When you are responsible for protecting customer data, the threat is not always outside the organisation. Sometimes it comes from inside. Accidental deletions. Rushed changes. Malicious actions from a frustrated employee. These are the incidents that catch MSPs off guard because they happen quietly and often during normal business activity.
Veeam Cloud Connect Insider Protection exists to stop those situations from turning into disasters. It gives MSPs a recovery path when all other safety nets fail, and it ensures that customer backups stay protected even if the primary repository is damaged or wiped.
In this blog we revisit how Insider Protection works, why it matters, and how it has helped MSPs recover from real incidents across the industry.
What Insider Protection Actually Does
Insider Protection adds an extra layer on top of the standard Veeam Cloud Connect backup process. When a tenant deletes a backup from their console, it does not disappear. Instead, Veeam moves it into a hidden holding area inside the service provider infrastructure. Tenants cannot see it. They cannot modify it. They cannot destroy it.
These backups stay isolated for a fixed retention period, giving the MSP a chance to restore data even if the primary chain has been removed by mistake or on purpose.
This feature becomes essential in situations like:
- Accidental deletion by an engineer
- A misconfigured script that wipes a repository
- A disgruntled employee removing backups before leaving the company
- A ransomware attack that attempts to destroy all recoverable copies
Why MSPs Rely on Insider Protection
1. Accidental deletion still happens more than most admit
In the MSP community it is common for backup retention settings to be adjusted during onboarding or during platform cleanup. We have seen cases where a technician removed what they believed was an old chain, only to discover later that it contained the customer’s most recent recovery point.
With Insider Protection, that mistake becomes recoverable. Without it, the MSP would be forced to rebuild the environment from scratch.
2. Ransomware now targets backups directly
Modern ransomware groups actively search for and delete backup chains. They know that MSPs rely on recoverability, so they go straight after it. Many reported incidents in 2024 involved attackers gaining access to customer credentials and removing backup chains before launching encryption.
Insider Protection blocks this avenue by isolating deleted backups in a provider managed location that cannot be altered by the compromised user account.
3. Employee sabotage is rare but still happens
Across the industry there have been documented incidents where dismissed or departing staff attempted to damage company systems. In several MSP peer groups, administrators have described situations where backups were removed days before the individual left the business.
Insider Protection gives MSPs the ability to restore those backups even after they have been removed from the console.
Real world example of how Insider Protection helps MSPs
Here is a scenario that happens more often than most MSPs like to admit. A client’s environment is hit with ransomware, the attacker gets into their domain, and one of the first things they target is the backup chain. They delete restore points, remove jobs, or try to corrupt the repository so that recovery becomes impossible.
In many cases, the MSP only discovers the deletion after the fact. The backups inside the tenant look empty, jobs fail to run, and the client begins to panic because everything appears to be gone. Without an additional safety layer, this becomes a genuine business risk for both the MSP and the customer.
Insider Protection changes that outcome. Even when restore points are deleted by an attacker, a malicious insider, or a compromised admin account, Veeam Cloud Connect moves those deleted backups into a hidden staging area on the service provider side. They are kept there for the retention period that the MSP and provider have agreed on. The attacker cannot see them and cannot remove them.
This gives the MSP a critical recovery path. Instead of delivering bad news, the MSP can work with the service provider to recover the protected restore points, rebuild the chain, and get the customer back online with far less downtime. It is often the difference between a bad day and a complete disaster.
Why Vitanium Recommends Using Insider Protection for Best Practice
We recommend running Insider Protection across all Veeam Cloud Connect customers because the risks of not using it are simply too high.
For MSPs it means:
- An isolated recovery path that cannot be tampered with
- Protection against mistakes during maintenance
- Protection against malicious behaviour
- Extra confidence during restore testing
- A stronger security story for your customers
- Peace of mind knowing you can recover data even in the worst scenarios
Insider Protection is one of the most valuable safety layers an MSP can have, especially as threats evolve and human error remains a constant factor.
Want more technical insight into Insider Protection? Then check out this article for details on how it works and how to configure.
Ready to Strengthen Your Backup Strategy?
If you want to understand how Insider Protection fits into your backup design or you want a full review of your current Cloud Connect setup, we are here to help.
Speak to our team today: https://vitanium.com/contact/