Hi
For those of you that missed the physical event VUG BeLux on 25/06/2026, I will give you a summary of the content of my session...
Again it was a pleasure to present this session during our recent VUG, where we explored how modern backup architectures must evolve to address today's cyber threats and the changing virtualization landscape.
Of course I would like to talk about my favourite topic 🤣
From Backup to Cyber Resilience
For years, the 3-2-1-1-0 rule has been the gold standard for data protection. It remains the foundation of a resilient backup strategy, providing protection against hardware failures, human error and traditional disaster scenarios.
However, ransomware has fundamentally changed the threat model. Attackers no longer focus solely on production systems—they actively target backup infrastructure, compromise credentials, corrupt backup chains and wait for retention periods to expire before launching an attack.
This raises an important question:
Is a single immutable copy still enough?
Evolving to 3-2-1-2-0
One of the key messages of the session was the evolution from 3-2-1-1-0 towards 3-2-1-2-0.
The additional immutable or air-gapped copy is not intended to replace existing best practices, but to eliminate single points of failure by introducing truly independent protection layers. Cyber resilience is achieved through a combination of:
- Independent trust boundaries
- Multiple immutable or air-gapped copies
- Network isolation
- Automated recovery verification
- Regular recovery testing
Because a backup is only valuable if it can be successfully restored.
Cyber Resilience Across Hypervisors
The second part of the session focused on how Veeam protects workloads across today's leading virtualization platforms.
We compared the architectural differences between:
- VMware vSphere
- Microsoft Hyper-V
- Nutanix AHV
- KVM-based platforms
While VMware, Hyper-V and Nutanix continue to rely on proxy-based data movers, KVM introduces a worker-based architecture where data movement is integrated into the worker itself.
Rather than replacing the proxy concept, it represents its natural evolution.
The proxy didn't disappear. It evolved into the worker.
Final Thoughts
Cyber resilience is no longer a feature that can be added afterwards—it must be designed into the backup architecture from the beginning.
As organizations adopt new hypervisors and face increasingly sophisticated cyber threats, resilience depends on much more than successful backups. It requires independent protection layers, immutable storage, verified recoverability and architectures that assume the backup platform itself may become a target.
I'd be interested to hear how others are approaching this challenge.
Have you already started evolving your environments from 3-2-1-1-0 towards a 3-2-1-2-0 strategy, or are you taking a different approach to cyber resilience?
Let me know...
