|
Backup Strategies series · Part 4 of 7 Cloud Backup — IaaS Storage, M365 Backup, DRaaS, GDPRHow cloud backup works in B2B — vendors, architecture, compliance Object storage · SaaS backup · DRaaS · data residency · GDPR · encryption |
|
On this page
|
What cloud backup delivers in B2B
The third item of the 3-2-1 rule requires an off-site backup copy. 15 years ago this meant tape in a vault or at the bank. Today it is often a cloud repository — faster, simpler, no logistics. Cloud backup does not replace the local backups from part 3: restoring from the cloud costs bandwidth, time and often egress fees. The right approach is a hybrid concept: local for fast and cheap daily/weekly, cloud for the off-site copy and disaster recovery (more in part 5).
Three categories of cloud backup
When someone says “cloud backup”, it can mean three very different things:
| 1. IaaS object storageBackup software runs on-premise, writes backups to cloud object storage (S3, Azure Blob, Wasabi, IONOS, OVH). Control over software, encryption, keys. | 2. SaaS backupThird party backs up a SaaS application (M365, Google Workspace, Salesforce). No own hardware needed — Microsoft and Google secure the platform, not the content. | 3. DRaaSDisaster Recovery as a Service: in addition to backup, a prepared failover environment runs in the cloud. In an incident, server operations resume within minutes. |
IaaS object storage as a backup targetFULL CONTROL IMMUTABILITY POSSIBLE MIND EGRESS COSTS Established backup suites (Veeam, Acronis, Veritas, Bareos) support S3-compatible object storage as a secondary or tertiary repository. Concretely: the primary backup runs locally on NAS, a “Backup Copy Job” then pushes a copy to the cloud. That cloud copy can be wrapped in S3 Object Lock (WORM mode) — making it undeletable for the configured retention period, even by administrators with compromised credentials. This is the most effective defence against ransomware. Cost driver: storage itself is cheap (Wasabi/IONOS from ~5 €/TB/month), but egress fees on restore can be substantial (AWS S3: ~0.09 €/GB after the first 100 GB). Wasabi and Backblaze B2 are far more customer-friendly here (no egress or flat-rate). Always run a concrete restore simulation before vendor selection. |
SaaS backup — Microsoft 365 and Google WorkspaceMANDATORY, NOT OPTIONAL OFTEN UNDERESTIMATED Microsoft secures the M365 platform — not your data in the platform. An accidentally deleted mailbox, an encryption attack on SharePoint or a malicious ex-employee action are classic SaaS backup cases. Microsoft itself explicitly recommends third-party backup in its service terms. Typical SaaS backup feature set:
Vendors: Veeam Backup for Microsoft 365, Acronis Cyber Protect Cloud, AvePoint Cloud Backup, Synology Active Backup for Microsoft 365 (runs on-premise on a NAS), Hornetsecurity 365 Total Backup. The Synology variant is often the most economical for SMBs — no cloud subscription fees, just the NAS and storage. |
DRaaS — Disaster Recovery as a ServiceRTO IN MINUTES PREMIUM PRICE DRaaS goes beyond pure cloud backup: the provider keeps not just your backups but a prepared failover environment ready. In an incident your VMs are started in the provider cloud and become reachable within minutes — until your own infrastructure is restored. This resolves the classic conflict between low RTO and standby-hardware cost. A real option for critical systems (ERP, web shops, patient data); usually overkill for standard workloads. |
GDPR, data residency and the US Cloud Act
Cloud backup leads to a data processing arrangement under GDPR — always. Mandatory at minimum:
- Data Processing Agreement with the cloud provider (Art. 28 GDPR)
- Clarity on storage locations (within EU/EEA or third country?)
- Documentation of TOMs (technical and organisational measures) of the provider
- Encryption of backup data before upload (client-side encryption with own key)
- Deletion concept with verifiable deletion at end of retention
For US hyperscalers (AWS, Azure, Google), the US Cloud Act is also relevant: US authorities can compel US corporations to disclose data even if stored in Europe. For particularly sensitive data (health, law enforcement, government), European providers — IONOS, OVH, Hetzner, Wasabi (EU region), Scaleway, STACKIT — are often the legally safer choice. The German BSI Criteria Catalogue C5 specifies detailed requirements.
