Posey's Tips & Tricks

Should You Use OneDrive as a PC Backup Target?

As with most things in the enterprise tech space, the answer is a bit nuanced.

Over the last two years, with so many people working from home (often from personal devices), I have been seeing more and more organizations advising their users to configure their Windows PCs to back up data to OneDrive. But is it smart to use OneDrive as a backup target? Like so many other things in IT, there is no definitive answer to this question that holds true in every situation. Even so, I wanted to take the opportunity to weigh in on this question. In doing so, I'm not trying to persuade you one way or the other, but rather want to give you a few things to think about.

When it comes to the question of whether or not OneDrive should be used as a target for PC backup, let me just start out by saying that any backup, regardless of how it's performed, is better than having no backup at all. OneDrive is built into Windows, which makes it convenient for use as a backup target. OneDrive makes it possible to set up a backup a PC's files without the need for removable media or pricey cloud storage subscriptions. In other words, having the ability to back up to OneDrive means that systems that might otherwise never be backed up can be backed up quite easily.

Of course there is a big difference between a workable backup solution and an optimal solution. OneDrive can make setting up PC backups quick and easy, but that doesn't necessarily mean that using OneDrive will fully accomplish an organization's backup objectives.

Consider for a moment the 3-2-1 rule. For those who might not be familiar with the 3-2-1 rule, it is a longstanding backup best practice that ensures data redundancy. The 3-2-1 rule essentially states that in order for your data to truly be protected, you need three copies of the data, on two different media types, with one copy residing offsite. Admittedly, the 3-2-1 rule predates the cloud and therefore does not align all that well with cloud services. Even so, there are modern adaptations of the 3-2-1 rule written specifically for the cloud era.

One of the 3-2-1 rule's key provisions is that it necessitates the need for redundant backups. While writing a backup to OneDrive does fulfil the last part of the 3-2-1 rule (the part about keeping a backup offsite), it fails to deliver any backup redundancy. Again, backups that are based on OneDrive are certainly better than not having a backup at all, but such backups do not adhere to longstanding best practices.

Another thing to consider with regard to writing backups to OneDrive is that because OneDrive is integrated into Windows, an attack against Windows will most likely also be directed against the user's OneDrive account as well. In other words, if an attacker were to delete or encrypt the contents of a user's hard drive, there is a strong possibility that the attacker would additionally go after OneDrive. If the only backup of the PC's data resided on OneDrive, then the backup may very well be lost along with the primary data stored on the user's hard disk.

This is why backup redundancy is so important. The only way to guarantee data recoverability is to have a secondary backup copy stored in a location that cannot be compromised.

Having said that, Microsoft does provide some built-in defenses against attacks targeting OneDrive. These defenses won't help you in every situation, but they do a good job of hardening OneDrive against certain types of ransomware attacks.

Suppose for a moment that a user's PC became infected with ransomware and that the attack also began encrypting files stored on OneDrive. If that happens, the user will typically receive a pop-up message from Microsoft indicating that signs of ransomware have been detected. OneDrive will then ask the user to look at certain files and confirm whether or not those files have become infected or encrypted. Assuming that the files have been encrypted by ransomware, OneDrive will offer the user guidance on cleaning all of their devices. Once the user confirms that their devices are clean, OneDrive allows the user to restore their files by rolling the files back to a prior version.

Again, OneDrive's versioning won't help in every situation, but it very often provides a viable option for getting a user's data back following a ransomware attack.


About the Author

Brien Posey is a 20-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.


comments powered by Disqus