Proven Strategies For Building Resilience In Data Backup & Recovery

Uploaded on 2025-01-28 in TECHNOLOGY--Resilience, FREE TO VIEW

The world runs on data these days, and as a result, backup and recovery of this data is no longer just a consideration: It’s essential for ensuring business continuity, cyber resilience, regulatory compliance, and even customer confidence.

Companies are facing a plethora of challenges - ransomware, SaaS provider outages, natural disasters, genuine “oops” moments by employees - and so making robust systems for data protection and recovery are a critical part of their operational strategies (or at least they ought to be).

More and more real-world stories shed light onto the practical application of backup and recovery strategies, effectively demonstrating that preparation (or preparedness as some say), investment in the right tools, and an embracing of good-old data protection best practices can safeguard organisations and their data from the things they really want to avoid. So, what are some of the key elements of backup and recovery?

Data Immutability & Vendor Independence

Fundamental to an effective data protection strategy are immutability and vendor-independent backups. Most of us are familiar enough with immutability, whereby data is stored in a manner which forbids any manipulation of that data. This way, backups cannot be altered or deleted, and so the data remains clean, uncorrupted, and available for recovery. That being said, there are some limitations to immutability, such as when immutable backup copies are stored with the same vendor. This leads us to vendor-independent data protection.

Backup copies stored in the same environment (same cloud) as the production systems are vulnerable to the same exact threats as the production data. (Even if they are immutable, they can still be taken offline.) Some people liken this to keeping your spare keys inside your car when you lock yourself out.

Basically, if you encounter ransomware or another form of data loss in your production environment, it’s likely that any backup stored in that same environment will also fall victim since there's no separation. Now, with vendor-independent backup, it’s stored in a logically separate infrastructure and therefore it’s insulated against data loss - we call this air gapping. With this level of protection, data can be accessed via download even if your SaaS provider, such as Microsoft 365, is offline. 

Now that you know your data is protected with immutable, vendor-independent backup, the next step is to know how to recover in case that need should arise. I’d like to note that it’s not always a disaster recovery (DR) scenario in which you need data. It’s far more likely you’ll be doing smaller, more frequent restores for operations, but of course, you need to be able to do both. 

Test Your Recovery Processes

Now, why would you want to test your processes? It’s because a recovery plan is only as good as its implementation. By testing your recovery processes regularly, you better ensure that your organisation is prepared to respond quickly and successfully when some sort of data disruption occurs.

Testing identifies any potential gaps or inefficiencies, as well as builds confidence in the team’s ability to execute on the recovery plan while under pressure.

For example, testing RTOs (recovery time objectives) helps measure how fast critical systems can be brough back, while RPOs (recovery point objectives) define the acceptable amount of data loss in a data loss scenario. Together, they help frame backup and recovery strategies with business continuity goals (and so on).

Geographic Redundancy & Resilience

Natural disaster and regional outages highlight the need for geographic redundancy in backup strategies (among other things). Having backup copies across multiple locations helps organisations ensure their data remains available.

This data centre redundancy allows for an entire location to be inoperable without any effect to data or data access, providing the added layer of assurance that critical data can be recovered in the event of widespread incidents.

Of course, it’s not “only” a benefit for cyber resilience, but also for meeting other needs, such as complying with internal and external audits and compliance/directive requirements.

Key Takeaways For Implementing Backup & Recovery

Backup and recovery isn’t “just” about protecting data — it’s about ensuring resilience, enabling agility, and safeguarding your business from financial, operational, and reputational harm. Here’s a quick summary of what to focus on: 

  • Immutability and vendor independence: Keep backups tamper-proof and stored separately from production systems. This ensures they stay untouched, independently available and ready to use when incidents occur. 
  • Regular testing: A recovery plan is only as good as its execution. Frequent drills help uncover gaps, improve processes, and give your team the confidence to act quickly under pressure.
  • Geographic redundancy: Spread backups across multiple locations to protect against localised risks, ensuring data is always accessible - even during major disruptions.

For many businesses, backup and recovery is no longer just best practice - it’s an explicit legal requirement. And even when it’s not mandated, having a well-implemented backup strategy is increasing seen as essential to business continuity.

For instance, many cyber insurance providers require businesses to meet baseline cybersecurity measures before offering coverage.

When done deliberately, backup doesn’t just protect your data, it protects and enhances your business. By adopting proven strategies and staying prepared, you can transform potentially devastating disruptions into manageable challenges through rapid, complete recovery, keeping operations running and your organisation ready for whatever comes next.

Jakob Østergaard is CTO at Keepit.

Image: Ideogram

You Might Also Read: 

Navigating The Complexities Of Data Backups In A Hybrid World:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Security - Trending In 2025
China's DeepSeek AI Has Shaken The US Tech Industry  »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Montash

Montash

Montash is an award winning, global technology recruitment business, specialising in the acquisitions of high-performing talent across a number of core disciplines including Information Security.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

Trustwave

Trustwave

Trustwave is a leader in managed detection and response (MDR), managed security services (MSS), consulting and professional services, database security, and email security.

SiteLock

SiteLock

SiteLock is a global leader in website security solutions. We provide affordable, cybersecurity software solutions designed to allow small to midsize businesses to operate without fear of an attack.

RunSafe Security

RunSafe Security

RunSafe Security is the pioneer of a patented cyberhardening transformation process designed to disrupt attackers and protect vulnerable embedded systems and devices.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

Cloudentity

Cloudentity

Cloudentity combines Identity for all things with API and Application security in a unique deployment model, combining cloud-transformation and legacy systems.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

Pivot Point Security

Pivot Point Security

Pivot Point Security is a trusted leader in information security consulting. We help clients master their information security management systems.

Prevasio

Prevasio

Prevasio is a next-gen Cloud Security Posture Management (CSPM) with a built-in Vulnerability and Anti-Malware Scan for Containers.

SoftwareONE

SoftwareONE

SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

Nuance Communications

Nuance Communications

From revolutionizing the doctor-patient relationship to reinventing the way brands connect with their customers, Nuance technology helps organizations push the boundaries of what’s possible.

Onum

Onum

Onum helps security and IT leaders focus on the data that's most important. Gain control of your data by cutting through the noise for deep insights in real time.

Trium Cyber

Trium Cyber

Trium Cyber - Expert Cyber Underwriting and Claims Management. Based in the US and UK. Backed by Lloyd’s of London.

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike is a company based in Tirana that offers full service in the field of cyber and physical security.