Securing the hybrid IT: Stopping data loss across on-prem, SaaS, cloud and endpoints

The traditional IT perimeter is gone. With the rise in hybrid and remote work, business-critical data no longer sits neatly behind a firewall. It now flows across on-prem servers, SaaS applications, cloud workloads and a wide range of remote endpoints. This shift has expanded the attack surface, making it far more complex for businesses to protect their data and maintain control.

In this article, we’ll explore how hybrid work has reshaped the way organizations manage and secure their data. You’ll learn why today’s IT environments demand a more unified approach to business continuity and disaster recovery (BCDR), and why MSPs and internal IT teams must rethink their strategies to reduce risks and keep vital business operations running — no matter where the data lives.

Work anywhere, risk everywhere: Where business-critical data lives today

Today’s business data doesn’t sit in one place — it’s everywhere. As workforces operate across physical offices, home networks and the cloud, data has followed suit. It now lives across a complex blend of environments that weren’t designed to work together. For IT teams and MSPs, this creates a new level of challenge: protecting sensitive information that’s dispersed, dynamic and constantly moving.

Many organizations still rely on on-premises infrastructure to run essential operations. Whether it’s industry-specific applications, compliance-heavy workloads or systems built over years, on-prem servers continue to hold critical business data. This infrastructure remains relevant, particularly in regulated sectors such as health care, finance and manufacturing. However, while the value of on-prem infrastructure remains high, it’s no longer the whole picture — and relying solely on traditional perimeter-based defenses is no longer enough.

Cloud-based SaaS platforms, such as Microsoft 365 and Google Workspace, have become the backbone of modern business operations by powering collaboration, streamlining communication and driving productivity. However, the very convenience that makes these tools indispensable also introduces new risks. Data within these platforms is vulnerable to accidental deletions, misconfigurations and cyberthreats such as phishing. Many organizations wrongly assume that cloud providers fully protect their data. In reality, the shared responsibility model places critical security functions, including identity and access management (IAM) and data protection, squarely on the customer’s shoulders.

Adding to the complexity is the growing reliance on cloud workloads and remote endpoints. Cloud workloads, while scalable and efficient, are vulnerable to misconfigurations, unauthorized access and single-cloud points of failure. At the same time, remote endpoints — including laptops, smartphones and personal devices — often operate outside corporate networks, making them easy targets. As hybrid work continues to evolve, these distributed systems dramatically expand the attack surface, presenting constant challenges for IT teams and MSPs in maintaining visibility and enforcing consistent protection.

The new hybrid IT reality: Multiple platforms, multiple threats

As organizations adopt hybrid IT models, business-critical data is spread across a mix of on-premises infrastructure, cloud platforms and remote endpoints, each with its own vulnerabilities. This fragmentation has opened new doors for threats to slip through undetected. To secure business-critical data, it’s vital to understand the specific risks each environment faces and how they contribute to the overall threat landscape.

On-prem servers: Still valuable, still vulnerable

On-premises infrastructure remains a critical part of many IT ecosystems. These environments face a broad spectrum of threats that can bring operations to a halt if not properly mitigated.

• Natural disasters, such as floods, fires and storms, can physically damage on-premises hardware, leading to irreversible data loss if off-site backups aren’t in place.
• Power outages or hardware failures can disrupt access to core systems, affecting business continuity.
• Ransomware and malware attacks continue to target on-prem servers, exploiting unpatched systems and outdated defenses.
• Insider threats, whether intentional or accidental, can lead to data compromise from within the organization.

SaaS applications: Data loss happens more often than you think

SaaS applications, such as Microsoft 365 and Google Workspace, have revolutionized how organizations collaborate and operate. However, with that convenience comes a hidden reality. SaaS data loss is common and often irreversible without a reliable third-party backup.

