Posey's Tips & Tricks
Bad Backup Idea: Using OneDrive Sync as an Office 365 Backup Substitute
Don't cut corners when it comes to protecting Office 365 data, Brien warns.
Recently, I have seen at least a few instances of people using the OneDrive sync app as a tool for backing up SharePoint Online team sites.
While it is true that the OneDrive sync app can be used to protect SharePoint team site data, it can't do the job by itself, and may actually put team site data at risk.
For those who might not be familiar with the OneDrive sync app, it is a free tool from Microsoft that allows you to synchronize files between a local computer and the cloud -- specifically, OneDrive. Even though the OneDrive sync app is intended primarily for use with OneDrive, you can also use it to create and maintain a sync relationship between a local PC and a SharePoint site.
As previously mentioned, the OneDrive sync app is sometimes used as a backup alternative because it copies files stored locally on a device to a SharePoint document library and vice versa. In theory, this automatic copying of files to an alternate location might be thought of as a backup. After all, if a user is in the habit of storing files on their local PC (there is also a version of the OneDrive sync app that works with Mac) and their hard drive dies, the user's documents are not lost because those documents are stored safely in SharePoint.
At the same time, though, the same synchronization engine that prevents data from being lost in the event of a hard disk failure can also contribute to data loss in other situations.
Imagine for a moment that a user opens a malicious e-mail attachment and triggers a ransomware infection on their PC. Most ransomware variants are designed to encrypt document files and other data files, but not operating system files. Encrypting the OS files would corrupt the OS, possibly making it impossible for the victim to pay the ransom. As such, ransomware commonly focuses on encrypting the user's data.
So if the user's documents are encrypted but the OS is still working as it should, it most likely means that the user's now-encrypted documents are going to be synchronized to SharePoint, thereby overwriting healthy document copies. Granted, SharePoint's versioning feature may make it possible to revert those documents back to a previous state, but rolling back documents one at a time would be a tedious and time-consuming process.
The problems with using the OneDrive sync app as a backup alternative also exist if data is being "protected" in the opposite direction. Suppose that a user is a member of a SharePoint team site, and that they and other team members use the site's document library as a repository for critical documents. Now imagine that one of the team members is concerned that nobody is backing up the documents, so that person deploys the OneDrive sync app and begins synchronizing the documents to their own local computer so that a secondary copy of the documents will exist.
If another team member were to accidentally delete a document from the document library, the OneDrive sync app would likely remove the local file copy, as well (although I haven't had an opportunity to personally verify this behavior).
My point is that although the OneDrive sync app can be a tool for protecting Office 365 documents, it does not provide comprehensive protection on its own. Because a sync relationship exists between the user's PC and the cloud, changes that are made to a document will be replicated to the document copy -- even if those changes are undesirable.
That being the case, it is important to perform a more conventional backup that results in a data copy being stored in an area that is not impacted by the sync relationship. Typically, the administrator would use a backup application to create regular backups of all of the organization's Office 365 resources, but in smaller organizations, SharePoint site data can be synchronized to a user's PC and backed up from there.
In either case, it is necessary to create a true backup rather than relying solely on the OneDrive sync app.
Brien Posey is a 16-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.