Articles
Jun 28, 2023
7 minutes

The Dangers of Using Legal Hold as a Microsoft 365 Backup Alternative

The Dangers of Using Legal Hold as a Microsoft 365 Backup Alternative

Microsoft 365 offers a comprehensive suite of productivity tools and applications, making it an essential component of many businesses. And today, organizations rely heavily on cloud-based platforms like Microsoft 365 to manage and store their critical business data. However, alongside the many benefits that Microsoft 365 brings, there is an ever-growing need for robust data protection strategies to safeguard against potential data loss and security threats.

As we recognize the growing significance of data protection and the potential risks of data loss, having a reliable backup solution is more critical than ever. Some organizations have turned to using Legal Hold, a feature within Microsoft 365, as a backup alternative. While it may seem like a convenient solution, using Legal Hold as a backup strategy can expose your organization to significant risks and protection gaps. 

In this article, we will discuss the dangers of using Legal Hold as a backup alternative and provide a better understanding of the concept of Legal Hold in Microsoft 365.

The Concept of Legal Hold in Microsoft 365

The primary purpose of Legal Hold is to ensure that data is not deleted or altered during the course of litigation or investigation, as this could result in legal penalties or loss of critical evidence.

How Legal Hold Works in Microsoft 365?

When a Legal Hold is applied in Microsoft 365, it prevents the deletion or alteration of specified data, such as emails, documents, and other content. The data is preserved in its original state, allowing it to be accessed and reviewed as needed for legal or compliance purposes. Legal Hold can be applied at the user level or for specific content, depending on the organization's requirements.

While Legal Hold serves an essential purpose in preserving data for legal and compliance reasons, it is not a comprehensive backup solution for Microsoft 365. Some organizations may be tempted to use Legal Hold as a backup alternative, believing that it can protect their data from accidental deletion, corruption, or other risks. However, this approach can lead to several protection gaps and potential dangers, which we will discuss in detail in the next section.

The Protection Gaps in Legal Hold as a Backup Strategy

Using Legal Hold as a backup strategy may seem like a convenient solution, but it comes with several protection gaps and potential dangers. Let's discuss the six key protection gaps that organizations must be aware of when considering Legal Hold as a backup solution for Microsoft 365.

1. Incomplete Data Protection

Legal Hold can be used to preserve various data types in Microsoft 365, but it may not provide comprehensive protection for all types of data. While Legal Hold can preserve emails, documents, and even some Microsoft Teams data, the complex structure of Teams data might make it more challenging to protect all aspects of it. 

For instance, preserving attachments in Teams messages requires placing OneDrive (for 1:1 attachments) or Teams SharePoint Sites (for channel message attachments) on Legal Hold. Additionally, data stored in OneNote or Planner may not be fully covered by Legal Hold. This partial and challenging data protection can lead to potential data loss and put your organization at risk.

2. Not Flexible Retention Policies

Legal Hold's retention policies are not as flexible compared to traditional backup solutions. While Legal Hold can preserve data for the duration of a legal case or investigation, it does not offer customizable retention policies based on your organization's specific needs. 

For example, this inflexibility could result in sensitive data being retained longer than it should be, potentially leading to compliance issues or increased risk of data breaches. A flexible backup solution, on the other hand, allows you to set retention policies that align with your data protection requirements.

3. Suboptimal Granular Recovery Experience

While Legal Hold does offer granular recovery options, the user experience for such recovery may not be as efficient or intuitive as that provided by a dedicated backup solution. Legal Hold allows for the restoration of individual items or specific versions of documents, but the process could be more cumbersome compared to a dedicated backup solution. 

In contrast, a dedicated backup solution provides a more streamlined and user-friendly approach to granular recovery, enabling you to restore individual items or even specific versions of documents with ease. This is crucial in situations like recovering from ransomware attacks or accidental deletions.

4. Increased Complexity and Management Overhead

Relying on Legal Hold as a backup alternative adds complexity to your data protection strategy and increases the management overhead. Organizations must manually apply Legal Hold to each user or specific content, which can be time-consuming and prone to errors. Additionally, managing Legal Holds across multiple users and data types can become complex and challenging to track, increasing the risk of oversight and data loss.

5. Lack of Data Separation

With Legal Hold, the data is not separated in terms of span of control from the Microsoft 365 deployment. If an admin account gets compromised, or in the case of a malicious insider, the hold can be released, and the retained data can be deleted. This lack of data separation and control can put your organization at risk, as it makes data more vulnerable to unauthorized access or deletion. 

