Zendesk backs up your data for large-scale disaster recovery — a rare scenario — but it doesn’t provide granular restore of your data, nor does it protect against accidental deletion of or breaking changes to your automations.

How much the data is worth to you, and the depth of backup you are comfortable with, only you can decide. But since we’re talking about things like automations, macros, and triggers — workflow controls that your entire support organization relies on every day — you deserve to make that decision based on factual information.

If you work in IT: When something goes wrong, you may suddenly be asked to recover lost data with a quick RTO (recovery time objective). If you aren’t able to do that, it puts you in the unpleasant position of having to explain why not, not to mention the business impact of not being able to restore the data the business needs.

If you work in Support: An accidental delete or breaking change in your automations, triggers, macros, or views can tie up your support workflow, thereby risking the smooth functioning of your service organization.

How Zendesk backs up your data
Technically, Zendesk does have features to make your data in their system more available. But these are designed for a specific, very broad, purpose.

All Zendesk data is automatically backed up regularly. Not to protect your account data specifically, but the entire platform in case of a . So Zendesk can recover all accounts if there was, for example, a platform-wide hacker attack, but they don’t promise to recover information for your account specifically if an incident were to occur.

This may not seem like much of a problem; after all, Zendesk hasn’t publicly reported any large losses of customer data. But there are some significant potential problems that can still bite you despite Zendesk’s automated backups.

5 costly problems Zendesk won’t protect you from

1. Somebody accidentally breaks your workflow
Automations are one of the key reasons why companies love Zendesk. But what happens when you lose automations due to a simple mistake? A lot.

Take a look at a typical example of Zendesk automations:

• All billing-related tickets are automatically routed to the finance team.
• If a ticket is left untouched for more than four hours, it is automatically escalated.

Now imagine the havoc caused by losing any of these automations. If you didn’t have these automated processes to begin with, your support system would be far less effective. But if you do have them, your entire support system will suffer if you suddenly lose access to them. You would need to quickly recreate everything, get the processes up and running, and hope the customer forgives you.

In this scenario, if you have a third-party backup tool in place, your automated daily backups of your Zendesk automations mean you can simply restore to a time before the automation was deleted. Search for your automation in the system, and with a few clicks, your automation is restored.

2. You can’t restore data at a granular level
As I mentioned earlier, Zendesk has a disaster recovery feature they use in extreme cases. It is designed to recover huge amounts of data in bulk.

If a disaster happens and Zendesk performs a disaster recovery, you get your data back in a big downloadable blob of CSV or XML data. Recovering a single, important ticket or customer interaction would force you to look for a needle in a massive haystack.

On the other hand, if your data is backed up in a third-party system, you simply “Search.” “Preview,” and “Restore.” That’s it. You find the needle right there, within a minute.

3. You lose all deleted data after 40 days
When you delete an item in Zendesk, it goes in the recycle bin. But it only stays there for 40 days, then it is gone forever. It is very simple, yet far too few Zendesk users realize the finality of this functionality.

You delete so many things every day. Usually, you never think of them again, but every now and then, the wrong item is deleted. Or circumstances change, so you realize you need it back. But forget it — after that just-less-than-six-week window, it’s gone.

Not so with your data backed up with a third party. Everything is still there. You leave your options open.

4. When an employee leaves your company, all her data is automatically archived
Now and then, you probably see support agents leave the company. This is a normal part of the business. As a matter of fact, companies worldwide face a among their support agents.

When the agent is no longer an active user in Zendesk, what happens to all their views, tickets, and other data associated with their account? If you still need access to it, you have three options:

• Continue to pay the fees for the person’s license after they leave. But with a license cost of $49 to $215 per agent per month, that will be an expensive option with a 30% turnover.
• As a best practice, Zendesk recommends you reassign the tickets and downgrade the agent’s account and finally suspend the account. Please keep in mind that downgrading the agent’s account will automatically delete all macros and views permanently. Losing out on macros and views permanently could be a costly mistake.
• When you back up the data with a third-party backup service, you continue to have access to all data. Your data is backed up daily, so you can simply go back to any point and restore or preview any data.

5. Zendesk’s enhanced disaster recovery is expensive
Zendesk will sell you an system that includes multi-zone data replication and a host of other features that help protect your data in event of a disaster. Please note that it is available only in enterprise plans ($215 per agent per month). Even worse, it doesn’t even protect your automations, triggers, macros, and views.

