Backup & DR

Cloud Backup Best Practices: The 3-2-1 Rule and Veeam

Complete guide to cloud backup strategies, immutable storage and disaster recovery to protect your business.

business EasyDataHost calendar_today February 20, 2026 schedule 10 min read

Data is the most valuable asset of any business. A hardware failure, human error or ransomware attack can cause total loss of critical information in a matter of minutes. According to industry data, 60% of companies that suffer a major data loss close within six months.

The good news is that a well-designed backup strategy can protect your business against virtually any disaster scenario. In this article we cover cloud backup best practices: from the 3-2-1 rule to advanced solutions like Veeam Cloud Connect and Disaster Recovery as a Service (DRaaS).

The 3-2-1 Rule: The Gold Standard of Backup

The 3-2-1 rule is the foundation of any reliable data protection strategy. It is simple to remember and has proven its effectiveness for decades:

The 3-2-1 Rule:

  • 3 copies of your data (the original + 2 backup copies)
  • 2 different storage types (local disk + cloud, for example)
  • 1 offsite copy, in a geographically separate location

The modern version of this rule, known as 3-2-1-1-0, adds two additional requirements: 1 immutable or air-gapped copy (that cannot be modified or deleted, even by a compromised administrator) and 0 verification errors (backups must be regularly checked with test restores).

Immutability is key against modern ransomware, which no longer just encrypts production data but also attempts to delete backup copies. An immutable cloud repository, like the one we offer in our Veeam Offsite Backup service, ensures you always have a clean restore point.

Backup Types and When to Use Them

Not all backups are created equal. Choosing the right combination of backup types reduces restore time, optimises storage and minimises impact on production.

Type Description Recommended Frequency Best For
Full Complete copy of all data Weekly Baseline, starting point
Incremental Only data changed since the last backup Daily Daily operations, low impact
Differential Data changed since the last full backup Daily Balance between speed and size
Snapshot Instant image at VM or volume level Multiple per day Aggressive RPO, virtualised environments

The most common strategy combines a weekly full + daily incrementals, with retention of multiple restore points. In Proxmox or VMware environments, hypervisor-level snapshots complement this strategy to achieve RPOs of minutes.

Veeam Cloud Connect: Offsite Backup Without Complexity

Veeam Cloud Connect allows you to send backup copies to a cloud repository from a service provider (like EasyDataHost) directly from the Veeam Backup & Replication console. No VPNs, complex configurations or additional infrastructure required.

As a Veeam Gold Partner, EasyDataHost offers cloud repositories in our Tier III+ data centre in Madrid with the following advantages:

  • check_circle End-to-end encryption: data is encrypted in transit and at rest with AES-256.
  • check_circle Immutable storage: WORM protection against ransomware and accidental deletion.
  • check_circle WAN Accelerator: optimised transfers that reduce bandwidth consumption.
  • check_circle Data in Spain: GDPR compliance and local data protection regulation.

If you already use Veeam, you can activate offsite backup in minutes. Check our discounted Veeam licenses as a Gold Partner if you need to expand your backup infrastructure.

Offsite Backup: Your Data Outside the Data Centre

Having all backup copies in the same data centre is a risk that many companies underestimate. A fire, flood or prolonged power failure can destroy both production data and local backups simultaneously.

Offsite backup means keeping at least one backup copy in a geographically separate location. EasyDataHost's data centre, located in the Data4 facilities in Madrid, offers a maximum security environment with redundant power, N+1 cooling and 24/7 surveillance.

For organisations that need to store large volumes of offsite data cost-effectively, our Object Storage S3 service offers S3-compatible storage with no traffic or request charges, with support for Veeam Scale-Out Backup Repository (SOBR) and archive tier.

Microsoft 365 Backup: Don't Rely on Microsoft Alone

One of the most common mistakes is assuming that Microsoft fully protects your Exchange, OneDrive, SharePoint and Teams data. The reality is that Microsoft operates under a shared responsibility model: they guarantee infrastructure availability, but data protection is the customer's responsibility.

This means Microsoft does not protect you against:

  • warning Accidental or malicious deletion of mailboxes, files or Teams channels.
  • warning Ransomware encrypting files synced to OneDrive or SharePoint.
  • warning Legal retention requirements beyond Microsoft's standard policies (90 days for recycle bin).
  • warning Data loss during tenant migrations or licence changes.

Our Veeam for Microsoft 365 solution performs automatic backups of Exchange Online, OneDrive for Business, SharePoint Online and Teams, with configurable retention and granular restore (from a single email to an entire tenant).

DRaaS: When Backup Is Not Enough

Backup protects your data, but how long can your business afford to be down? This is where two fundamental metrics come in:

RPO

Recovery Point Objective

How much data can you afford to lose? If your RPO is 1 hour, you need backups at least every hour.

RTO

Recovery Time Objective

How long can you be without service? If your RTO is 15 minutes, you need automated failover.

Disaster Recovery as a Service (DRaaS) replicates your virtual machines in our data centre and enables orchestrated failover in case of disaster. In minutes, your critical workloads run on our infrastructure while you resolve the incident at your primary site.

Unlike traditional backup (where restoring a full server can take hours), DRaaS with Veeam enables recovery times of minutes, with RPOs as low as 15 seconds thanks to continuous replication (CDP).

Checklist: Is Your Backup Ready?

Use this checklist to assess the maturity of your current backup strategy:

  • check_circle 3-2-1-1-0 policy defined and documented.
  • check_circle Offsite backup active and verified with immutable storage.
  • check_circle Microsoft 365 protected with a dedicated tool (not just native retention).
  • check_circle Restore tests performed at least once a month.
  • check_circle DRaaS plan documented with RTO and RPO defined for each critical service.
  • check_circle Alerting and monitoring configured to detect backup job failures.

Conclusion

An effective backup strategy is not a project you set up once and forget. It is a continuous process that requires planning, automation and regular verification. The key takeaways from this article are:

  • arrow_right Implement the 3-2-1-1-0 rule as the foundation of your strategy.
  • arrow_right Use immutable storage to protect against ransomware.
  • arrow_right Don't assume Microsoft protects your M365 data: use a dedicated solution.
  • arrow_right Define RPO and RTO for your critical services and evaluate whether you need DRaaS.
  • arrow_right Test your restores regularly: a backup that hasn't been tested is not a backup.
Backup Veeam Cloud DRaaS Microsoft 365 Ransomware
shield

Want to implement these practices in your organisation?

The EasyDataHost team helps you design and deploy your cloud backup strategy with Veeam, immutable storage and disaster recovery.

Talk to an expert View case studies