Deep Dives

Backup and Recovery: Sounds simple, but is it?

Why does it matter?

Backup and recovery should be a critical part of every organisation’s cyber resilience.
The growing interest in cyber security at the C-Suite level marks a much-needed shift from the old view that cyber was purely a technical matter for the IT department. There is now a recognition that resilience requires a holistic approach.

The value of data has risen sharply in recent years as organisations operate in an always-on environment, with technology embedded in every department. Remote working and the rapid move to the cloud, accelerated by the COVID pandemic, have created new challenges: a massive proliferation of data, users more exposed to loss, reduced access to support, and increased susceptibility to ransomware.

Data integrity is now a major concern. Backups must be stored securely, remain uncorrupted, and be recoverable even against sophisticated attempts to tamper with them. Organisations must also comply with legal, industry and regulatory requirements for data protection and retention, with clear policies that guide how data is managed.

Best Practices

The 3-2-1 Rule

The UK’s National Cyber Security Centre (NCSC) identifies backup as a key element of data security. It recommends keeping three copies of data, in at least two locations, with at least one copy offsite.

Solutions that rely solely on on-site hardware, such as a local server, require additional measures like removable media (tape or external drives) or cloud replication to comply with the rule. If backups remain connected to the primary network, they are more vulnerable to ransomware and insider tampering.

Immutability and Offline Backups

A resilient strategy includes both immutable and offline backups. Offline backups are connected to the live network only when necessary for the backup process, and then stored separately. Immutable backups cannot be changed after completion, ensuring they cannot be infected or deleted, whether accidentally or maliciously.

These practices are increasingly required by cyber insurance underwriters. Organisations can use insurers’ assessments as an opportunity to review and improve controls, but they should not depend on insurance to pay ransoms. Insurers typically choose the least expensive route back to business-as-usual, which may not align with the organisation’s ransom policy.

Hardware vs bandwidth

Backup services generally fall into two categories: hardware-based and cloud-based. Hardware-based solutions offer faster recovery by keeping a server on site, but still require offsite replication. They also involve longer setup times due to hardware installation. Cloud-based solutions are quicker to implement and can be billed on a pay-as-you-go model. They offer flexible data access but may face bandwidth limitations that slow restores. The challenge is to combine the rapid recovery of hardware with the flexibility and scalability of the cloud.

Focusing on recovery

When evaluating backup solutions, organisations should start with the end goal: recovery. Whether responding to a physical disaster such as a fire or flood, or to a missing file that must be restored urgently, recovery speed and reliability are key. Two critical metrics help define recovery requirements:

  • Recovery Time Objective (RTO): the acceptable time to complete recovery.
  • Recovery Point Objective (RPO): the acceptable amount of data loss. Downtime is costly. A 2014 Gartner study estimated the average cost at $5,600 per minute — meaning 24 hours of downtime could cost millions.

Crisis management

High-profile ransomware attacks are increasingly politically motivated. To avoid becoming a victim, organisations must pair technical controls with a dependable backup strategy. Recovery from ransomware can take months, as IT estates are rebuilt and secured, often revealing unsupported systems or incomplete backups. Many organisations mistakenly assume that having a backup plan is enough; in reality, regular testing is essential to confirm that files can be restored and systems recovered. Cyber exercises give executives a safe environment to practise incident response, understand the impact of attacks, and appreciate the value of strong recovery plans.

What solution is there to ending downtime?

The ideal solution should protect multiple data sources through a single platform, avoiding the need for multiple consoles or interfaces. It should combine the fast recovery of hardware with the scalability and ease of the cloud, ensuring that RTOs and RPOs are met. Testing recovery should be as straightforward as restoring a single file. Added capabilities, such as malware detection for backup data, support a “defence-in-depth” strategy in line with NCSC guidance. The solution must also be cost-effective, easy to deploy, and simple to manage.

In short

Managing the confidentiality, integrity, and availability of data is complex. Cyber response plans cannot be considered effective until they are tested under realistic conditions. Organisations should define backup objectives by identifying which data and systems are essential for recovery in severe but plausible scenarios, and ensure solutions are robust and validated.

How beyond blue and redstor work together

Beyond Blue and Redstor have formed an alliance to deliver strategic cyber security and resilience, built on smart data backup and recovery. By combining expertise, they help businesses tackle complex cyber challenges and keep data at the heart of decision-making.

Why does it matter?

Backup and recovery should be a critical part of every organisation’s cyber resilience.
The growing interest in cyber security at the C-Suite level marks a much-needed shift from the old view that cyber was purely a technical matter for the IT department. There is now a recognition that resilience requires a holistic approach.

The value of data has risen sharply in recent years as organisations operate in an always-on environment, with technology embedded in every department. Remote working and the rapid move to the cloud, accelerated by the COVID pandemic, have created new challenges: a massive proliferation of data, users more exposed to loss, reduced access to support, and increased susceptibility to ransomware.

Data integrity is now a major concern. Backups must be stored securely, remain uncorrupted, and be recoverable even against sophisticated attempts to tamper with them. Organisations must also comply with legal, industry and regulatory requirements for data protection and retention, with clear policies that guide how data is managed.

Download our Insights Piece

Related Articles

READ ALL THOUGHT Insights

Want to speak to us?

If you would like to discuss a cyber or resilience problem with a member of the team, then please get in touch however you feel most comfortable. We would love to help you and your business prepare to bounce back stronger.

Get in touch

Consent

This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. Learn more

Allow All

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Always active

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.

Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.