A dedicated backup solution, on the other hand, can provide an additional layer of protection by separating the backup data from the primary Microsoft 365 deployment, reducing the risk of data loss due to compromised accounts or malicious insiders.

6. Legal and Compliance Risks

Using Legal Hold as a backup alternative can expose your organization to legal and compliance risks. Legal Hold is designed to preserve data for legal and compliance purposes, and using it as a backup solution may lead to non-compliance with data protection regulations. Furthermore, if your organization is subject to an audit or investigation, the misuse of Legal Hold could result in penalties and negative consequences.

The Solution for Comprehensive Microsoft 365 Backup

To address the protection gaps and risks associated with using Legal Hold as a backup alternative, organizations should consider a dedicated backup solution. Alcion, an AI-driven platform, solves data management challenges faced by companies storing data in the Microsoft 365, including disaster recovery, ransomware and malware threats, and compliance. 

Alcion offers comprehensive data protection, flexible data retention, efficient data restoration, and simplified management for Microsoft 365, ensuring that your critical business data is secure and accessible when needed.

1. Complete Data Protection

Alcion provides comprehensive backup coverage for all Microsoft 365 services and data types (such as email and documents). With Alcion, you can have peace of mind knowing that your data is fully protected and recoverable in the event of data loss, corruption, or other risks.

2. Flexible Data Retention

With Alcion, you can customize data retention policies based on your organization's specific needs and requirements. This flexibility allows you to have control over your data retention strategy, ensuring that you are compliant with industry regulations and can efficiently manage storage costs and resources.

3. Efficient Data Restoration

Alcion enables quick and efficient data restoration to the original state, allowing you to recover from data loss or corruption with minimal downtime. The ability to restore data quickly is crucial in maintaining business continuity and minimizing the impact of data loss on your organization's productivity and reputation.

4. Simplified Management and Reduced Overhead

Alcion simplifies the backup process and reduces management overhead, streamlining your organization's data protection strategy. With an intuitive interface and automated backup processes, Alcion makes it easy for IT teams to manage backups, monitor backup status, and perform restorations. This simplified management allows your IT team to focus on other critical tasks and improves overall productivity.

5. Cost-Effective Licensing and Storage

Using Legal Hold may require upgrading to higher-tier licenses, such as Microsoft Business Professional or Office Enterprise E3 or higher, which can increase costs by at least an additional $6 to $13 per user depending on the current licensing level. Furthermore, enabling Legal Hold for SharePoint will increase storage consumption for file versions that need to be retained. If the required storage exceeds 1TB + 10GB per user, additional storage will need to be purchased at $0.20 per GB/month, which can quickly add up depending on your usage. 

Alcion offers a more attractive solution with favorable licensing and storage costs, making it a cost-effective alternative to relying on Legal Hold for Microsoft 365 data protection.

Conclusion

In today's data-driven world, protecting your organization's critical information is more important than ever. Using Legal Hold as a backup alternative for Microsoft 365 may seem convenient, but it exposes your organization to significant protection gaps and potential risks. 

By choosing a reliable and comprehensive backup solution, organizations can safeguard their valuable data, maintain business continuity, and focus on driving growth and success in the digital age.

Alcion offers complete and flexible data retention, efficient data restoration, and simplified management for Microsoft 365, providing organizations with the peace of mind that their data is secure and accessible when needed. 

Check it out for yourself with this demo video that shows the ease and intuitiveness of the Alcion platform. Try Alcion today; it’s free for 14 days, with no credit card required. Protect your Microsoft 365 data, and take control of your cloud security journey.

Niraj Tolia
Author
Niraj Tolia
CEO and Co-Founder, Alcion

Niraj Tolia is the co-founder and CEO at Alcion. Previously, he was the co-founder and CEO at Kasten, the leading and award-winning Kubernetes backup company that was acquired by Veeam in 2020. Post-acquisition, he continued, as General Manager and President of the Kasten by Veeam business unit, to accelerate the growth of Veeam’s cloud-native business. With a strong technical background in distributed systems, storage, and data management, he previously held leadership roles, including Senior Director of Engineering at Dell EMC and VP of Engineering and Chief Architect at Maginatics (acquired by EMC). Dr. Tolia received his PhD, MS, and BS in Computer Engineering from Carnegie Mellon University.