Google Workspace and Microsoft 365 Backup: Essential Platforms and Practices

Introduction: The cloud and a false sense of security

SMEs have adopted cloud suites like Google Workspace and Microsoft 365 at an explosive pace in recent years. These solutions offer high reliability, anywhere access, and internal backups of certain items. Yet a persistent myth holds that data hosted "in the cloud" is automatically safe, removing any need to back it up. In reality, your data remains your responsibility, even in the cloud. Microsoft and Google manage the underlying infrastructure and service availability, but they do not guarantee full recovery of your content when something goes wrong. For example, the accidental deletion of an email or a OneDrive file, the corruption of a document, or the compromise of an account can lead to permanent loss with no independent fallback. As the saying goes, the cloud is not a backup. Built-in recycle bins and versioning systems have a limited reach in time: beyond certain retention periods, your deleted data becomes unrecoverable.

Put plainly, cloud does not mean infallible. Microsoft itself admits as much, bluntly: in its own service agreement, the company recommends that users regularly back up their content using a third-party service. Why this explicit recommendation? Because cloud providers ensure the availability of the platform and protection against major server-side losses (hardware failures, datacenter disasters, etc.), but the protection of user data (emails, files, messages) against human error, software threats, or legal retention needs stays with the customer. This is the principle of the shared responsibility model: your provider manages the envelope, you manage the content.

So, to avoid catastrophic scenarios, an inadvertently deleted email, a corrupted document, a malicious intrusion, or ransomware encrypting your data, it is essential to set up your own backups of your Google Workspace and Microsoft 365 environments. That backup must be separate from the source (ideally stored in another system or location) so it stays available even if the primary platform is down or compromised. For an SME, this can make the difference between a simple annoyance and a prolonged shutdown of operations.

Why back up Microsoft 365 and Google Workspace?

Even when well informed, many SME IT managers still believe their emails, documents, and collaboration data don't need an external backup because "it's all already at Microsoft/Google, so it's protected." This view underestimates several concrete risks:

• Human error: A wrong move happens fast. An employee deletes an important shared file, empties the recycle bin by mistake, or overwrites an earlier version of a crucial document. Without an external backup, any deletion not caught in time becomes irreversible once the recovery window has passed. And those windows (30 days by default for the Gmail/Drive or OneDrive recycle bin, 93 days for the SharePoint recycle bin, etc.) go by quickly.
• Malice or ransomware: No business is safe from an internal malicious act (an employee who deliberately wipes data before leaving, for example) or from a cyberattack. Modern ransomware can encrypt not only workstations but also synchronized online content. An offline or off-cloud backup is then your best guarantee for restoring your files without paying a ransom.
• Limits of native systems: True, Microsoft 365 and Google Workspace include retention mechanisms (document version history, recycle bins, Google Vault or Microsoft Purview for legal hold, etc.). However, these tools do not replace a full backup: they mainly target short-term needs or internal e-discovery. They don't cover every scenario (for example, the purge of an account after an employee leaves, or synchronized file corruption propagated across all copies). On top of that, they often require specific configuration and regular monitoring, which isn't always done for lack of time or specialized knowledge.
• Business continuity and compliance: An SME has to plan for the worst: what do you do if cloud services are unavailable for several hours or days? Do you have a local copy of your vital documents so you can keep operating? Furthermore, certain standards (financial sector, healthcare) or laws may require keeping certain records beyond the durations managed by the service provider. For example, an important email deleted six months ago will no longer be recoverable through native tools, but if regulations require you to archive it for seven years, you are out of compliance without a standalone backup solution.

In short, an independent backup of your cloud data is essential insurance. It lets you quickly restore a mailbox, a Drive/OneDrive file, or a SharePoint/Google Site to an earlier state, even long after the deletion or alteration, and without depending on the provider's good graces. For Quebec SMEs, it also offers better control over where the backed-up data lives: by choosing to keep these backups locally (on servers in Quebec or in Canadian cloud storage), you simplify the governance of personal information and align with legal obligations such as Law 25 on data protection.

FOSS platforms vs. commercial platforms: two approaches

When the time comes to choose a backup solution for Google Workspace or Microsoft 365, two broad families are available: so-called FOSS solutions (Free and Open Source Software) and proprietary commercial solutions. Beyond the label, these two categories differ in their philosophy, their business model, and their development approach, with concrete impacts on user experience, costs, and the flexibility of the solution.

What is FOSS? It refers to software whose source code is open and freely accessible, often developed collaboratively by a community. The licence is generally free (or very low cost) and without per-user licence fees. Well-known examples of FOSS include Linux, Firefox, or, in our context, backup tools like BorgBackup or Duplicati. The appeal of FOSS lies in transparency, autonomy, and community: you can inspect the code (and thereby verify its security), modify it if needed, and benefit from improvements made by other users around the world. In exchange, these solutions often require a bit more technical skill in-house for installation and maintenance, and official support is limited (though the community can help through forums, wikis, etc.).

Commercial software: At the other end, commercial backup platforms are developed by a private company. They are generally sold as licences or subscriptions, with a cost per user, per data volume, or per protected service. Their source code is closed. The vendor provides customer support (sometimes 24/7), regular contractually guaranteed updates, and emphasizes a "turnkey" experience: a friendly interface, official integrations with Microsoft/Google APIs, guided installation, etc. In short, you pay for a finished, packaged product, with support. In exchange, you accept a form of dependency on the vendor (proprietary lock-in: the backed-up data is often in a format that requires the software to be read, and you have to remain a customer to keep getting updates). Costs can also add up depending on the number of users or the features you want.

To put it a little bluntly, choosing FOSS means choosing flexibility and control, at the price of investing more technical time up front, whereas a commercial solution offers convenience and professional support, but tends to be more expensive and less modifiable to your liking.

