Skip to Content
Continuity and Recovery

What is backup?

A backup is a separate, recoverable copy of a company's data and systems, kept outside the production environment so everything can be restored after a failure, a human error, a deletion or an attack. It is not a mirrored disk or file sync: it is the copy that lets you return to an earlier point in time when the original is lost or encrypted.

Zamak TechnologiesUpdated on July 10, 2026

How backup works

A good backup is not just copying files. It is a continuous process that makes sure the copy exists, is isolated from the risk and actually restores when you need it.

1

Scheduled copy

The system copies the data and, ideally, the whole system at set intervals, several times a day for what changes constantly.

2

Sent outside the environment

The copy leaves the source server for a separate destination, in the cloud or another location, so it does not go down with the environment if it is compromised.

3

Retention over time

Several points in time are kept for days, months or years, so you can go back to before the problem began, not just to the last state.

4

Recovery testing

The copy is restored and verified automatically, turning “I think I have a backup” into proof that it comes back.

Sources: NIST SP 800-34 (continuity).

What a real backup has to cover

  • The whole system, not just files Recovering loose folders does not bring the server back. Image backup restores the system, the settings and the applications, ready to boot.
  • Servers, computers and cloud Critical data is spread out: on the server, on the workstation and increasingly in Microsoft 365. All of it needs a copy.
  • Microsoft 365 and other cloud services Microsoft keeps the platform running, but does not guarantee recovering what you deleted, what was encrypted or what an attacker destroyed. Native retention is short and removable.
  • Databases and business systems The ERP, the finance system and the database need a consistent copy that can restore without corrupting the transaction.

Why having a backup is not the same as being able to recover

69%
of organizations were hit by ransomware in the past year (Veeam 2025)
57%
of attacked companies recovered less than half of their data (Veeam 2025)
10%
were able to recover more than 90% of their data (Veeam 2025)

Most companies learn too late that the difference between a scare and a shutdown is the quality of the backup, not its existence. After a ransomware attack, more than half of victims recover less than half of their data, and only one in ten brings back more than 90% (Veeam, Ransomware Trends 2025). The reasons are well known: backups that were never tested, that sat on the same network the attacker reached, or that kept data for far too short a time. A backup that does not restore on the day of the crisis is a false sense of security, and the cost shows up as lost data, days of downtime and the decision to pay a ransom or not.

How to build a backup you can trust

What separates a decorative backup from one that saves the company is not the software, it is discipline. Five points define it:

  1. A copy isolated from the environmentThe backup cannot live on the same network the attack reaches. Isolation by architecture, not by procedure.
  2. Frequency that matches the dataWhat changes every hour needs a copy every hour. Frequency defines how much you can lose.
  3. Enough retentionSeveral points in time, to go back to before the infection began, not just to the last state, already contaminated.
  4. Automated recovery testingRestore regularly and with evidence. An untested backup is an unconfirmed backup.
  5. Full coverageServers, workstations and Microsoft 365. The one piece of data without a copy is exactly the one that will be missing.

In practice

The question that reveals the truth is not “do you have a backup?”, it is “when did someone last restore it and prove it works?”.

How Zamak handles backup

Zamak Technologies delivers managed backup with copies isolated from the environment, proper retention and automated recovery testing, so restoring is a documented certainty, not a hope. A good starting point is the Microsoft 365 backup check, which shows what native retention does not protect. It is part of Continuity in the Zamak Method.

Frequently asked questions about backup

Is syncing files to the cloud the same as backup?
No. Sync replicates the current state, including the mistake: if a file is deleted or encrypted, the bad version spreads to every copy. Backup keeps earlier points in time, so you can return to what existed before the problem.
Doesn't Microsoft 365 already back up my data?
Microsoft keeps the platform available, but runs a shared responsibility model: recovering deleted, encrypted or corrupted data is the customer's responsibility. Native retention is short and can be removed by a compromised administrator.
How often should I back up?
It depends on how much data you can afford to lose. If every hour of work matters, the copy needs to happen several times a day. That limit has a name: RPO, the recovery point.
Does backup alone protect against ransomware?
It is the last line of defense, but only if the backup itself survives the attack. Attackers now target backups first. That is why the copy must be immutable and isolated from the network.
How do I know my backup will work?
By testing recovery, regularly and automatically, with documented evidence. A backup that has never been restored is an assumption, not a guarantee.
Does a small company need managed backup?
Yes. Automated attacks do not choose by size, and a small company usually has less room to stay down. Managed backup gives the same level of recovery that once only large companies had.