Backup is one of those things every business knows it should have and many don’t get right. The most common failure isn’t skipping backup entirely, it’s having a backup strategy that sounds reasonable until something actually goes wrong.
Choosing between on-premises, cloud, and hybrid backup isn’t just a technical decision. It involves recovery time, cost, internet bandwidth, and what kind of failure you’re actually protecting against.
What You’re Actually Protecting Against
Before choosing a backup approach, it helps to think about the threats you’re protecting against:
- Hardware failure — a drive or server dies unexpectedly
- Accidental deletion — a file or folder is deleted by mistake and needs to be recovered
- Ransomware — malware encrypts your files and demands payment for the decryption key
- Fire, flood, or theft — physical damage or loss of your premises and everything in it
- Corruption — a file becomes unreadable due to a software fault or failed write
Different backup approaches protect against different combinations of these threats. No single approach covers all of them equally well, which is why layered backup strategies exist.
On-Premises Backup
On-premises backup stores copies of your data on hardware at your location a NAS, a dedicated backup appliance, or an external drive.
Strengths:
- Fast recovery, restoring from local hardware is significantly faster than downloading from the cloud, particularly for large datasets
- No ongoing bandwidth consumption for backup jobs
- No monthly subscription cost once hardware is purchased
- Data stays on your premises
Weaknesses:
- Vulnerable to the same physical threats as the original data: a fire, flood, or theft that destroys your server also destroys your local backup
- Ransomware can encrypt backup destinations if they’re accessible on the network
- Requires hardware investment and maintenance
- No off-site copy without additional steps
On-premises backup is fast and cost-effective for recovering from day-to-day failures, hardware faults, accidental deletions, and corruption. It’s not sufficient on its own if you need protection against physical loss or sophisticated ransomware.
Cloud Backup
Cloud backup sends copies of your data to a remote data centre over the internet, services like Backblaze B2, Acronis Cyber Cloud, Veeam Cloud Connect, or Microsoft Azure Backup.
Strengths:
- Off-site by definition, a physical incident at your premises doesn’t affect the backup
- Scalable storage without hardware purchases
- Accessible from anywhere for recovery
- Managed infrastructure, no backup hardware to maintain
Weaknesses:
- Recovery speed is limited by your internet connection, restoring large datasets over a standard business connection can take hours or days
- Ongoing subscription cost that scales with storage
- Initial backup of large datasets (the seed backup) can take considerable time on a typical connection
- You are dependent on the cloud provider’s reliability and business continuity
Cloud backup is essential for off-site protection but is a poor primary recovery mechanism for large datasets due to bandwidth constraints.
Hybrid Backup
Hybrid backup combines both: a local copy for fast recovery and a cloud copy for off-site protection. This is the approach recommended for most businesses, and it maps directly to the well-established 3-2-1 rule:
- 3 copies of your data
- 2 different storage media or locations
- 1 copy off-site
In practice, this often looks like: original data on your server or NAS, a local backup on a separate NAS or backup appliance, and a cloud copy for off-site protection.
Strengths:
- Fast local recovery for common failures
- Off-site protection for catastrophic events
- Redundancy across multiple failure modes
Weaknesses:
- Higher cost, both hardware and cloud subscription
- More components to manage and monitor
- Requires a reliable cloud backup solution configured correctly
For most small businesses handling important data, hybrid backup is the right answer. The additional cost is modest compared to the risk of data loss.
Ransomware and Immutable Backups
Ransomware deserves special mention because it changes the backup equation. A well-designed ransomware attack will attempt to find and encrypt backup destinations alongside your primary data, particularly network shares and connected drives.
The defence is immutable backups, backup copies that cannot be modified or deleted, even by an administrator, for a defined retention period. Many cloud backup services offer this as an option. On-premises immutable backups are also possible but require specific configuration.
If ransomware is part of your threat model (and for most businesses it should be) verify that at least one copy of your backup is immutable.
Choosing the Right Approach
| Scenario | Recommended Approach |
|---|---|
| Small business, limited budget | Cloud backup as a minimum; add local backup as budget allows |
| Business with fast recovery requirements | Hybrid (local for speed, cloud for resilience) |
| Large datasets, slow internet connection | On-premises primary with cloud for critical data only |
| Any business concerned about ransomware | Hybrid with at least one immutable copy |
| Multiple sites | Cloud backup centralises recovery across all locations |
What About Microsoft 365 and Google Workspace?
A common misconception: Microsoft 365 and Google Workspace are not backups. They provide some version history and a deleted items retention period, but these are limited in scope and duration. They don’t protect against accidental deletion beyond the retention window, deliberate deletion by a compromised account, or data loss from third-party app integrations.
Third-party backup tools for Microsoft 365 (such as Veeam Backup for Microsoft 365 or Acronis) provide proper backup coverage for cloud-hosted data. We cover this in more detail in a later post in this series.