Forum Discussion
Back-up tools for Office 365
Rylan King wrote:It means that one should stop you using MS Outlook also. If you think so that PST is a bad format then you should recommend Microsoft stop giving new updates.
Still, the large number of organizations have their data stored in PST file format.
You don't need to stop using Outlook. PSTs were invented a long time ago when mailbox quotas were small (like 50MB to 100MB) to give users more space. We're talking 20 years ago... But time moves on and Office 365 makes 100GB quotas available to users, so there is no need to continue using PSTs.
The PST is an insecure (passwords are easily cracked) and fallible file format. Storing content in PSTs means that it is not indexed and discoverable. Companies cannot apply policies to content held in PSTs (DLP, retention, classifications). In short, PSTs are a horrible thing to have. They should be eradicated from all Office 365 deployments as quickly as you can, which is what many major companies are doing now. The problem is that PST eradication takes lots of preparation and is costly, but it has to happen... IMHO.
See https://www.quadrotech-it.com/what-are-pst-files-and-why-do-they-matter/ for more...
Tony,
In what way are .OST files better for security than .PST files, or are you suggesting that all email be accessed through the browser?
Thank you,
Steve
An OST is tied to a mailbox and can only be opened by the owning mailbox (they match with MAPI ID). A PST can be opened by any Outlook client, so it is inherently less secure than an OST (that being said, utilities exist to convert an OST to a PST).
Another point is that you can use the Outlook slider to restrict the amount of information synchronized to the OST. If you were worried, you would keep maybe the last three months of mailbox data in your OST.
However, I am not really concerned about OSTs. These files live on personal laptops and workstations and can be encrypted using BitLocker. What I am worried about is where people put PSTs on shared drives or use PSTs to swap information with others. This is what happened in the Sony hack - attackers were able to access file servers and grabbed PSTs from those locations. That's much easier than trying to hack into multiple user PCs to look for PSTs... But again, if a non-protected PC falls into the hands of an attacker, both PSTs and OSTs can be compromised.
My advice (always) to CIOs is to minimize their company's exposure to risk by eliminating PSTs whenever possible. Sometimes PSTs are a necessary evil, as when you export eDiscovery results to PST to give data to an external expert, but you should always have a good and well-documented reason to put data in a PST.
*Disclaimer, I didn't find a product that would meet/match the requirements Tony*
At the last company I worked for I was tasked with evaluating products to backup O365. I reviewed Barracuda, Backupify, Unitrends, and one other that slips my mind (I skipped AvePoint due to the price point). While none of these products were perfect we did end up going with Backupify. The reason we chose them were the ability to redirect restores both in Exchange, OneDrive, and SharePoint, they provided unlimited storage, and the method of restores were obvious for the user and provided security against overwrites. They also had the ability to backup O365 group SP content. With that said I had concerns about the data center reliability (I think they had two), the interface was clunky and didn't provide a lot of basic reporting I would like. I also had an issue trying to restrict backing up certain things (which might sound counter-intuitive). Was this a great product? No, but it met the basic requirements of what we needed balanced against price. My review of the products was in July-Aug 2017 time-frame so this product and others might have changed since then.
Chris
- I should add at the time we started using the product we had a very small workload of data in O365 (probably 20 mailboxes and a few sites...35-40GBs). We were a company of about 250 people and I wouldn't have expected the overall data set to exceed 2TBs. I definitely had concerns when/if the data set reached or exceeded that level, and/or trying to do a restore of all those materials (the restores I did do the in the single GB size were decent).
