data, including Exchange Online email as part of Microsoft 365. It then has access to encrypt end user email inboxes in real-time.
Think about the dangers of this scenario. The encrypted email has not been deleted, so there is nothing to un-delete from the recycle bin. Also, Microsoft has not as of yet introduced any kind of versioning technology for Exchange Online emails. This means you can’t recover emails using some sort of previous version of your emails or inbox. How would you recover from this scenario without a backup of the good copy of the email?
Let’s think about another more traditional scenario of data loss inside of an email account. A simple scenario involving an employee deleting emails can help to shed light on the importance of backing up your email service. Think about this scenario – an employee deletes several important emails from his or her inbox. The deletion of the emails was not discovered until many days later. There are certain time limits in place to easily recover deleted emails in Office 365 using native tools.
Note the following time limits:
It important for Microsoft 365 administrators to be aware of the built-in limits to recovering emails with the normal processes included. This can certainly cause major issues when thinking about data that may only be needed monthly. What if the deleted email rolls past the recovery time window?
It may seem like an impossible scenario – a cloud infrastructure failure that leads to data loss. However, this has happened in the past. Cloud service providers do suffer from major outages, failures, and occasionally, data loss. Note what happened when AWS customers lost data in EC2 on Labor Day weekend 2019. A subset of customers suffered irrecoverable data loss when a cascade power failure caused EC2 instances to go offline, leading to data corruption. When this happened, the only option for customers who had data in the EC2 environments affected was to restore data from backups, if they had them.
It might seem inconceivable for a hyper-scaler cloud service provider to actually lose data in their ultra-resilient cloud datacenters, but it can and does happen. It has happened in the recent past, and it will no doubt happen again in the future. Customer-side backups are really the only protection against this type of data loss. If cloud email systems suffer a major, catastrophic even where data is corrupted, the only way to recover deleted emails is to restore them.
Let’s take a look at a few of the built-in processes to easily recover deleted emails in Office 365. The processes we will take a look at are in regards to using the native, built-in tools that are found in the Outlook web interface itself.
In option 1), you can click on the Deleted items folder and then right-click an email you find here, select Restore and it will be recovered back to the inbox. If a user simply right clicks and deletes an email, this is the location that it is found first.
However, what if a user SHIFT+Deletes an email (permanent deletion)? It is sent to the permanent deleted items where it will stay until either the 14 or 30-day time periods expire (recoverable items). To restore from the permanently deleted location, click the 2) Recover items deleted from this folder.
Recovering either deleted or permanently deleted emails
When you click the Recover items deleted from this folder you will be taken to the Recoverable items folder.
Viewing and recovering emails from the recoverable items folder
With this quick functionality, you can recover deleted emails in Office 365 from the web interface of Outlook email. It is worth noting, Exchange Online admins can also recover deleted email items by performing an eDiscovery Search that allows searching for the desired email content and downloading these deleted items as a PST file that can be reimported back into the Office 365 environment.
The easiest way to recover deleted emails in Office 365 is by using an effective backup solution to backup your Office 365 email environment and perform granular or in-bulk restores of your email data. However, beware that not all Office 365 email backup and recovery solutions are created equal. Organizations may struggle with how to backup Office 365 effectively.
SpinBackup is an enterprise cloud-to-cloud backup solution for Microsoft 365 that allows customers to effectively backup services including Exchange Online email. The SpinBackup O356 restore process allows recovering data either in whole, or granularly to services housed in Microsoft 365.
It includes the following features and capabilities:
Recovering deleted or even encrypted emails using SpinBackup is easy and intuitive. Let’s take a look at the process to restore emails back to a user’s inbox using SpinBackup and see just how easy the process is. The entire workflow is intuitive, allowing you to make your way through a restore even if you have never been through the process before.
First, choose to Start restore on the account to which you would like to restore data.
Recovering Office 365 email using SpinBackup
Choose the version of the backup that you would like to select data to restore from.
Select the version of the backup you want to use.
Select the data that you want to restore. In this case, we are selecting a particular email. Choose the items you would like to restore. In this case, we are restoring a specific email to the account.
Choose an email to restore
Note also that you can change where you want to restore the email items. This is a great way to perform a data migration to move data from one account to another. After you choose the destination, choose Restore.
Select where you want to restore the email
The email is successfully restored to the inbox of the user in a Restored by Spinbackup folder. The emails can then easily be moved back to the inbox.
Email is restored to a folder in the Office 365 account
Businesses are aggressively moving data and services to the cloud. Among the business-critical services migrated is email. Email and file services are generally the first of the services that are migrated to cloud SaaS environments by organizations. Despite the resiliency and availability of hyper-scale cloud data centers, you must protect your cloud data, including email, at all costs. There are many risks to your data including next-generation ransomware, end users, and even cloud infrastructure failure.
SpinBackup provides an enterprise-grade cloud-to-cloud backup solution that allows you to effectively backup your cloud email data among many other services in Office 365. It allows easily recovering deleted emails to Office 365 with a simple and seamless workflow as shown.
Be sure to sign up for a fully-featured trial version of SpinBackup here.