Costs and pricing models

The total cost of ownership (TCO) of a backup solution is not just the initial purchase price of the software. It also includes recurring costs (subscriptions, renewals), indirect costs (the necessary infrastructure, the work time to manage the solution), and possible opportunity costs (for example, downtime when a problem occurs). Let's compare how these costs play out for FOSS and commercial solutions:

• Software and licence cost: FOSS solutions are generally free or very affordable in themselves. There's no licence to buy per user or per year, you can download the software freely. This makes them an attractive choice for SMEs on tight budgets, all the more so since the cost doesn't rise directly with the number of accounts to back up. Commercial solutions, on the other hand, work through proprietary licences: you pay either a monthly/annual subscription per user (e.g. $X per Google/M365 account backed up) or a flat rate for a given capacity. Some vendors also segment their pricing by module: for example, a base plan for backing up emails and files, but a surcharge to include Teams or to enable certain advanced options. These multi-tier licence models with add-ons based on the components you protect can make the pricing grid complex. What's more, per-user pricing may look affordable at first but climb exponentially as your organization grows. It's not unusual to start with a modest per-user cost and find yourself, a few years later, with a hefty overall bill simply because of the increase in the number of users backed up.
• Infrastructure and storage: A backup means storage space to hold the copied data. With self-hosted open-source software, it's on you to provide a server (physical or virtual) and enough storage, for example a NAS in your offices, space on a public cloud (S3, Azure Blob, etc.), or with a local host. This storage cost is independent of the software itself: you'll pay it either way, FOSS or not. However, some commercial solutions include storage in their offering (notably cloud-to-cloud backup services that keep your backups on their own cloud). In that case, the storage cost is included in the user licence, up to certain limits, or billed separately by data volume. For FOSS, the initial hardware/server investment can be significant (buying a server or cloud space, network configuration, etc.), but it's a capitalizable investment (the hardware is yours and can serve other purposes). In commercial SaaS mode, the infrastructure is "invisible" to you (managed by the provider), which lightens the technical effort but means trusting the resilience and security of that outsourced infrastructure.
• Maintenance and support: This aspect can be a hidden cost. With an open-source solution, you don't pay mandatory vendor support, but you have to spend time (so, money) keeping it up to date, monitoring that it's running properly, and resolving any bugs or incompatibilities. This requires either in-house skills or turning to a specialized provider (such as an IT consulting firm) to support you. By contrast, the cost of commercial solutions generally includes access to vendor technical support, regular software updates, and security patches with no effort on your part. Some SMEs value this peace of mind: being able to call a hotline or open a ticket the moment a problem arises has value, especially if you don't have an experienced systems administrator in-house. So you have to weigh the trade-off between, on one hand, saving on licences but managing it yourself (FOSS) and, on the other, paying for licences but delegating part of the maintenance work to the vendor (commercial).
• Long-term cost and scalability: The multi-year TCO can hold surprises. FOSS software may require manual adjustments when Microsoft 365/Google Workspace versions change (e.g. if the APIs change, the community has to adapt the code), or one-off spending in the event of a failure (for example, urgently replacing a failed backup server). A commercial solution, for its part, may see its rates rise periodically, or bill for "extras" (e.g. retrieving archives beyond a certain volume, extending retention). Negotiate contracts carefully and anticipate the growth of your workforce: if you double in size, the cost of the commercial solution will follow, whereas the cost of a self-hosted open-source solution will likely climb more slowly (you'll mainly need to add storage, and perhaps server power, but no multiplying of per-user licences).

In summary, FOSS solutions have the advantage of a very low initial cost (often nothing for the software) but involve operational costs (infrastructure, expertise time) that you have to budget for. Commercial solutions present a visible cost in the form of a subscription, potentially high in aggregate, but one that includes a number of services (cloud infrastructure, support) that may justify the expense depending on your needs and internal constraints. The total cost of ownership must be calculated over time, factoring in these tangible and intangible elements to inform your decision.

Pros and cons of FOSS solutions

For an SME looking for a backup, FOSS platforms offer a set of unique advantages worth measuring, while staying aware of their possible limits. Here are the main points to weigh for free/open-source solutions:

Advantages of FOSS:

• Lower cost and financial independence: As mentioned, most open-source backup software is free to use or carries very modest costs. No per-seat licence and no subscription to renew, which greatly reduces the initial and recurring cost. This absence of fees frees up budget for other IT priorities or to invest in good storage hardware, for example. What's more, you're not held captive by a vendor that could raise its prices: the FOSS solution won't cut you off if you decide not to pay for support, you can keep using it freely.
• Flexibility and customization: Open-source software is often highly configurable. You can adapt it to your specific needs, add scripts, integrate it with other tools, even modify the source code if a feature is missing. It frequently offers a wide range of options (supported target storage types, compression modes, encryption, scheduling… depending on the case). This flexibility goes hand in hand with the possibility of customization: open source isn't a "black box," you can tune it to fit particular use cases, where commercial software would be locked into the vendor's choices.
• Transparency and controlled security: A benefit often cited for FOSS is the transparency of the code. Anyone (with the required skills) can audit the program, verify how security measures are implemented, and spot potential vulnerabilities. This openness of the code strengthens trust and quality: flaws are often detected and fixed quickly by the community. By being able to examine the source code, a security-conscious business can understand exactly how the data is encrypted, transmitted, and stored. This gives extra peace of mind to IT managers who want to be sure there's no backdoor or undue data collection in the backup tool.
• Avoiding proprietary lock-in (interoperability): With open-source solutions, the storage formats of the backups are generally open or documented. For example, some use standard formats (compressed .zip archives, etc.) or publish the specifications of their backup formats. The benefit? You can restore or migrate your data elsewhere without depending on a single piece of software. If one day you decide to change tools, you don't lose access to your old backups: no vendor lock-in. Since the data is in an open format, it's easy to move it to a new system without complex conversion or loss of information. In short, FOSS guarantees the longevity of the backed-up data, regardless of the fate of the tool itself. (Some SMEs appreciate knowing that even if the open-source project stops, they'll still be able to recover their backups by other means.)
• Community and innovation: Quality open-source projects often rally a dynamic community of users and developers. This translates into regular updates, the addition of new features suggested by users, and community support through forums, chat (IRC/Discord), shared FAQs, etc. For common problems, you'll often find tutorials, scripts, or solutions published by others. This collective intelligence is an asset: you're not alone with your software, the community may already have run into (and solved) problem X or Y similar to yours. Finally, openness encourages rapid innovation: if a new need emerges (e.g. supporting a new cloud service), a contributor can code the extension rather than waiting on a vendor's commercial goodwill.