With a third-party backup you can save a lot of money for your organization and benefit from a comprehensive backup starting at a few dollars per agent per month.

A 60-second summary, with the Keepit glasses on
As I mentioned at the start, you will have to assess your risk tolerance if you conclude that suddenly losing your Zendesk data would be too costly, whether, through human error or malicious intent, the time to act is now. There are third-party solutions out there, so you just need to find the right one.

is one of them, designed for fast, easy recovery. And for your convenience, here are five quick benefits:

1. Protect automations — automations, macros, and triggers are the lifeblood of Zendesk, and with Keepit, you can also protect these.
2. Retain unlimited data — all your data is saved in four copies across multiple data centers.
3. Keep backup costs down — With Keepit for Zendesk, you benefit from a comprehensive backup solution with unlimited hot storage and data archiving starting from $2.95 per agent per month.
4. Keep it simple — with an easy interface, anyone can recover data with no training needed.
5. Recover fast — get your data back in seconds. Search-Preview-Restore, using smart search and granular restore.

Many discussions about ransomware recovery focus on getting critical data back where it belongs. While this is absolutely necessary, it’s not always sufficient to allow full resumption of business-as-usual—the actual goal of disaster recovery.

In this session, we’ll discuss the key lessons we’ve learned as a SaaS data protection company about the holistic requirements for resuming normal operations after a large-scale attack or disaster, including restoration, remediation, retraining, and retrospection.

Backups are critical. We all know this is true—not just in an obvious “water is wet” way, but in a more serious “if you don’t drink enough water, you will die” way. At the same time, having a reliable backup system to capture your data and the ability to restore the right data in the right place at the right time is only part of what modern enterprises need.

Restoring data is not the same thing as recovering operations. Restoration is the first step along that path, but not the only one. You can sum this argument up with a single phrase: “restoring data is necessary but not sufficient by itself.”

Before you restore…
Re-read the first sentence above. Before we can proceed with talking about what else a full restoration will take besides just clicking the “restore” icon, I’m going to assume that you have a complete, valid, tested backup of your most important data. (And if you don’t, click to learn how Keepit can get you there!)

What you get when you restore
OK, now you’re all set, right? You’ve got a known-good backup, and you’ve tested your restore procedures. You’re comfortable with the software, you’ve ensured that everyone who needs to conduct restores has the correct permissions, and so on. If not, you probably at least know what areas of improvement you need to focus on (and quickly)!

The next step in the process is understanding exactly what you get when you execute a restore, assuming that it goes perfectly. This will obviously vary quite a bit depending on what you’re backing up in the first place. For example, there are certain Zendesk and Azure Active Directory objects that can be restored in place (that is, the restored object can overwrite the old one), but other objects will only be restored as new objects. Knowing exactly what a restore will give you, where it will go, and what, if any, manual steps might be required post-restore are all key parts of understanding the overall journey.

Now for the fun part
One crucial mistake we sometimes make when talking about restore planning is failing to think about, and plan for, what happens after the restore.

Resuming operations after a cyberattack involves many considerations that you may not have thought about during your restore planning, including the time required to install or reinstall patches and updates on users’ computers, the need to maintain an effective communications channel for your staff while your primary systems are being restored, and non-computer-related issues like making sure that you know where physical assets and people may have moved to during your outage.

There may be other unique considerations that apply to you, too. For example, in 2021, a large auto company suffered a cyberattack that prevented their dealers from ordering cars or parts—so once the company restored their systems, they had a lot of manual and unplanned work to clean up and reconcile their pending orders, update dealers with information on where their parts were, and so on.

None of that cleanup work could take place until the restore was complete and all the data they needed was present.

How to get started
The exact mechanics of how you go from “restore successful” to “we’re back in business” will vary according to many factors, including how large and/or complicated your organization is, how mature your operational processes are, how many additional regulatory requirements you have to deal with, and the nature of the problem from which you’re recovering.

There’s a huge continuum that covers the space from the simple (restoring a single critical file for one user) to the very complex (recovering operations after a large-scale disaster like a wildfire or hurricane).