Cloud backup vendors at a glance
| Vendor | Type | Location | Strengths |
|---|---|---|---|
| AWS S3 / Glacier | IaaS Object | global, EU regions | Market standard, best tooling integration |
| Azure Blob / Archive | IaaS Object | global, EU regions | M365 integration, Hybrid Azure Stack |
| Wasabi Hot Cloud | IaaS Object | EU (Amsterdam, Frankfurt) | Flat rate, no egress, S3-compatible |
| Backblaze B2 | IaaS Object | USA, EU (Amsterdam) | Cheap, transparent pricing |
| IONOS Cloud Storage | IaaS Object | Germany | GDPR-safe, German support |
| OVH Cloud Archive | IaaS Cold | France, Germany | Cheapest cold storage in EU |
| Veeam Cloud Connect | Backup service | via service provider | Fully integrated Veeam solution |
| Acronis Cyber Cloud | All-in-one | global, DE region | Backup + anti-malware integrated |
| Hornetsecurity 365 | SaaS backup | Germany | M365 specialist, DE hosting |
Understanding the cost structure
Cloud backup easily becomes a cost trap because the storage price is in the marketing materials, but the four other cost components are not. Especially the egress fees get overlooked: egress means any traffic flowing out of the cloud data centre to the customer — exactly what happens during a restore. A 1 TB restore from AWS S3 at 0.09 €/GB egress costs around 90 € per restore operation — on top of monthly storage fees. Watch the following five line items:
| Storage | Price per GB per month. Cold/Archive tiers are far cheaper but with minimum retention. |
| Egress | Cost for outbound traffic (restore!). The most important hidden cost factor at AWS/Azure/Google. |
| API calls | For fine-grained backups (many small files) PUT/GET calls can become significant. |
| Restore fee | Glacier/Archive add a “retrieval fee” per retrieved GB on top of egress. |
| Licences | Backup-software licence (Veeam, Acronis): per workload, per socket or per VM. Often the largest item. |
Rule of thumb for an SMB with 5 TB of cloud backup data (German GDPR vendor, monthly full): roughly €50–200/month pure storage. Plus backup-software licence, plus internal bandwidth. For a 1 TB restore, plan 4–24 hours of bandwidth.
Frequently asked questions
Is cloud sufficient on its own, without local backup?
Theoretically yes, practically no. Restore from the cloud is bandwidth-limited — for 1 TB on a symmetric 100 Mbit line that means ~24 hours best case. For an RTO under one day you absolutely need local restore material. Cloud is the secondary/tertiary tier, not the primary.
Does cloud backup protect against ransomware?
Only with the right configuration. An SMB share into the cloud is just as exposed as a local share. Cloud backup becomes truly ransomware-resistant only with Object Lock / immutability (S3 Object Lock, Azure Blob versioning with legal hold) and a strictly separated cloud account that does not overlap with production permissions.
Who has access to my cloud backups?
With client-side-encrypted backups (own key, the provider only sees ciphertext): only you and anyone with the key. With server-side encryption, technically also the provider and (in Cloud-Act cases) the relevant authority. For particularly sensitive data, mandatory client-side encryption with own key management (KMS).
Do I really need SaaS backup for M365?
Yes. Microsoft secures platform availability, not your data. Accidental deletion, ransomware in OneDrive, malicious employee behaviour or faulty scripts are only marginally recoverable with Microsoft built-ins (typically 30–90 days recycle bin, no granular item recovery, no cross-tenant restores).
Consulting on cloud backup and hybrid conceptsWant to add cloud backup to your local protection or check whether your current setup is GDPR-compliant? We help with vendor selection and integration into your existing NAS or backup software environment. Phone: +49 (0)7666 / 88499-0 · E-mail: sales@industry-electronics.com |
Related shop categories
| Local backup hardwareStorage NAS Storage server Storage SAN |
Backup softwareBackup solutions Data protection |
Servers & networkServers · Rack-mount UPS (all) |
Other parts of this series
|
You are here: Part 4 — Cloud Backup |
Last updated: April 2026 · Lieske Elektronik · industry-electronics.com