Disadvantages of FOSS:

• Required expertise and learning curve: Let's be honest, setting up an open-source backup solution can require more technical skill than a ready-to-use commercial solution. Many FOSS tools are administered from the command line or through configuration files. The documentation, though often thorough, is sometimes technical or in English only. For an SME without dedicated IT staff, this can be a challenge. The absence of official support means you have to learn to manage on your own (or call on a provider occasionally). For example, configuring BorgBackup or Restic will require some command of Linux and scripting to automate the tasks, where a commercial solution would offer a graphical interface and wizards. The learning curve is therefore steeper, and it takes time to fully master the tool and its best practices (encrypting backups, rotating archives, etc.).
• Maintenance and responsibility: Using an open tool means being responsible for it end to end. If the backup stops because of a software error or an incompatibility, you'll have to diagnose and fix it (or seek community help). Updates don't apply automatically: it's up to you to watch for new versions and install them to benefit from security fixes. In short, FOSS "doesn't come with an after-sales service." This can be risky if no one in the company is assigned to the task or if keeping the tool up runs gets neglected for lack of time. Where a proprietary vendor would send you patch notifications or step in with support, FOSS puts you at the controls, for better and for worse.
• Sometimes less integrated features: Although very powerful, an open-source tool often focuses on a precise scope (the Unix principle: "do one thing and do it well"). As a result, certain "peripheral" features may be missing compared to complete commercial suites. For example, a FOSS solution might not natively include reporting with pretty dashboards, or a native connector to a given third-party service. You can often make up for it with additional modules or scripts, but that adds complexity. Likewise, there may not always be a sophisticated web interface to restore a file in a few clicks: the restore could involve a command or manual handling. Depending on the project's maturity, the user interfaces can be spartan or non-existent (some have only a CLI client). This can be a hurdle for delegating certain actions to less experienced technicians or for offering self-service to users (e.g. self-service restore of their lost emails, typically absent from FOSS).
• Community support vs. contractual support: In the event of a major hiccup, with FOSS you depend on the volunteer community to help you (through forums, Stack Overflow, Discord…). Responses can be fast and relevant if the project is active, but there's no guarantee of timing or outcome. Conversely, a support contract with a commercial vendor guarantees you a response within X hours, and a duty of effort to resolve the problem. For an SME, this point is crucial: can you afford to wait three days for a volunteer to identify your critical bug, or do you need a resolution within the day? It depends on your risk tolerance and the criticality of your data.

Weighing these elements, it's clear that FOSS solutions are particularly suited to organizations that seek technological sovereignty (full control, no dependency), that face strong budget constraints, and/or that have a certain amount of in-house IT expertise (or via a partner) to operate the tool. As it happens, here in Quebec, companies specialize in supporting SMEs down this path: that's the case for Blue Fox, which bets on open-source software to give small organizations the means to operate effectively without sacrificing their digital sovereignty or their privacy. If you value autonomy and transparency, FOSS is a choice aligned with those principles. You'll simply need to plan for the investment in time or external support to tame it properly.

Pros and cons of commercial solutions

Against the appeal of FOSS, commercial backup solutions retain strong popularity among SMEs, because they often answer immediate needs through accessibility and service. Let's examine their main strengths and limits:

Advantages of commercial platforms:

• Simplicity and a "turnkey" experience: A weighty argument in favour of proprietary solutions is their ease of deployment. Designed to be sold to as many customers as possible, they generally offer a friendly user interface, configuration wizards, even a fully managed deployment in the cloud. For example, to back up Office 365, it's often enough to create an account on the vendor's service, authorize it to access your Microsoft 365 tenant via the APIs, and you're set: the backups run automatically on a predefined schedule. No need to install a local server or write scripts. This "plug-and-play" approach is precious for SMEs that don't have the time or skills to tinker. The goal is minimal friction: a web console centralizes all the settings, you click to restore an item, etc. In short, it's ready to use, where a FOSS solution would be more "some assembly required."
• Technical support and guarantees: When you buy a commercial solution, you also buy a service. If you hit a problem or have a question, you can contact technical support (often French-speaking for products distributed in Quebec) that will assist you. Some vendors even offer onboarding help, training, etc. This availability from the provider is reassuring: you're not alone facing your backup. Moreover, through the licence agreement, the vendor can commit to guarantees (SLAs) for support or security. For example, a SaaS provider will state a target availability rate for its backup platform, or commit contractually to comply with law X and Y on confidentiality. These contractual guarantees don't exist with an open tool, where everything rests on you.
• Advanced features and integrations: Commercial products try to stand out from one another, which benefits users through a wide range of advanced features. For example, a proprietary Microsoft 365 backup solution might offer granular restore of individual emails directly into the original mailbox, attachment previews, the ability for an end user to trigger the restore themselves from Teams or Outlook, etc. Vendors increasingly build in artificial intelligence (anomaly detection in backups that can flag ransomware, full-text search across mail archives, etc.). Likewise, commercial solutions often offer ready-made integrations: connectors with Azure AD to auto-detect new employees to protect, export to legal archiving tools, compliance dashboards, etc. For an SME, this can bring concrete productivity benefits (saving time on restores, on audits, etc.).
• Updates and guaranteed compatibility: The Microsoft 365 and Google environments are constantly evolving (new features, API changes). A commercial provider is obligated to evolve its product in parallel to ensure compatibility. So you benefit from regular updates, generally automatic (especially for a SaaS service), that incorporate the latest changes: for example, support for a new service (such as backing up Microsoft Teams when it became crucial, or the future Loop app), or adapting to a change in Google Drive policy. You don't have to watch for this yourself; the vendor tracks it and informs you of what's new. This proactivity is particularly important when it comes to backing up third-party cloud services: the ability to restore an item depends on access to the right APIs, etc. With a commercial solution, you can expect that, say, the backup of Teams or Google Shared Drives will be supported shortly after their introduction, where with an open-source project you'd have to wait for a volunteer to look into it.
• An integrated, complete environment: Some commercial suites position themselves as global cyber-protection solutions. A vendor like Acronis, for example, combines cloud backups and anti-malware protection, monitoring, etc. within its platform. Others will include the backup of SaaS data, but also of workstations and local servers, in a single console. This can simplify life for an SME that prefers a single window to cover all its backup copies. Likewise, the centralized management interface, with automatic reports (backup success/failure emails, alerts), is a convenience you'd have to cobble together in FOSS. Reports and audits are often built in: you can easily show a compliance report demonstrating that all mailboxes are backed up daily, for example.