Investigating, documenting, and practicing what your business needs to quickly get back to normal after the restore succeeds is perhaps the most important single thing you can do to protect your data and your business.

The Keepit Approach to the Five Quality Components of Usability One prominent aspect of Keepit’s cloud backup and recovery solution that customers rave about most is its simplicity and ease of use. Where other similar solutions often require weeks of training, the Keepit solution is plug and play, capable of being implemented and fully operational within minutes – and by everyone on the team. No extensive courses and diplomas are required. The intuitive ease with which Keepit locates and restores files also means our customers are actively incorporating it into their day-to-day internal support operations, rather than just using it for finding and recovering files that have simply gone astray. The ease of use comes from a dedicated design process, which puts usability up front and users in the driver’s seat. There are many different opinions on what the word usability means, so here at Keepit — as with many other things — we are inspired by what we observe in the workplace and then have our take on it that fits our product. The Keepit Design Hierarchy Creating and following a design hierarchy goes to the heart of how we build and continue to improve Keepit’s backup solution. For every design and feature we implement, Keepit follows a clear usability vision that strongly focuses on following a design code. The hierarchy in which we make design and usability decisions is built around Principles, Pillars, and Patterns. Starting with our Design Principles, everything we do is based on these principles: They are abstractions of how we design our products and help designers make the right decisions. Design Pillars are more focused on how we implement designs and how the user should experience the Keepit solution. Pillar example: “The right functionality, at the right time, to the right person.” This Pillar is used rigorously for each feature we create throughout the entire user flow. Is this the right functionality being presented to the user? Is this the right time to show this functionality? Will it work for the person who is going to use it? Finally, we have Patterns. Design Patterns are specific implementations of functionality. This could be how we implement breadcrumbs, how we handle truncation, checkboxes, dropdowns, and wizards, just to name a few. Defining Usability Usability is a quality attribute that assesses how easy user interfaces are to use. The word ‘usability’ also refers to methods for improving ease of use during the design process. The most popular definition of Usability has five components, as explained by the Learnability: How easy is it for users to accomplish basic tasks the first time they encounter the design? Efficiency: Once users have learned the design, how quickly can they perform tasks? Memorability: When users return to the design after a period of not using it, how easily can they re-establish proficiency? Errors: How many errors do users make, how severe are these errors, and how easily can they recover from the errors? Satisfaction: How enjoyable is it to use the design? There are many other important quality attributes, one of which is utility, which refers to the design’s functionality. In other words, does it do what users need? How Keepit Measures Usability Learnability in Keepit: Let us look at the first item: Learnability. The nature of a backup application is not something our users check in to merely to “get a dopamine kick” from watching cool facts about their running backups. Instead, backup is more “set it and forget it,” and usually, our users come to the platform for one of two reasons. One, is to make sure that everything is running as it should. Two, is to restore data that was lost. For many of our users, the fact that the application is so easy to learn and understand saves them much time, money, and the frustration of being unable to find the data that needs to be restored. Memorability in Keepit: Our approach is not just that things should be easy to learn but also that they must be easy to get back into after being away for a period of time. We do this with a consistent system: most things work in a predictable, similar way, following the same ideas. This increases the chance that something is memorable and easy to re-learn. There are, of course, many things we do to improve the memorability of Keepit, with consistency and recognizability of the applications they are backing up being just some of them. Efficiency in Keepit: All of this leads to Keepit’s Efficiency. We like to look at efficiency from the point of view that you should “take the time to look before you jump.” This means we do not consider “few clicks” a success criterion in itself, but rather, we consider “carefully placed” clicks as a step in the right direction – i.e., solving the problem with just the right number of clicks. Errors in Keepit: Naturally, we do everything within our power to ensure the number of mistakes made in relation to the task being solved is at a minimum and that a tight correlation exists between the number of errors the user is making and the solution’s efficiency. Every time the user makes an error, it sends them back into the flow, and they will have to redo actions, which again leads to an ineffective solution. Learnability and memorability directly impact the user’s errors, so everything is connected, as you can see. Satisfaction in Keepit: Finally, there is one more thing to address: satisfaction. Satisfaction is a tricky topic to discuss when talking about a solution that’s practical in nature and does not contain any real incentive to be a pleasurable experience. In the Keepit design, we have gone to great lengths to fight against the tendency of “functional design” that flourishes in the world of IT management tools. Instead, we have moved toward the concept of “emotional design” because IT administrators also deserve good tools. In functional design, where the idea that showing everything all at once means more control and empowered admins, Keepit believes showing the right thing, at the right time, to the right person offers the ultimate degree of control and empowerment. We also believe that creating a pleasurable and satisfying experience with administration tools like Keepit, where everything “just works,” frees up administrators to focus on other priorities. Final Thoughts Despite our mission to create the perfect solution that requires no previous knowledge to recover data, we are painfully aware that achieving perfect usability is a goal yet to be reached. But we strive every day to get there. That said, we recommend that our users regularly make sure they understand the flows and the emergency training so that in the case of an emergency, they know exactly what to do and when to do it, which we’ll save for a future blog post. At Keepit, we put a lot of effort into ensuring that the design leaves little room for mistakes and is easy to pick up again after a long vacation – even for an inexperienced administrator. Help The Keepit Design Team We are always looking for people who would like to provide feedback on our solution and help us create the best design in the world. Please if you are interested in becoming part of the user feedback forum.

