“What must companies/decision-makers do to establish cyber resilience, thereby meeting compliance requirements and ensuring security for their own business?”

The 2024 survey “Preparedness Gap: Why Cyber Recovery Requires a Different Approach Than Disaster Recovery” by Commvault and ESG highlights the great complexity of modern cyber resilience. Only 26% of respondents are confident they can protect all business-critical applications and data. And only 20% are convinced they can protect all apps and data required for operations. 85% state that recovery without establishing a cleanroom environment carries a significant risk of re-infection. A similar number of respondents (83%) fear that a rushed recovery after a cyber incident could destroy valuable evidence. The takeaway? Compliant and reliable cyber resilience and backups are no easy task.

A lack of risk awareness combined with increasing and ever more sophisticated cyberattacks makes a solid backup and recovery strategy essential for business continuity. The threat of ransomware, the ongoing trend towards SaaS applications like Office 365 and Salesforce, and the question of cloud data security show that a functional backup is more important than ever.

These five tips help with choosing a backup solution

1. Use a single backup solution.

If companies have to rely on multiple backup packages during an incident, this often negatively impacts quality. Since backups have long been neglected in organizations, management capacities are often insufficient to properly maintain the solution. Furthermore, a solution with multiple packages costs additional storage space due to the lack of global efficiency techniques.

2. Ensure the backup is complete.

It sounds simple, but it still happens far too often that IT teams forget to include a new server in the backup. This can occur for various reasons, such as workload or communication errors. However, a complete backup is essential to prevent data loss. Backup must become an integral part of projects and implementations.

3. Create a backup policy.

This is also self-evident, but practice often falls short of expectations. Fundamental questions such as the frequency and retention of backups need to be discussed and the results documented. It is also important to ensure that requirements and wishes align with the setup annually.

4. Utilize the latest technology for the backup solution.

Infrastructure, virtualization, containers, microservices, cloud, and serverless – these are just some of the keywords of modern IT. Business-critical data in all environments must be secured. The IT department must ensure that its backup solution is configured for this. This requires actively addressing the topic of backup early in a project or process when introducing new technologies. Aspects such as deduplication, live recovery, and storage integration must also be considered to make the backup effective and efficient.

5. Test, test, test

It makes sense to test a range of scenarios at least twice a year. Nothing is more frustrating than not knowing if a recovery works or how long it takes when you really need it. If possible, it is advantageous to automate these tests and have reports generated.

Increased cybercrime, the growing indispensability of digital data for business operations, and the rising popularity of cloud services have also expanded the requirements for backup. Recovery must ensure that regulatory requirements are met and that only contamination-free data is restored. Especially for disaster recovery and cyber recovery, cloud backups are suitable because they are located at a site separate from the affected company. The data has usually been particularly “hardened” with air gaps and encryption. Furthermore, the recovery of a cloud backup in the cloud can efficiently ensure business continuity.

Specialized providers, such as DMP, offer various options for offsite cloud storage. In addition, hybrid cloud solutions provide emergency operation for apps, files, and databases. Other important functions include compliance and security. Cloud backups meet legal requirements (e.g., GDPR) and offer protection against unauthorized access through encryption and physical security measures.

Furthermore, cloud solutions scale better than on-premise backups, which remain necessary for operational backup and restore activities at LAN speed if companies are still undergoing cloud transformation. Last but not least, costs for operating an additional data center, as well as hardware and admin costs, are saved. In summary, a backup strategy must minimize risks, securely store data, and ensure long-term business operations.

A currently controversial topic is whether German or European companies should primarily rely on domestic providers when it comes to backups to and from the cloud. Classic US providers are subject to the CLOUD Act, which grants US authorities access rights to stored data. This stands in stark contradiction to the GDPR. The Trans-Atlantic Data Privacy Framework (TADPF) was intended to overcome this contradiction, but it rests on an unstable foundation – also due to the current political situation in the USA. If the TADPF fails, a compliance risk arises virtually overnight. European companies are therefore well advised to now consider all aspects of their cyber resilience strategy.

Among other things, DMP offers solutions for storing data in Europe. Our specialists can help you make the best choice.