Disadvantages of commercial solutions:

• Potentially high cost and long-term commitment: The major downside is, obviously, the financial cost. Per-user or per-year licences can add up to a substantial sum for an SME over several years. You have to calculate the ROI carefully: granted, the cost of a data loss can be far greater, but you still need to be able to budget for these subscriptions. Moreover, it's common to be tied by commitments: annual or multi-year contracts, automatic renewal, etc. Switching from one commercial solution to another can prove complicated if the data is in a proprietary format (hence the lock-in risk mentioned earlier). Some providers offer to migrate your backups if you change platforms, but it's not guaranteed. You can also run into sometimes-hidden additional fees: for example, the need for a premium licence to enable zero-knowledge encryption, or an exit cost if you want to retrieve all your data at the end of the contract. These contractual aspects call for vigilance.
• Vendor dependency and reduced sovereignty: By choosing a commercial service, you entrust part of your data (your backups) to a third party. If it's an international cloud service, this can raise digital sovereignty questions: your O365 email backups may end up on servers in the United States or managed by an American company. For a Quebec SME, this means that data is potentially subject to foreign laws (e.g. the U.S. CLOUD Act) even if it's stored on Canadian soil. This can complicate compliance with Law 25, which requires knowing where and under which jurisdiction the personal data sits. The dependency also shows up in practice: if the provider suffers an outage of its backup system, your backups could be inaccessible at the critical moment. Or if it decides to discontinue its service (bankruptcy, acquisition), you'll have to urgently migrate your backup data. In short, you delegate a lot, sometimes at the expense of full sovereignty and control. It's a deliberate choice, but one to weigh against the nature of your data (some data is so sensitive it cannot legally be transferred outside certain frameworks).
• Hidden complexity in some solutions: While many commercial solutions aim to be simple, that isn't universally true. For example, Veeam Backup for Microsoft 365, a tool favoured by mid-sized businesses, requires installing and maintaining a local Windows server, with several components (SharePoint, Exchange explorers, etc.) to function, and its interface is software you have to install (no multi-OS web console). It's not insurmountable, but it does require technical expertise to deploy it properly. By comparison, other products like Acronis Cyber Protect favour a unified, all-in-one approach in the cloud, simplifying deployment. So not all commercial solutions are equal in ease: some, geared toward "enterprise," are as complex as a FOSS tool, the difference being that you have support on the line if something goes wrong. So you have to choose a solution suited to your internal skill level: an SME with no IT team will prefer a 100% cloud product, whereas an organization with systems administrators can manage a local Veeam without trouble and appreciate its functional richness.
• Changes dictated by the vendor: With proprietary software, you depend on the vendor's goodwill for improvements or changes. If the solution doesn't (yet) offer Google Workspace backup while you'd need it, all you can do is wait, hoping for a future version, or switch products. Likewise, the vendor can steer its roadmap according to its commercial interests, not necessarily aligned with your specific needs. For example, some providers prioritize Microsoft 365 first because demand is strong, and only develop Google Workspace support later (or vice versa). If your environment is "mixed" (Google and Microsoft), few commercial solutions cover both perfectly: you sometimes have to subscribe to two separate products, which adds cost and complexity.

In short, commercial solutions shine through their practicality and richness, which makes them very attractive for SMEs looking for fast implementation and reliable support. They do, however, mean trusting a third-party provider, both financially and in terms of data security. For many SMEs, this remains a reasonable compromise: sometimes it's better to pay for a proven service than to manage a free tool poorly. The key is to select the right partner: make sure the provider understands local concerns (language, Law 25, Canadian hosting if needed), that it has a good reputation (security certifications, etc.), and that it fits your size (some solutions target large enterprises and are oversized for a 20-person SME, for example). Note that specialized Quebec companies, such as Blue Fox, can advise you in this choice and even take on the day-to-day operation of the chosen tool, whether open source or commercial, giving you the best of both worlds: the peace of mind of a managed service, and the independence of the best-suited solution.

Overview of popular FOSS solutions

There are many open-source programs that can serve to back up Google Workspace and Microsoft 365 data, each with its own characteristics. Here's a tour of a few well-regarded FOSS tools that could fit into your backup strategy:

• BorgBackup: Often simply called Borg, it's a command-line backup utility focused on deduplication and efficiency. Borg backs up files while storing only the unique data blocks (no redundancy), which makes it very space-efficient, ideal if you have similar data or many versions. It supports compression (to reduce size) and authenticated encryption (for the confidentiality of the backups). Borg is appreciated for its reliability and its speed in incremental mode: after a first full backup, the following ones copy only the changes. For an SME, Borg can back up, for example, a regular export of data (such as a file tree from a OneDrive/Drive sync, or an email dump). It takes a bit of work to schedule it (via cron) and to restore (again from the command line or through a third-party tool like Vorta, which gives Borg a graphical interface). A notable advantage: its archive format and protocol can work in server mode (you can deploy a Borg repository on a NAS or a remote server reachable over SSH). So Borg is often used to back up to an external server or to the cloud (by mounting S3-type storage via FUSE, for example). Mature and stable, Borg is a powerful ally if you're comfortable with Linux.
• Restic: Restic is another pillar of modern open-source backup. Written in Go, it's designed to be simple to use, fast, and secure. Like Borg, it runs from the command line, offers deduplication and encryption, and supports many storage backends (local, FTP, SFTP, WebDAV, Amazon S3, Backblaze B2, Google Cloud Storage, etc.). Restic is appreciated for its clean design: a single binary to deploy, no complicated configuration. You run restic init to initialize a repository, then restic backup commands to back up a given directory to a given destination. It handles snapshots, partial restore, and integrity verification of the backups. For an SME, restic could, for example, be scripted to back up the contents of a Google Drive mounted on a PC every night, or mailboxes exported via IMAP. Since its code is open source, it benefits from regular audits and aims to be very secure (heavy use of authentication and encryption to prevent any silent alteration of the data). Restic has no native interface, but several third-party tools exist to make it friendlier if needed. In short: a Swiss Army knife of backup, versatile and reliable, well suited to heterogeneous environments thanks to its many supported storage targets.
• Duplicati: Unlike the previous two, Duplicati stands out for having an intuitive web interface that greatly eases getting started. Cross-platform (Windows, macOS, Linux), it lets you schedule file backups in a few clicks through a browser. Duplicati stores backups as encrypted compressed archives (standard ZIP/AES formats by default) on a variety of destinations: local disks, network servers (FTP, WebDAV), or mainstream cloud services (OneDrive, Google Drive, Amazon S3, etc., a long list is supported natively). This compatibility with clouds makes it an excellent candidate for backing up your SaaS data: for example, you can set up Duplicati on a local server so it connects to your OneDrive account and stores an encrypted copy of certain data there, or conversely back up synchronized cloud data locally. One of Duplicati's strengths is being open source yet user-friendly: you don't need deep knowledge to get it working. It handles full and incremental backups, retention (automatic deletion of old versions according to a policy you define), and uses standard tools (it relies on components like ZIP for compression and AES-256 for encryption, which guarantees you can always open the archives by other means if needed). Note: Duplicati is in active development (version 2 in progress) and, although stable enough for normal use, some very large data sets can strain its performance. For a typical SME, however (a few terabytes to back up at most), it does the job very well.
• Kopia: Younger on the scene (developed since around 2019), Kopia is a promising project that aims to combine the best of its predecessors. Also open source and multi-OS, Kopia offers performance and encryption by default, with a command-line interface and an optional graphical interface. It picks up the principle of global deduplication and incremental storage, and supports various backends (from S3 to Google Cloud, by way of local storage or SFTP). One of its strengths is speed: it leverages multi-core architectures to parallelize tasks, which makes it very fast on large backups. Kopia also has smart management of snapshots (restore points) and allows several repository configurations at once. For an SME, Kopia can be interesting if it keeps moving toward even more ease of use (its graphical interface is still in development, which will make it more accessible). It's often compared to Restic, to which it aims to be an alternative with potentially better performance in some respects and very active development.
• Other notable tools: We could also mention Bacula (and its modern version Bareos), a great classic of open-source enterprise backup: very complete but complex to configure, it's better suited to mixed environments (backing up servers, databases, etc., with agents to deploy). UrBackup is an open solution focused on backing up PCs/servers (disk images or files) through a central server, with a web interface, which could cover the backup of workstations holding data synced from the cloud. There are also specific utilities for certain SaaS data: for example Gmail Backup or Gmvault to back up Gmail email over IMAP, or Google Takeout (Google's export tool) that can be automated and whose output could then be archived through a tool like Borg/Restic. The FOSS world therefore offers an array of building blocks you can assemble to fit your precise needs, at the price of integration effort.