While most cloud service providers, including Microsoft 365, offer some degree of data backup, you might be surprised how minimal it actually is. This brings us to the discussion of shared responsibility and why it can’t be ignored if you want complete data protection and backup.    Because Microsoft 365 is so commonplace in business, it’s easy to assume that so long as you stick we them, you have the basics covered. That, unfortunately, is not correct when it comes to cloud backup and recovery. Here are two hard truths you need to take into consideration when you plan your SaaS data protection:

1. Your cloud service providers are not responsible for the safe keeping of your data. 
2. You are responsible for keeping your data and metadata safe.

  In this blog post, you will learn: 

• What shared responsibility means.  
• What cloud services like Microsoft 365 currently offer to retrieve lost data. 
• How to make sure your cloud data is actually secure. 

What You Risk by Not Backing Up Your Cloud Data

Let’s start by looking at the exposure a company faces that does not participate in shared responsibility.    Depending on the nature of one’s business, several risk scenarios could arise if you rely solely on cloud service vendors for backup (and the vendors themselves recommend that you do not rely solely on their services):  

• You lose access to critical intellectual property documentation such as patents. 
• You may no longer be in compliance by losing access to certain required information. 
• The entire company loses access to emails and other collaboration tools such as  SharePoint and other apps, thereby preventing employees from doing anything. 
• Critical systems such as Salesforce, which are based on multiple automations that have been painstakingly built up over time, will need to be rebuilt. 

  When data loss happens to a large business it can result in thousands of unhappy employees and customers. For small to medium-sized businesses the consequences can be even more severe if they lack the IT resources and know-how to immediately address the problem.     The eventual outcomes range from customer inconvenience and disgruntled employees to severe legal problems and potential business catastrophe.  In other words, your business continuity is at stake.

Common Data Loss Threats  

Data loss threats don’t always originate from outside the organization, as demonstrated by a study conducted by the Enterprise Strategy Group (ESG) which showed that human error from within the organization is one of the single biggest contributors to data loss.    A breakdown of data loss causes is illustrated in the following graphic: If you lose data for any of these reasons, cloud vendors like Microsoft will not provide data backup because they adhere to the “shared responsibility” model that states it’s not their responsibility. More on that later. 

The “Backup Features” Currently Available in Microsoft 365 

In essence, cloud service customers have three functionalities that many think serve as backup of their data.  

Litigation Hold 

The purpose of litigation holds is to help if you are involved in a legal process and need to preserve information exactly as it is at a specific point in time. It is clearly not designed as a backup or recovery tool, because:  

• Retrieving just a single email requires going through 8-10 demanding steps. 
• Based on your licensing plan, your cost of storage may be significantly higher. 

Versioning 

Microsoft automatically saves versions of your documents at regular intervals, so you can just go back and open a previous version, right?     Technically yes, but:  

• You only get the random actual documents. What you don’t get is structure—nothing is where you left it, and there are no folders. So, at scale, this quickly becomes unmanageable. 
• If there is a ransomware attack, all versions may be encrypted. 
• There is zero protection against dangerous and potentially crippling ransomware. 

  Speaking of ransomware attacks, check out our popular Disaster Recovery Guide for a seven-step guide on how to keep your business running in a disaster situation. 

