Cloud Backup & Recovery
Automated daily backups for Microsoft 365 and Google Workspace, stored on immutable cloud infrastructure, restorable down to a single email or file — so ransomware and accidental deletion never end the business.
Microsoft and Google Don't Back Up Your Data — They Run the Platform
Most SMB owners assume Microsoft 365 and Google Workspace include comprehensive backup. The platforms operate on a shared responsibility model: Microsoft and Google guarantee that their infrastructure is available; you're responsible for protecting your data.
Native retention is short. Permanently deleted items expire after 30–90 days. Ransomware that encrypts your OneDrive files looks like a normal "file changed" event to the platform — it's happily synced and replicated until you notice, by which point the version history may not go back far enough.
A real backup service is geographically separate, immutable, long-retention, and recoverable at granular levels. It's also tested — because an untested backup is just a hope.
3-2-1
backup rule, compliant by design
Daily
automated backups across services
7 yr
default retention for regulated industries
What's Included
All services, all data, all retention — managed end-to-end.
How It Works
From connect to confident recovery.
Connect
We connect to your M365 or Workspace tenant with least-privilege access. No agents to install. Initial backup runs in the background over 24–72 hours.
Protect
Daily incremental backups capture every change. Data writes to immutable cloud storage in a separate region from your production tenant.
Verify
We run automated integrity checks daily and physical recovery tests quarterly. Untested backups are theoretical backups.
Restore
When something breaks — deletion, ransomware, accidental edit — we restore at the right granularity. Single email, file version, full mailbox, or whole tenant.
Report
Monthly summary: backup status across services, restore events handled, retention window, recovery-test results.
Native vs Managed Backup
The gaps in default M365 / Workspace protection that managed backup closes.
| Dimension | Native (M365 / Workspace) | Kapacyber Managed |
|---|---|---|
| Mailbox retention | 30–90 days | Up to 7 years |
| Permanently deleted item recovery | After 30 days: gone | Recoverable for full retention window |
| Ransomware-encrypted file recovery | Only if caught within 30 days | Restore from any backed-up point |
| Backup storage location | Same region as production | Geographically separate |
| Immutability | Not guaranteed | Yes — by design |
| Recovery testing | None | Quarterly with documentation |
| Departed-employee data | Deleted on license removal | Preserved for full retention |
Tools We Operate
Industry-leading backup platforms — chosen for fit, not for kickbacks.
Built For
- • Businesses on Microsoft 365 or Google Workspace
- • Companies subject to data-retention regulation
- • Anyone whose business stops if email or files disappear
- • Cyber-insured businesses (most carriers require backup)
- • Businesses with departed-employee data preservation needs
Not Built For
- • On-premise file-server backup (different toolset; we'll help)
- • Specialised line-of-business databases (SQL, ERP — different service)
Related Reading
Endpoint Security
The 3-2-1 Backup Rule Explained
What immutable and offline actually mean.
Network Security
Cloud Security Essentials for SMBs
The shared responsibility model in plain English.
Threat Alert
Why SMBs Are the #1 Ransomware Target
The threat shift and how to defend.
Incident Response
The First 24 Hours After a Breach
Step-by-step playbook for the worst day.
Frequently Asked Questions
Doesn't Microsoft / Google already back up my data?
They guarantee uptime, not data recovery. Microsoft and Google use a shared responsibility model — they keep the platform running, but you're responsible for your data. Native retention is short (30–90 days) and there's no recovery of permanently deleted items, malicious deletions, or ransomware encryption events after a few days.
What's the 3-2-1 backup rule?
Three copies of your data, on two different media types, with one copy offsite. It's the gold standard for ransomware survivability. Our backup service satisfies the rule by default: your production data, our managed cloud backup, and a separate offsite copy. See the full breakdown in our 3-2-1 backup article.
How fast can you restore data after ransomware?
For typical incidents — encrypted M365 files, mailbox compromise, hijacked SharePoint sites — most restores complete in hours. Full-tenant restores can take 24–48 hours depending on data volume. We test recovery quarterly so we know what to expect.
Is the backup itself protected from ransomware?
Yes. Backups are written to immutable storage — meaning they cannot be altered or deleted, even by an attacker with admin credentials, for the retention window. Without immutability, ransomware operators routinely encrypt the backups before encrypting production.
How long do you retain backups?
Default retention is 7 years for compliance industries, 3 years for general SMBs. Custom retention available. We can also enforce legal-hold for specific users or data sets during litigation.
Survive Ransomware. Recover in Hours.
Free assessment. We'll review your current backup posture against the 3-2-1 rule and tell you what's actually recoverable.
Book Free Assessment