It's important to note that none of these FOSS tools is designed specifically as THE turnkey solution for Google Workspace or Microsoft 365. Often, you use them in combination with scripts or other services: for example, you can schedule a regular extraction of the data (via the Microsoft Graph or Google APIs) then store those exports through Restic or Duplicati. This is where professional expertise and support come into play for SMEs: an integrator like Blue Fox can develop these automations and deliver a "custom" open-source solution that meets your requirements (including encrypting the backups and storing them on Quebec servers, to reconcile efficiency and compliance).

Overview of popular commercial solutions

The market for professional backup solutions for Microsoft 365 and Google Workspace is well developed, with many players offering proven products. Here's a look at a few commercial platforms often considered by SMEs, each with its own particular strengths:

• Veeam Backup for Microsoft 365: Veeam is a well-known name in the backup world, especially for virtualized infrastructure. Its solution dedicated to Microsoft 365 (Exchange Online, OneDrive, SharePoint, Teams) is very complete in terms of backup and restore features. Veeam lets you store the backed-up data locally (on your server, a NAS, or in a cloud of your choice) and offers granular restore tools (for example, restoring an individual email to the original mailbox, or exporting data in standard formats like PST, etc.). The advantage for the business is full control: the backups stay with you or in the location you define, which can help meet compliance requirements. Veeam also provides a degree of unification: if you already use Veeam to back up your servers or VMs, adding the Office 365 module fits into a similar console, with the option to centralize reporting. On the other hand, Veeam is not delivered as SaaS: you have to install the software on a Windows server that you manage, along with the necessary components (the "Explorers" to browse Exchange, SharePoint backups…). This involves a bit of maintenance and resources on your part. For SMEs with a competent IT department or supported by a provider, it's an excellent choice offering reliability and performance. Note that Veeam doesn't offer an equivalent product for Google Workspace to date: it's really Microsoft-centric. If you're exclusively on Microsoft 365, it's a prime candidate; otherwise, you'll have to complement it with something else for Google.
• Acronis Cyber Protect: Acronis is a long-standing maker of backup solutions that has evolved its offering toward a unified cyber-protection platform. Its product Acronis Cyber Protect (as a cloud service managed by Acronis or deployable on-premise) lets you back up workstations, servers, and the Microsoft 365 and Google Workspace environments all at once. So it's an interesting all-in-one solution if you're looking to cover several areas (e.g. both SaaS cloud data and employees' laptops). Acronis stands out for integrating security features: ransomware detection, antivirus scanning of backups, etc., avoiding backing up already-infected files or spreading threats. On the M365/Google backup side, it's a full SaaS approach: an agent in the cloud connects to your tenants via API and performs the copies to Acronis storage (located in datacenters of your choosing, possibly in Canada depending on the options). The user experience is appreciated for its simplicity: everything is managed from a modern, multi-tenant web console (handy for MSPs managing several clients, or for isolating departments). In terms of cost, Acronis works by subscription per workload (for example per M365 user or per device), with different tiers depending on the features. This offers flexibility (you can buy only what you need), but it can seem complex to navigate. One benefit for an SME is that Acronis has a local presence through partners: several Quebec providers offer Acronis solutions to their SME customers, which ensures nearby support. If you're looking for a centralized solution that ticks both the SaaS backup and endpoint protection boxes, Acronis is a serious contender.
• AvePoint Cloud Backup: AvePoint is a longtime Microsoft partner, initially recognized for its SharePoint tools. Today they offer a 100% cloud backup solution covering Microsoft 365 and Google Workspace. It's one of the few to address both environments well in a unified interface. Its positioning is clearly the "click and forget" service: once configured (a few clicks to connect your O365/G Workspace admin accounts), the system performs automated daily backups (up to four times a day for Microsoft 365, for example). The data is stored encrypted on AvePoint's cloud (with the option to choose the storage region, which matters for compliance, they notably have a presence in Canada). AvePoint offers granular restores through a web interface, or even through Teams chatbots (a user can restore a file via a chatbot, which is fairly innovative). The strong point is the functional depth: according to comparisons, AvePoint offers a very wide range of covered content types (emails, calendars, contacts, OneDrive/SharePoint/Teams, but also Gmail, Google Drive, Contacts, Calendars on the Google side). It's a mature solution, adopted even by large organizations, and available through MSPs or local resellers for SMEs. On the budget side, AvePoint works by annual subscription per backed-up user, positioned in the high-end market price range. But for that price, the SME gets a robust solution, with no internal maintenance. If your priority is a hassle-free SaaS backup for all your cloud services, with the backing of a big name, AvePoint is an option worth considering.
• Druva (CloudRanger/inSync): Druva is a player specialized in cloud-native backup. Its platform (named Druva InSync for the endpoints & SaaS part) is entirely hosted in the public cloud and offered on a subscription basis. Druva covers the backup of endpoints (mobile PCs/Macs), servers, but also Microsoft 365 and Google Workspace. Its credo is simplicity and scalability: as a customer, you have nothing to install locally, everything happens through their cloud console. Druva is designed to minimize human intervention, for example, you can define policies that auto-include all new O365 users in the backup, or that adjust the frequency based on user groups. Druva manages the storage of the backups in the cloud (generally based on AWS) with immutability mechanisms (the backups cannot be altered or deleted prematurely, useful against attacks). On the security side, they encrypt end to end and offer options for a customer-held encryption key. For an SME without local infrastructure, Druva is attractive because you can administer everything from a browser, and leave the volume / performance aspect to the provider. In general, feedback highlights great reliability (high backup success rate, efficient restore) and competent support. The pricing model is also per user per year, often with a minimum number of users required (their target is rather mid-sized to large environments, but SME offerings exist). By choosing Druva, you choose all-cloud and the experience of a specialist of the kind. The SME must, however, make sure that Druva's hosting of the backups is done in a compliant region (Druva lets you choose the AWS region, so you can opt for Canada).
• Other commercial solutions worth noting: The landscape is vast. We can also mention Barracuda Cloud-to-Cloud Backup (by Barracuda Networks), Datto SaaS Protection (Backupify), widely used by MSPs for SMEs, offering O365/Google backup in the cloud, or solutions like Commvault Metallic (Commvault's SaaS offering) that also target this market. Microsoft itself announced the preview of Microsoft 365 Backup (a native backup solution by Microsoft) in 2023, but to date this service is in preview and requires pairing with a third-party partner for storage, it's not yet ready to replace the established solutions. Finally, let's cite Spanning Backup (a division of Kaseya), a pioneer of SaaS backup for Google Apps/Microsoft 365, or Veritas (Alta) SaaS Backup. Each of these solutions has its specifics in terms of pricing, user experience, and depth of coverage. For an SME, the choice is often made with the help of an integrator or consultant, who can recommend the tool aligned with the needs and budget.

