Cybersecurity — 3-2-1 backup

3-2-1 backup and recovery of business data

A backup is not judged when it runs, but when you restore. We apply the 3-2-1 rule — three copies of your data, on two different media, one of them off site — to the servers, workstations and Microsoft 365 data of companies in Paris and Île-de-France. Retention matched to your obligations, immutable copies and documented restore tests complete the setup.

What holds you back

The patterns we keep seeing.

01

A backup that has never been tested

The jobs run, the indicators are green, and nobody has ever restored anything. On the day of the disaster, you discover missing data, a corrupted copy or a restore that takes days. An untested backup is nothing more than an assumption.

02

Every copy in the same place

A drive plugged into the server, a NAS (network-attached storage) on the same premises: a fire, a theft, water damage or ransomware takes out production and backup at the same time. The off-site copy and immutability exist precisely for this scenario.

03

Microsoft 365 assumed to be backed up

Recycle bins and native retention protect against recent accidental deletion, not against a compromised account, malicious encryption or long-term retention needs. Without a copy independent of the tenant, the company’s email and documents rest on an incomplete safety net.

What we cover

The scope of the service.

01 / SERVERS & WORKSTATIONS

Server and workstation backup

Protection for the data carried by your infrastructure: physical or virtualised servers, business applications and workstations holding local data.

  • Windows and Linux servers, physical or virtual
  • Hyper-V, VMware or Proxmox virtual machines
  • Business applications and databases
  • Workstations holding local data
  • Image backup to rebuild a complete server
02 / MICROSOFT 365

Microsoft 365 tenant backup

A copy of your cloud data independent of the tenant, with its own retention: email, files and collaboration spaces.

  • Mailboxes and calendars
  • OneDrive files
  • SharePoint sites and Teams spaces
  • Granular restore: a message, a file, a site
  • Retention independent of the native recycle bins
03 / OFF-SITE & IMMUTABILITY

Off-site copies and immutability

The 3-2-1 architecture separates the copies, designed to limit the risk that a single event — disaster, theft, encryption — compromises them all.

  • Local copy for fast restores
  • Externalised off-site copy
  • Immutable copies: cannot be altered or deleted for the defined period
  • Encryption of backed-up data
  • Segregated access to the backups
04 / RETENTION & TESTS

Retention, monitoring and restore tests

A backup has to be operated: a retention policy matched to your obligations, monitoring of the jobs and documented trial restores.

  • Retention policy matched to your record-keeping obligations
  • Job monitoring and failure handling
  • Scheduled, documented restore tests
  • Data loss (RPO) and recovery time (RTO) objectives formalised in the contract
  • Reporting at regular check-ins
How we proceed

From scoping to follow-up.

The exact scope, deliverables and timelines are formalised in the proposal, before any commitment.

1
Data audit

Inventory of servers, virtual machines, workstations and Microsoft 365 data; identification of critical data, volumes and retention needs.

2
Backup plan design

A 3-2-1 architecture matched to your context: media, off-site copy, immutability, retention and recovery objectives, presented with their costs so you can arbitrate.

3
Implementation

Deployment of the solution, first full backup, set-up of the externalised copy and verification that the agreed scope is covered.

4
Initial restore test

A documented trial restore — a file, a virtual machine, a mailbox — before the service goes into production: proof comes before trust.

5
Operations and control

Monitoring of the jobs, handling of failures, periodic tests at the frequency set in your contract and a review of the policy at regular check-ins.

Frequently asked questions — cybersecurity

The answers describe how the service works. Quantified commitments are formalised in your contract.

It consists of keeping three copies of your data — production plus two backups — on two different types of media, with one copy off site. This separation covers the scenarios that take out production and backup at the same time: a disaster on the premises, theft, storage hardware failure or ransomware. It is the foundation of the setup we deploy, complemented — depending on criticality — by an immutable copy.
Through regular, documented restore tests: actually restoring a file, a virtual machine or a mailbox, then checking the integrity of the result. Checking the logs is not enough — a “successful” job can produce an unusable copy. The frequency of these tests, along with the data loss (RPO) and recovery time (RTO) objectives, is formalised in your service contract.
Not in the sense of a business backup: the shared-responsibility model makes Microsoft responsible for the availability of the platform, and the company for the protection of its data over time. The native mechanisms — recycle bins, default retention — target recent accidental deletion, not a compromised account, malicious encryption or long-term retention needs. A backup independent of the tenant, with its own retention, closes that gap.
It is a copy that can be neither modified nor deleted for a defined period, even with administrator rights. Ransomware attacks often try to encrypt or erase the backups before hitting production, precisely to prevent restoration. The immutable copy is designed to remain usable in that scenario; its immutability period is defined with you during scoping.
The volume of data to protect, the number of servers, virtual machines, workstations and Microsoft 365 accounts, the retention periods, the presence of an off-site copy and immutable copies, and the frequency of restore tests. Reliable pricing requires a prior audit of the actual volumes; it is then formalised in the specific terms of your contract.
The timeframe depends on the scenario — restoring a file or a mailbox is nothing like rebuilding a complete server — as well as on the volumes and the copy used, local or off-site. The recovery time (RTO) and maximum data loss (RPO) objectives are formalised in the specific terms of your service contract: we do not publish timeframes that are not contractual.
Yes. The initial audit assesses the setup in place: the scope actually covered, retention, the existence of an off-site copy and the results of the latest restore tests. What works is kept and documented; what presents a risk is the subject of a reasoned recommendation, with a planned migration if necessary.
Your data and its backups belong to you. The contract sets out the terms of reversibility: hand-back of the data in usable formats, the fate of the copies after the contract ends and support for the incoming provider. These conditions are formalised before the engagement starts, not at the moment of exit.
It contributes to it without being sufficient on its own: backup is part of the technical measures expected for the availability of data and the ability to restore it. Retention periods and the location of the copies are defined during scoping to fit the applicable obligations, in particular retention duration requirements. The legal qualification of your compliance remains something to validate with your counsel or your data protection officer (DPO).

An audit, then a clear plan.

Describe your need in a minute. We come back with an assessment and prioritised next steps.

3-2-1 backup for business in Paris and Île-de-France | Dalena