How hybrid work changed backup planning for IT
Hybrid work scattered data across SaaS and AI tools, and IT teams are being forced to play catchup with their backup strategies to protect this new "shadow" data.
Published on 1st April 2026
When your users primarily worked from one or more fixed locations, you had a reasonable handle on what needed backup. The servers were yours, the devices stayed on your network, and most of the data that mattered lived on infrastructure you controlled. Hybrid work changed that maths. Now, more of the people you’re supporting may be working from home offices, coffee shops, co-working spaces, and the road. In the process, business data scattered across devices and platforms your backup strategy may not have originally included.
Much of that data landed in SaaS platforms that your company may not yet be protecting. In a survey of 500 IT decision-makers, 43% said nobody owns SaaS resilience at their business. If that sounds familiar, your data visibility gaps are probably wider than you think.
The shift started with your collaboration tools, which took on a much bigger role than anyone planned for.
Collaboration platforms became the system of record
Around the same time your users stopped gathering in one office, tools like Slack, Teams, and Notion became where project decisions get made, client context gets shared, and onboarding documentation gets built. If you work at a smaller company, a significant chunk of your institutional knowledge could well have migrated into these platforms without anyone noticing.
Several collaboration platform vendors have been investing in features that move them closer to enterprise readiness. Slack offers compliance exports on higher-tier plans, Teams integrates with Microsoft Purview for retention governance, and Notion has added admin controls and workspace analytics. But none of these add up to what IT would consider a true backup.
On Slack’s free plan, messages become hidden after 90 days and are permanently deleted after one year. Paid plans keep messages accessible indefinitely, though if an admin deletes a channel or a departing employee’s account gets deprovisioned, that history can still vanish, taking years of project decisions with it.
Teams stores messages in Exchange Online and governs retention through Microsoft Purview, but configuring retention policies requires at least a Microsoft 365 E3 or Business Premium subscription. Recovering a specific deleted conversation means an admin has to run an eDiscovery search (end users can’t do it themselves). Notion keeps pages as long as your workspace exists, but version history on the free plan covers only a few days, and deleted pages auto-purge from trash after 30 days. You can manually export data, but there’s no scheduled backup and restoring requires contacting Notion support.
Even if the immediate financial hit from losing data on any of these platforms is modest, the staff hours spent reconstructing project context add up fast. If you’re subject to HIPAA, SOX, or similar regulations, the compliance exposure can be worse than the operational disruption.
The one-way door AI opened for company data
Your collaboration platforms aren’t the only place where hybrid work pushed data beyond your backup’s reach. Eighty-eight percent of businesses regularly used AI in at least one business function by 2025, and remote workers have been among the fastest adopters, reaching for AI tools to move faster without on-site IT support.
That might look like uploading client revenue data into ChatGPT for a forecast, or pasting proprietary source code into an AI assistant to debug a production issue. Neither is being wilfully careless, but both just sent company information somewhere your backup will never reach. Unlike the shadow IT days, when you could eventually track down the rogue app and work to get the data back, AI tools can leave IT with no account to access and no export path to follow. IBM’s 2025 Cost of a Data Breach Report found that shadow AI added roughly $200,000 to the average breach cost, and AI tool adoption added another $194,000. Both ranked among the most expensive factors the report tracked.
A lightweight acceptable use policy can help by treating AI interactions as data-sharing events—clear rules like no client PII in public AI tools, no proprietary source code, no unanonymised financial data. If you pair those boundaries with approved AI alternatives, you’ve addressed the biggest input risks.
The output side matters, too. As AI-generated work product becomes more valuable, it’s worth establishing a norm that important output gets saved somewhere your backup actually covers. That could be a backed-up file share, a document management system, or a collaboration platform with third-party backup in place.
Endpoint backup when your team isn’t in the building
Hybrid work changed where your devices are, too, and that has consequences for endpoint backup. If your backup still assumes devices regularly connect to the corporate network, it may be covering fewer machines than you assume.
Many hybrid teams have moved to cloud-based workflows, which means on-prem backup agents that depended on network connectivity aren’t running the way they used to. Cloud-based endpoint backup can close that gap. Vendors like Acronis, Veeam, and NinjaOne protect distributed workstations over any internet connection, and pricing varies by vendor and feature set, but cloud-based endpoint backup generally runs a few dollars per workstation per month. That’s often a manageable line item, especially when you consider that IBM found breaches involving remote workers added roughly $131,000 to the average breach cost.
Before investing, though, it helps to confirm what actually lives on the endpoint. If your team works primarily in cloud applications, the laptop itself may hold less critical data than you’d expect. The real work product is in SaaS, not on the local drive. That doesn’t mean you can skip endpoint backup, but it changes what you’re protecting and why.
Devices that hold local project files, source code, or client data warrant direct backup. Devices that mostly serve as a browser for cloud apps may need less protection at the endpoint level, as long as you’re backing up the work product stored in those SaaS platforms.
Build backup policies that reflect where work actually happens
If your backup policy still defines scope by server name, NAS location, and endpoint group, the map may no longer match the territory. You might be religiously backing up a file share nobody has touched in six months while two years of client communication in a collaboration platform could have minimal protection. It helps to ask what the data is and how much it would hurt to lose, regardless of which platform holds it. Whether you already run a formal SaaS audit or you’re starting with a spreadsheet, the next review is a natural time to run every tool your team depends on through a few basic questions.
- Does this platform hold data we can’t afford to lose?
- What happens to that data if an account gets deprovisioned?
- Are we relying on native retention that doesn’t actually equal backup?
- When did we last check whether this tool’s data protection terms changed?
If you already have a SaaS audit process, tying backup reviews to that cadence keeps them current. If you don’t, even a quarterly check against those questions is a solid starting point. If they reveal platforms that aren’t covered, third-party SaaS backup tools like Backupify, Spanning, and Keepit can fill the gap without a major budget commitment.
Source
Image Credit
Lugon Studio via Vecteezy