Ultimately, the good news is that there are now proven solutions to back up cloud environments effectively, whatever your preference for open source or commercial. In the next section, we'll address the security and compliance considerations, which are at the heart of the concerns when choosing and deploying these solutions.

Security, compliance, and data hosting options

Data sovereignty, data localization, and data residency are related but distinct notions, which it's essential to understand in order to manage the legal compliance of your backups.

When it comes to backing up business data, whether it comes from local servers or the cloud, you absolutely must consider the security of those backups and the legal compliance of where they're stored. For Quebec SMEs, two key issues are the protection of personal information (required by Law 25) and data sovereignty (where and under which jurisdiction the data is hosted).

Encryption and access control: The first layer of security for your backups is encryption. Whether you opt for a FOSS or commercial solution, make sure the backed-up data is encrypted, ideally end to end. This means the data is encrypted before it even leaves your production environment, and is decryptable only by you (with your key). That way, if a third party got hold of your backup files, they couldn't make anything of them. Most open-source solutions (Borg, Restic, Duplicati, etc.) encrypt with AES-256 or equivalent using a passphrase you define. On the commercial side, many offer the option of customer-managed encryption: for example, Druva or Acronis let you enable a private key held by you alone. It's crucial to take advantage of these features: an unencrypted backup is a major risk (imagine a third-party cloud storage being compromised, all your sensitive data could leak in the clear). Beyond encryption, access control to the backup consoles must be rigorous. Assign minimal roles and permissions: for example, a technician may have the right to restore a user file on request, but not to delete backups. Commercial solutions often offer granular access management (multi-admin, operation auditing). On a FOSS system, you'll have to implement these controls through the system's permissions (for example, restricting access to the backup server to a few trusted people only). Let's not forget best practices: using multi-factor authentication on the administrator accounts of the backup solution (especially if it's accessible online), logging operations (who restored what, when), and regularly testing that the backups are recoverable (an untested backup is not a reliable backup!).

Compliance with Law 25 and data protection standards: Since September 2022 for certain provisions (and 2023 for others), Quebec's Law 25 imposes heightened requirements on businesses regarding the protection of personal information. Two notable obligations apply directly to our context: first, that of adequately protecting the personal data in your care (which includes not leaving it exposed in insecure backups, for example), and second, that of being transparent about where that data is hosted. If your backups contain information about individuals (employees, customers, etc.), you must therefore know and be able to explain where they physically reside and under which jurisdiction. Law 25 also provides that if you transfer personal data outside Quebec, you must carry out a privacy impact assessment (PIA) to ensure that the data will receive a level of protection equivalent to Quebec's. This doesn't mean you can't use foreign cloud services, but that you have to do so knowingly and take additional measures as needed (strong encryption, contractual clauses, choosing an adequate storage region, etc.). In the event of a serious breach, the Commission d'accès à l'information can impose significant penalties, hence the value of documenting your backup strategy from a compliance standpoint.

Data sovereignty and hosting location: By data sovereignty, we mean the fact that data is subject to the laws of the country where it resides. To simplify, if your backups are stored in Quebec (on a server you operate), they're governed by Canadian and Quebec privacy law (Law 25, federal PIPEDA). On the other hand, if you entrust those backups to a provider headquartered abroad, there's a risk that foreign laws apply. A concrete example: a Quebec SME hosts its backups with an American cloud provider, even on servers located in Montreal, under the U.S. CLOUD Act, that provider could be compelled to hand over this data to American authorities on request. So physical location isn't always enough: what also matters is the control of the company that hosts the data. For this reason, more and more organizations opt for so-called "sovereign cloud" providers, that is, local ones independent of the big foreign groups, to host their sensitive backups. For example, Blue Fox and others offer 100% Quebec backup hosting services, guaranteeing that the data stays under Canadian jurisdiction only. Depending on the sensitivity of your data, it's an option to evaluate. Failing that, if you use a foreign service, make sure you clearly understand where the data will be stored (some let you choose the region: pick "Canada" when available) and who can access it.

