BACKUP & DISASTER RECOVERY
When ransomware hits,
Your backups are the whole plan.
Make sure they work.
Backup, disaster recovery, and business continuity for mid-market companies. We listen to your risk tolerance first — then design protection you can actually restore from, with recovery times the business can live with and a plan you can defend in front of a board.
By Chris Gerhardt · Liftoff Consulting
Tested recovery, not just nightly backups. Insurance-grade documentation. Vendor-independent design.
Why Most Backup Strategies Fail Their First Real Test
The reasons are predictable—and avoidable.
Strong security reduces how often you need to recover. Strong recovery determines whether the bad day ends in hours or weeks.
🔐
Backups Aren’t Immutable
Modern ransomware looks for and encrypts your backups first. Without true immutability, your last line of defense is the attacker’s first target.
🧪
No One Has Actually Tested Recovery
Backup jobs succeed in dashboards. Recovery succeeds only when someone has actually rehearsed it end-to-end—including the runbooks, the people, and the dependencies.
📑
RPO/RTO Were Never Defined
Without business-driven targets, IT designs to budget instead of risk. Then nobody can answer ‘how much data could we lose?’ when leadership asks.
What You Get
Resilience that’s been tested, documented, and signed off—before you need it.
01
Business-Aligned RPO/RTO
We work with your leadership to set recovery targets that match how the business actually runs, then design to those targets.
02
Layered Backup Architecture
On-prem, cloud, and offline copies with true immutability and tested integrity. Vendor-independent design that fits your environment.
03
Recovery Rehearsal & Runbooks
The engagement isn’t complete until your team has recovered something real, on the clock, with a documented playbook they own.
Frequently Asked Questions
How often should we test our disaster recovery plan?
At minimum, twice a year for full failover and quarterly for tabletops. The plan you wrote a year ago is not the plan that will save you. People change roles, vendors update APIs, applications get added — all of that breaks recovery quietly until you exercise it.
What’s the difference between backup and disaster recovery?
Backup is a copy of data. Disaster recovery is the documented, tested ability to bring the business back online inside a defined window. Most companies have backup. Far fewer can actually recover on the clock with a stranger holding a stopwatch.
Do we really need immutable backups?
If you carry cyber insurance or face ransomware in your threat model: yes. Immutable, offline, or air-gapped copies are now table stakes for renewals. Underwriters specifically ask, and ransomware actors specifically target backup repositories first.
What’s a realistic RTO for a mid-market company?
It depends on the workload. Customer-facing systems often need 1–4 hour RTO. Internal systems can usually accept 8–24. The right answer is the one the business signs off on after seeing the cost trade-off — not a number IT picked alone.
Can you help with cyber insurance documentation?
Yes. We help you produce the controls evidence underwriters now demand — immutability, MFA coverage, EDR rollout, tested recovery, and incident response runbooks. Better documentation often means a better premium and broader coverage.
Related Services
Most engagements touch more than one of these. Here’s how they connect.
When Was the Last Time You Actually Tested Recovery?
If the answer is ‘not recently’ or ‘I’m not sure,’ it’s time. Let’s pressure-test your resilience before someone else does.
Frequently Asked Questions
What is the difference between backup, disaster recovery, and business continuity?
Backup is a copy of your data. Disaster recovery is the technical plan and infrastructure to restore systems after a major event. Business continuity is the broader plan that keeps the business operating — people, processes, communications, and decision rights — while the technical recovery is happening. You need all three. They are not interchangeable.
What are RPO and RTO and why do they matter?
RPO (Recovery Point Objective) is how much data you can afford to lose, measured in time — minutes, hours, days. RTO (Recovery Time Objective) is how long you can afford to be down before the business takes real damage. Every backup and DR design decision flows from these two numbers. Set them too tight and you overspend. Set them too loose and the recovery plan does not match the value of the data.
How often should backups be tested?
At minimum quarterly, with a full restore exercise annually. An untested backup is not a backup — it is a hope. Most failed recoveries fail not because backups did not run, but because nobody ever practiced restoring them under realistic conditions.
What does ransomware change about backup design?
Ransomware actively targets backups. Modern backup design has to assume the attacker has been inside the network for weeks before the encryption event. That means immutable storage, air-gapped or logically isolated copies, and credentials that cannot be reused from the production domain. Traditional backup that lives on the same network as production is no longer sufficient.
Do we need a separate disaster recovery site if we are already in the cloud?
Not always — but the cloud is not automatically disaster recovery. A second region, a second account or subscription with separate credentials, and tested failover are still required. A workload running in a single cloud region with no tested failover plan is a single point of failure regardless of where it lives.
How does cyber insurance affect our backup and recovery plan?
Cyber insurance underwriters now require evidence of specific controls — immutable backups, MFA on backup admin accounts, documented recovery testing, and executive accountability for security posture. A weak backup and DR program raises premiums or disqualifies coverage entirely. The insurance application has become a useful checklist for what good looks like.