Recycle Bin 

Just like the bins around your office, the Microsoft recycle bins are emptied regularly. How frequently depends on the application. For example:    

• In Exchange: mail items disappear after 30 days, and calendar items after 20 days. 
• In Teams: channels, teams, and group items go away after 30 days. 
• In OneDrive and SharePoint, they’re removed every 93 days. 
• In SharePoint backup, items disappear after 14 days.  

  As useful and convenient as they are for users, these features can lull employees into a false sense of security because if the worst happens, they are not reliable.     Now that you know what’s at stake, let’s dive into the issue of shared responsibility. 

A Crash Course in Shared Responsibility

What is Shared Responsibility?

Although no official dictionary definition exists, in a nutshell, shared responsibility means you and each cloud vendor take shared ownership for accessing your data in the cloud.     Don’t be surprised to learn that Microsoft is not responsible for protecting your data. They are very clear on this issue. You can read a summary of their shared responsibility policy for Microsoft 365 in this short article, and here’s the bottom line (in Microsoft’s own words):    ‘You own your data and identities. You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control (which varies by service type)’.   Regardless of the type of deployment, the following responsibilities are always retained by you: 

• Data 
• Endpoints 
• Account 
• Access management 

  As you can see in the table below, the division of responsibility between you and Microsoft, depends on your hosting. (For the purpose of this blog post, pay attention to the SaaS column.)  Source: Microsoft 

  As you can see, Microsoft assumes some responsibility for its piece of the cloud service, but it’s up to the customer to protect the critical data that represents the lifeblood of its business.     Microsoft 365 does have some built-in features to retrieve deleted data such as versioning, litigation hold, and recycle bins, however, these also have limitations and are nowhere near viable alternatives to genuine backup. 

Who Uses the Shared Responsibility Model? 

Originally, AWS developed the concept, and today it’s used more or less identically by all cloud services. So, shared responsibility doesn’t just apply to specific vendors or types of services but to cloud computing in general.     If you want to dig deeper and explore how some of the main cloud service providers refer to shared responsibility, follow the links below to learn what each says on their respective websites.   

• Microsoft Azure 
• Google Cloud 
• Salesforce 
• Zendesk 
• Slack 

What Microsoft Recommends Instead: The 3-2-1 Backup Principle 

So, if Microsoft is not responsible for your cloud data, what steps do they recommend?    Simply put, they recommend keeping your eggs in different baskets. The most effective way to safeguard your data is to use the 3-2-1 backup principle, which goes like this:  Store your data separately from your day-to-day operations.     You must keep one copy of your data off site. Years ago, offsite storage was mainly to protect against fire and theft. Today, it’s more complicated than simply separating data geographically. And you can’t fully rely on cloud access, which could be taken offline to protect the providers’ own business interests.    If you want to learn more about what Microsoft recommends what to do if you experience a ransomware attack, you can find a good summary here.      Let’s move on to some actionable advice on what you can do next to bridge the huge security gap left by shared responsibility. 

How to Find a Backup Solution That Works 

If you decide to heed the advice of Microsoft, Google, and the other cloud service providers, and find a reliable third-party backup solution, here are some important considerations: 

1. Find out who is actually responsible for data loss in applications such as OneDrive, Groups and Teams, SharePoint, and Exchange within your organization. Is there a dedicated person or team, or is the responsibility spread across the organization? 
2. Make sure backup copies are stored outside of Microsoft 365’s domain. Always have offsite, immutable, backup copies that are stored separately from your primary data. Never store in the same logical infrastructure as your primary data. 
3. Look for comprehensive coverage for your SaaS data, in order to include as much data and metadata as possible in your backup. 
4. Look for fast and granular recovery so you can recover from a single item, all the way up to the tenant level to achieve precision recovery at scale.  
5. Look for a third-party tool that is compliant and offers long-term retention and a variety of security controls. 

How to Find the Right Microsoft 365 Backup Vendor

There are great solutions available, and like everything else, you need to find the one that best meets your needs. To help you in that regard, here are the most important considerations:    Microsoft 365 coverage 

• Does it support all of Microsoft 365, with all associated data types, such as Teams private chat, channel chat, versioning, and public folders, etc.? 

