According to Flexera’s 2025 State of the Cloud report, 70% of all businesses employ a hybrid cloud or multicloud strategy, something we have also written about previously. Data is often dispersed across on-premises systems, cloud platforms, Software as a Service (SaaS) applications and even remote endpoints, making consistent protection a complex challenge. This brings us back to the question of backups hosted on and off the Cloud – how they compare, and what the challenges are for organizations.
Cloud security is not guaranteed
Many organizations assume that, for example, using Microsoft 365 in itself grants them a layer of protection, this is not necessarily so. While Microsoft does provide a high level of infrastructure security and service availability, data protection for Microsoft 365 Exchange is not fully covered by default. For users, it is essential to understand Microsoft’s Shared Responsibility Model. This framework outlines a clear division between what Microsoft is responsible for and what the end user must manage.
As it stands, Microsoft does not guarantee protection against user-side data loss, such as accidental deletions, malware attacks, or internal misuse. In other words, while the platform itself is secure, the data within your mailboxes remains your responsibility. This means organizations have to figure out a system of backups to capture and duplicate their data.
Cybersecurity threats, particularly ransomware and phishing attacks, often target Microsoft 365 Exchange environments. If an attacker gains access to a user’s mailbox and encrypts or deletes data, the organization may not have a clean recovery point available without third-party protection. Similarly, one of the major targets for ransomware is the backup itself; successfully crippling restoration options can give the attackers additional leverage over their target.
Cloud infrastructure challenges
Another related topic is the question of infrastructure challenges; as data in the Cloud mounts, the call for more data centers grows. We are already seeing occasional issues with existing centers due to the data load, and additional centers are not always welcomed in their projected locations.
Additionally, we must keep in mind that Cloud-based data has to align with various governmental restrictions; the EU, for example, regulates where your data is physically stored – a Microsoft 365 customer from the Eurozone expects that their data is kept within the Eurozone and not exported out, limiting the available server space that Microsoft can make use of without drawing regulatory action.
Harmonizing backups on and off the Cloud
There are ways to make your backups function both on and off the Cloud in a Hybrid setup; however, this requires an additional level of attention to detail. It’s also been a topic covered by other industry players. The major things to ensure your organization pays attention to are:
Ensure internal systems can manage both Cloud and On-Premises
Whatever data management systems, access platforms or others you use – make sure they can access storage both on the Cloud and on premises equally! One of the cardinal mistakes made by organizations is to have separated systems, complicating data siloing and working with your information.
Adhere to the 3-2-1 Backup Rule
A hybrid setup between the Cloud and on-premises is ideal for setting up the 3-2-1 Backup system, meaning three copies on two different mediums, one being off-site. Make sure your data is secured from intrusion and protect your backups and recovery!
Make use of Zero Trust principles
As with the 3-2-1 Backup rule, protecting your data is paramount. Hybrid structures means that people will be accessing data from various locations, making verification harder. Adhere to Zero Trust and screen access to your data!
Your Data In Your Hands – With TECH-ARROW