According to the State of SaaS Backup and Recovery Report 2025:

• Over 87% of IT and security professionals reported experiencing SaaS data loss in the past 12 months.
• More than 50% of organizations suffered data loss due to malicious deletion, either intentional or the result of a targeted cyberattack.
• Approximately 34% of organizations experienced data loss due to accidental deletion or human error when using SaaS.
• Only 13% of organizations reported no data loss, meaning nearly 9 out of 10 suffered disruptions in their SaaS environments.

Worryingly, many businesses still assume cloud providers will recover lost data, but that’s not the case. Under the shared responsibility model, customers are accountable for data protection and access management. Without an effective SaaS backup solution in place, recovery is limited, if it’s possible at all.

Cloud workloads: Flexible but exposed

Organizations running workloads in public and private cloud environments enjoy flexibility and scalability. However, that same agility can make it easier to overlook misconfigurations, access gaps and hidden vulnerabilities.

• Single-cloud dependence creates a critical vulnerability. If one provider experiences downtime, misconfiguration or breach, your entire operation could be impacted.
• Configuration errors and overly permissive access settings are among the most common ways attackers gain a foothold in cloud systems.
• Application programming interface (API) abuse and supply chain attacks continue to grow, allowing bad actors to exploit integrations and move laterally across services.
• Data sprawl across multicloud or hybrid clouds can make it harder to track, secure and back up information consistently.

Relying solely on native backup tools can also be risky. These backups often reside within the same tenant or trust boundary as production data, leaving them exposed to the same threats. A ransomware attack, insider misuse or credential compromise could wipe out both your live data and backups in one fell swoop. Without proper air-gap protections, recovery may not be an option.

Remote endpoints: The expanding edge of risk

Endpoints — especially those used remotely — are now one of the most frequent entry points for cyberattacks. With the workforce operating across countless networks and devices, attackers are exploiting the gaps created by reduced visibility and control.

• Phishing attacks remain the most successful method for gaining initial access, often tricking employees into handing over credentials or downloading malicious files.
• Lost or stolen devices can expose sensitive business data if encryption or remote wipe capabilities aren’t enabled.
• Unpatched software and outdated operating systems leave endpoints vulnerable to known security risks.
• Social engineering attacks are evolving, with cybercriminals now exploiting trusted remote access tools, such as Microsoft’s Quick Assist, to impersonate IT support. These tactics trick users into granting access, bypassing security controls entirely.

No silos, no surprises: Get Datto Unified Backup for total resilience

Relying on a patchwork of disconnected tools can leave critical gaps in your data protection strategy. These blind spots often go unnoticed until they lead to costly data loss, downtime and irreversible business disruption. That’s why today’s hybrid environments need more than traditional backups. They need a unified, intelligent approach to data protection and business continuity.

Datto Unified Backup combines powerful technologies into a single, integrated platform that enables IT teams and MSPs to protect, manage and recover data across any environment — from on-premises to cloud to remote endpoints. It offers a seamless cloud ecosystem powered by intelligent automation, built to deliver true resilience without complexity.

Datto Unified Backup provides a streamlined experience through purpose-built solutions:

Datto BCDR
Purpose-built appliances designed for business continuity and disaster recovery. Gain instant virtualization on-site, in the cloud or in hybrid mode to keep operations running, even during major disruptions.

SaaS backup
Turnkey protection for Microsoft 365, Google Workspace and Microsoft Entra ID. Backups are stored outside the primary tenant to reduce single-cloud risks and ensure data redundancy. Restore individual emails, full mailboxes or entire sites — even across users and accounts.

Direct-to-cloud backup
Protect remote endpoints, servers and cloud workloads without relying on local appliances. You have three robust solutions: Endpoint Backup, Endpoint Backup with Disaster Recovery and Datto Backup for Microsoft Azure. All backups are sent directly to the secure, private and immutable Datto Cloud, eliminating the need for on-site hardware.

Alongside these offerings, Datto Unified Backup includes powerful features, such as ransomware detection and automated backup verification, ensuring that every backup is both clean and recoverable.

Ready to see what true resilience looks like? Download the product brief to learn how Datto Unified Backup can simplify protection across your entire environment.