Data recovery 

• Can you restore all business-critical data in place? 
• Is all data restored in its original format? 
• Is all data restored — from a single item up to tenant level? 

Role-based access control and compliance 

• Can you configure backup admin permissions? 
• Is the audit log tamper-proof? 
• Can you limit access rights across specific data connectors? 

Data storage 

• Are data centers independent from the SaaS provider? 
• Are there options for data residency? 
• Are redundancies built in? 
• Can you store copies of your data in two separate data centers? 

Pricing 

• Is the license model clear and transparent? 
• Is data consumption included? 
• Are there any hidden costs (for example, for departed users)? 

Search capabilities 

• Can you search universally across all snapshots in a single view? 
• Can you preview documents live? 
• Can you control search and restore delegation? 
• Can you perform point-in-time navigation or restore? 

Simplicity 

• Can you easily manage and unify backup sets of cloud apps? 
• Can you share public links to end users, and download all the data types and levels? 
• Is the interface intuitive? 

Backup configuration 

• Is the backup deployment simple and configurable? 
• Can you scale across any size organization? 
• Are the retention policies flexible across the instance? 
• Can you segment Microsoft 365 data to meet business requirements? 

Security 

• Is the storage engine tamper-proof? 
• Are there SSO and MFA options? 
• Are the data centers ISO27001 certified? And what about the software development and operations organization?

Backup management  

• Is the solution 100% cloud-based with no maintenance required? 
• Are new users automatically added to the backup? 
• Can you automate notifications and backups? 
• Is there an open API allowing for third-party integration? 

 

In summary: 

We’ve covered the concept of shared responsibility, touched on what the cloud service providers cover, and where your responsibility lies. We’ve also shared some advice on what you should look for in a backup and recovery solution. I hope you come away from reading this blog post feeling better equipped to perform your cloud data risk assessments. If you have any questions, you are of course welcome to reach out.  

I promised myself I wouldn’t spend any time in this post talking about how the world has changed because of COVID or how people now want / expect / need to be able to do the critical parts of their job from wherever they are, not just from a corporate device on a managed corporate network. So, I won’t.

Instead, let me focus on one specific use case: backup and recovery of Office 365 data. Of course, that’s a huge part of what we do at Keepit, and our customers love it. So do analysts. We all know that disasters can strike at any time—ransomware, human errors, and technical failures can leave you in need of recovery at any time of the day or any day of the year. In the old-school world, starting a recovery meant “drive to the data center, put a tape in the tape library, and then run backup software.” With a cloud-native data protection solution like Keepit, there’s no more driving and no physical tapes, but you still have to start the restore.

That’s where our mobile app comes in! You can check the status of your backup and restore jobs and start recoveries from anywhere your mobile device can get a connection! Let’s take a look at how this works.

Checking Job Status

The Connectors page shows you what’s going on with the current set of supported connectors. Right now, the mobile app supports our Microsoft 365 and Google Workspace connectors, and we’re adding support for our other popular connectors. The connector status page shows you the current size and run state of your connectors. You can see in the example below that I have a current backup using the M365 connector and a separate OneDrive-only backup that just finished its first update.

Restoring Data

One of the unique ways Keepit makes your restores faster is by giving you multiple ways to restore data. You can restore data to its original location (“in-place restore,”) to an alternate location, or via a sharable URL. For the fastest possible restore, just create a shared restore link and send it to whoever needs instant access to the data. The recipient can use that link to browse the backup data you’ve chosen to give them and download only what they need, to whatever device or environment works best for them—without having to wait for you or Office 365 to complete the entire restore.

The Keepit mobile app supports both in-place and shared-URL restores. Tapping the connector lets you quickly create a link that points to the most recent snapshot, but if you want to browse the contents of the snapshot, you can do that too—tap the connector, choose “Open Connector,” and browse until you find the data you need. You can filter and sort the results to make it easier to quickly locate your data items. Once you’ve found what you’re looking for, you can restore it in-place or generate a link to send to the recipient for direct access.

The Future

We’re excited to be the first cloud SaaS data protection solution with a full-featured mobile app, and we have a lot of exciting things planned for the future. (Vic, let’s talk about what you’d like to publicly disclose here). We’re always looking for feedback from our customers, too—you can get the app from the Apple App Store or Google Play Store, and we’d love to hear what you think!