Local vs. cloud hosting: This choice has a direct impact on security and compliance. Local hosting (on-premise) means you keep your backups on disks/servers in your premises or your datacenters. The advantage is full control: no transit over the Internet (if 100% local), no third party with access, and you know exactly who manages physical and logical access. It's reassuring for confidentiality, and it can ease compliance (your data doesn't leave the country). On the other hand, you have to handle security from A to Z: encrypt the backups to guard against hardware theft, plan for redundancy (because a single local backup can burn in a fire, for example), and protect these backups from local disasters. What's more, if your premises are burgled, the backups can be targeted, hence the idea of storing an off-site copy regardless. Cloud hosting (with a provider) has the benefit of geographic replication and robustness: the major clouds have sophisticated anti-fire, anti-failure measures. Entrusting your backups to Microsoft Azure, Amazon, or Google Cloud assures you they won't vanish due to a failed hard drive, but it exposes you to the sovereignty issues mentioned. A hybrid solution consists of encrypting your data very strongly before sending it to a foreign cloud: that way, even if a foreign authority accessed it, it would be unintelligible without your keys. For example, you could use Restic to encrypt your backups and store them on Amazon S3 (Montreal region), combining the resilience of the cloud and the confidentiality of self-managed encryption.

Sector compliance and retention period: Also think about the specific standards of your sector. Some industries require keeping backups for a certain time (e.g. seven years in the financial sector or for transaction-related documents). Others impose regular audit measures. Make sure the chosen solution lets you set the retention period of the backups in line with your obligations. For example, a commercial solution might let you mark certain backups as "legal hold" so they aren't purged before a given date. With an open-source solution, you'll have to configure the retention policies carefully (don't automatically erase backups older than X days if that isn't desirable). The secure destruction of data at end of life is also an aspect: erasing an old backup containing personal data should ideally make it unrecoverable. Here again, if you're the one managing the storage, it's up to you to handle it (degaussing tapes, secure file deletion). If it's a provider, ask about their policy on this.

In short, the security and compliance of backups is a multi-faceted effort: technical (encryption, access, testing), legal (storage location, contracts with providers), and organizational (internal policies, training). For an SME, this can seem heavy, but surrounding yourself with competent partners helps a great deal. Consultants specialized in cybersecurity or data protection can carry out PIAs with you to validate your choices, and local providers like Blue Fox can guarantee hosting compliant with Quebec laws while supporting you on the secure implementation. The ultimate goal: that your backups fulfill their role as a safety net without creating a new vulnerability or putting you at odds with the regulations.

Ease of implementation and maintenance

One last aspect, and not the least: the day-to-day practicality of the chosen solution. A backup, to be effective, must be deployed correctly and then followed over time. Here again, the FOSS and commercial approaches differ in how to get there.

Initial implementation: On the FOSS side, the implementation phase will typically require a larger integration effort. Installing the software (often on Linux), configuring it (backup scripts, authentication to cloud APIs if needed, setting up encryption, etc.), testing the first backup, adjusting… This can represent several days of work for a competent administrator, especially if you then have to automate and document the process. In exchange, this implementation can be very custom, adapted exactly to the company's workflows. By contrast, a commercial solution, especially in SaaS mode, can be operational in a few hours. For example, for a 50-person SME on Microsoft 365, a cloud tool like AvePoint or Druva will set up by creating an online account, connecting the tenant (via an administrator OAuth consent to the provider's application), then defining policies. In half a day, all the mailboxes, OneDrive, and SharePoint sites can be on automatic daily backup. No infrastructure needed, no scripts to code: it's ready to serve. Moreover, the provider or reseller often supports this initial setup with a configuration session. It has to be acknowledged that for an SME without an internal specialist, this is a weighty argument: the time saved on installation can be invested elsewhere.

Ease of everyday use: Once in place, what's the day-to-day use like? Imagine you have to restore user X's file that they deleted a month ago. With a commercial solution that has a user interface, it's often a few clicks (selecting the user, searching for the file by its name or date, then clicking "Restore"). Some even offer interfaces for end users (e.g. a self-service portal where everyone can find their deleted items). With a raw FOSS solution, the restore could involve a series of commands: first listing the available snapshots, finding the right file, launching the restore to a temporary directory, then returning the file to the user. It's perfectly doable, but it calls for more manual steps by a technician. Likewise, to monitor that the backups are going well: on an open-source system, you'll set up scripts to send reports by email or you'll check the logs regularly. A commercial product will often have a dashboard with green/red lights, and will automatically send a daily report on the status of the backups. This administrative convenience can make the difference in a very busy small IT team.

Maintenance and updates: Open-source software will require updates (for example, if you use Duplicati, you'd have to apply the new version when it comes out to benefit from the fixes). It's not frequent (a few times a year in general), but it's up to you to manage it. Likewise, if you add users or data to back up, you'll potentially have to adjust your scripts or configurations (FOSS doesn't necessarily auto-discover new accounts, unless you've programmed it). Conversely, a managed solution will self-update (the provider applies the patches on its cloud or supplies you the package through its built-in updater) and often offers self-protection features (e.g. detecting that a new user was created in Microsoft 365 and automatically adding them to the backups if they're in a defined group). The pure technical maintenance is therefore largely outsourced in the case of a SaaS. This reduces the risk of error (like forgetting to update and ending up with an incompatibility). On the other hand, you depend on the vendor's schedule: if there's a blocking bug, you wait for the patch, whereas in the open-source world you could try to fix it yourself urgently (that's rare, though, and calls for development skills).

Adapting to change: As mentioned: Microsoft and Google evolve their platforms. For example, Microsoft introduces a new Loop storage space or changes the Teams API. If you're on FOSS, you'll have to watch for these changes and check that your solution handles them. Maybe the community will release a plugin or an update for it, but it's not guaranteed immediately. In a commercial environment, the vendor will communicate about supporting these new features, sometimes with a slight delay, but it's clearly within its scope of work. We recently saw Microsoft announce its own backup solution: this proves the field is moving, and you'll have to stay alert. The advantage of working with a provider or an integrator is that someone keeps watch for you over these developments. For example, Blue Fox or another partner could alert you: "Microsoft is going to raise the size limit on Teams attachments, we need to adapt the backup strategy accordingly," etc. In short, the technology watch is more sustained on the commercial side (by nature, they sell their ability to keep up with the state of the art).

Human resources involved: In the end, the ease of implementation and maintenance is reflected in the human workload. A complicated or ill-suited tool can end up… no longer being used correctly. How many companies set up a backup then neglect to monitor the reports, discovering too late that it stopped working six months ago? This risk exists more with an in-house or unsupervised FOSS solution. With a managed service, you generally have proactive alerts or a provider who handles it. The question the IT manager has to ask: do we have the bandwidth to manage this backup ourselves? If yes (and gladly, because we like being in control of it), then open source can be considered in-house. If not, it's better either to opt for a managed solution or to entrust the management of the backup to a third party. As it happens, plenty of MSPs (managed service providers) offer cloud backup solutions for Microsoft 365/Google Workspace to their SME customers, often relying on a commercial tool in the background, but providing the layer of service and human support. For example, the cooperative mentioned earlier (Code3) or Blue Fox offer this kind of turnkey service to take this weight off SMEs. The benefit is that the expertise is shared: you benefit from people who do this every day and know the pitfalls, for a cost that's often reasonable relative to the risk covered.

To conclude this part, you could say that the best solution is the one you're able to operate correctly over time. A backup solution, however sophisticated, is useless if it isn't configured 100%, monitored regularly, and tested. A simple but well-managed solution is better than a theoretically superior one left abandoned for lack of skills. Ease of use is therefore not a luxury: it directly conditions the effectiveness of your data protection. On this score, commercial solutions often score decisive points, but a FOSS tool well mastered by your teams or your partners can absolutely hold its own, provided it's given the necessary attention.

Conclusion

Backing up Google Workspace and Microsoft 365 environments is no longer optional, it's vital insurance for the continuity of our SMEs' operations, in an era where a good part of the information heritage lives in these clouds. We've seen that there are two families of solutions to get there, open-source software (FOSS) and proprietary commercial platforms, each with its merits and its constraints. The choice between the two isn't black and white: it depends on multiple factors specific to your business.

To recap: FOSS solutions offer full control, independence from vendors, and a very low direct cost. They'll appeal to IT managers who value digital sovereignty, code transparency, and adaptability, or to those who face tight budget constraints and are ready to make up for it with internal time/skill. On the other hand, they require a stronger technical commitment: these are tools you have to operate, integrate, and nurture to get the best out of them. For an SME with few IT resources, this can be a challenge, but not insurmountable if you lean on support. In Quebec, in fact, we see a favourable movement toward open-source software in SMEs and non-profits, driven by players like Blue Fox among others, who can help implement these custom FOSS solutions and manage them for the client. That way, even a small organization can benefit from the power of open source without suffering its complexity directly, thanks to a managed service built around FOSS.

Commercial solutions, for their part, bring a comfort of use and a functional completeness that are often unmatched. For an SME IT manager wearing many hats, it's reassuring to know that the backup is running in a corner, monitored by a provider that does it for thousands of customers. The pleasant interface, the support when something goes wrong, the automatic updates, all of this reduces the risk of error and ensures a degree of reliability. Of course, it has a cost, which you have to weigh against the tangible benefits (time saved, risk mitigated). Sometimes the expense is well worth it if it avoids even a single day of downtime or a loss of critical data. You do, however, have to stay vigilant about compliance: an external service means checking where the data goes and under which laws. But here again, the market offers options aligned with our local needs (e.g. cloud backups whose data stays in Canada, or providers who know Law 25 and build in these notions).

In the end, the best choice can be a mix: using FOSS for certain specific backups and a commercial solution for others, or starting with a managed solution then migrating to an internal open-source solution as the IT team builds up its skills. The key is to have a clear backup strategy that's been tested. Whatever the tool, make sure you've documented: What is being backed up? How often? Where? How do you restore? Who to contact if there's a problem? No solution (open or paid) eliminates the need for this thinking.

For Quebec SME IT managers, the topic of backing up Workspace and Office 365 must be demystified: no, not everything is automatically kept forever in the cloud, and yes, there are affordable and effective solutions to protect this critical cloud data. Whether you're a fan of open-source software or a follower of turnkey suites, the essential thing is to act: set up that lifeline that one day, perhaps, will save your business from a digital disaster. And don't hesitate to get support: specialized companies like Blue Fox offer this type of service to Quebec SMEs, combining FOSS expertise, knowledge of the local reality, and personalized backing. With the right partner and the right solution, you'll be able to rest easy knowing that even in the worst case, your data will remain within reach.

Sources and bibliography:

• CODE3 blog article: « Pourquoi faire un backup de service cloud comme Microsoft 365 et Google Workspace ? » (April 29, 2025). Stresses that cloud providers do not guarantee full recovery of deleted or corrupted data and reminds readers that the cloud is not a backup (limited retention window and risk of permanent loss).
• Veeam (French-language blog): « Le modèle de partage des responsabilités Microsoft 365 » (February 2025). Excerpt from the Microsoft service agreement stating "We recommend that you regularly back up your content and data […] using third-party services," which confirms that Microsoft encourages the use of an external backup to protect M365 data.
• ited.com: « CLOUD Act et FISA : assurez la souveraineté de vos données » (2025 article). Mentions Quebec's Law 25, comparable to the GDPR, which requires businesses to protect personal information and be transparent about where the data is hosted, under penalty of significant sanctions.
• ited.com: same source as above. Explains that a Quebec SME storing its data in Canada benefits from Canadian laws (Law 25, PIPEDA)… unless the cloud provider is controlled by a foreign entity, highlighting the risk tied to the CLOUD Act when the host is American.
• Zmanda (blog): « Pourquoi les solutions de sauvegarde basées sur Open Source changent la donne » (March 2023). Indicates that open-source backup solutions are available for free or at low cost, ideal for businesses on tight budgets, while offering more flexibility and customization compared to proprietary software.
• Zmanda (same article). Stresses the increased transparency of open-source backup solutions: auditable source code, allowing the security model to be verified and potential vulnerabilities to be spotted, which brings greater security to data-conscious users.
• Zmanda (same article). Highlights that with open formats for the backed-up data, users of open-source solutions avoid vendor lock-in: they can migrate their data to another solution without loss or conversion, preserving access to the backups over time.
• Bacula Systems (blog): « Solutions et outils de sauvegarde de Microsoft 365 en 2025 ». Mentions that pricing models in the M365 backup market can be complex, with multiple licences and various price add-ons depending on the components (Exchange, SharePoint, etc.) to be backed up.
• Bacula Systems (same article). Indicates that it's common for backup solutions to bill per M365 user, which can seem affordable at first but become costly at scale (you start with a modest price, then reach a high overall price simply because of the number of users).
• Palmiq (blog): « Acronis vs Veeam: Which Fits Your Business? » (Sept. 2025). Compares ease of deployment: notes that Acronis offers an all-in-one solution that's simpler to deploy and maintain, whereas Veeam, although very powerful, requires the use of multiple tools and more technical expertise to be implemented effectively.