Discover how modern backup strategies protect against ransomware, cover cloud and container environments, and ensure business continuity with RPO and RTO
Backup is one of the most fundamental forms of data protection in IT, and it has never been more critical. With ransomware attacks able to wipe out company data in an instant, and IT infrastructures spanning on-premises systems, cloud services, and container environments, backup strategies must evolve.
This article explores what backup really is, what it isn’t, and how it differs from snapshots and replication. We’ll examine what data needs to be backed up, how often, the different backup methods available, and the importance of recovery time objectives (RTO) and recovery point objectives (RPO). We’ll also look at frameworks like the 3-2-1 rule, special considerations for virtual machines and containers, and emerging practices such as cloud-to-cloud backup.
What exactly is backup?
At its core, backup is the process of copying data to another location so it can be restored in case the original is lost. Data loss can result from hardware failure, cyberattacks such as ransomware, natural disasters, or human error like accidental deletion.
Unlike snapshots or replication, a backup provides an independent and historical copy of data that can serve as the ultimate safety net. For business continuity and disaster recovery (BCDR), backup is a non-negotiable part of any IT strategy.
Why is backup becoming more complex?
Modern IT environments are no longer limited to a single datacentre. Organisations now operate across:
- On-premises servers (physical and virtual)
- Cloud platforms
- Containerised environments
- SaaS applications
- Endpoints like laptops and mobile devices
Each of these requires backup, and each comes with its own challenges. For example, a traditional tape backup system may still serve archival purposes, but real-time replication and cloud integration are often needed for critical workloads.
The complexity is further heightened by ransomware threats, compliance requirements, and the rise of analytics and AI, which depend on historic data often stored in backups.
What data should be backed up, and how often?
The short answer: everything that matters to the business. That includes servers, databases, virtual machines, SaaS applications, storage arrays, container clusters, and user endpoints.
Backups need both a source (the system being backed up) and a target (where the data is stored). Targets may include:
- Tape libraries
- Disk arrays
- Cloud storage
The frequency of backup depends on how critical the data is and how often it changes. Full backups might be scheduled weekly, while incremental backups could run several times a day. Backup service-level agreements (SLAs) typically define how often backups run and how quickly data must be restored.
What are RPO and RTO, and why are they important?
- Recovery Time Objective (RTO) is how long you can afford systems or data to be unavailable. For example, if your RTO is one hour, you must restore systems within that time after an outage.
- Recovery Point Objective (RPO) is how much data you can afford to lose, expressed in time since the last backup or snapshot. If your RPO is two hours, you accept losing up to two hours’ worth of work.
Together, RPO and RTO define your organisation’s resilience. Mission-critical systems like online banking may require near-zero RPO and RTO, while less critical archives might tolerate several hours or days.
What are full, differential, and incremental backups?
There are several approaches to backup:
- Full backup: Copies everything in a dataset. Reliable but time- and storage-intensive.
- Incremental backup: Copies only changes since the last backup. Efficient, but restores require rebuilding from multiple sets.
- Differential backup: Copies changes since the last full backup. Restores are simpler than with incremental.
- Synthetic backups: Combine full and incremental into an always-up-to-date backup.
- Incremental-forever: Maintain one full backup plus all subsequent incrementals.
- Reverse incremental: A synthetic full is updated continuously, with rollbacks possible.
Choosing the right method balances storage, performance, and restore speed.
What is the 3-2-1 backup rule?
The 3-2-1 rule is a classic best practice:
- Keep three copies of data (one primary, two backups).
- Store them on two different media types (e.g., disk and tape).
- Ensure one copy is off-site (e.g., in the cloud).
This ensures resilience even if a backup is corrupted, lost, or compromised.
Is backup the same as snapshots or replication?
No. Snapshots and replication are useful but not substitutes for backup:
- Snapshots: Point-in-time references to data states. Useful for quick recovery, but not standalone backups.
- Replication: Creates real-time or near-real-time copies of data. Useful for continuity but not for historical recovery.
Backups remain essential because they provide isolated, independent, and often longer-term copies that snapshots and replication cannot fully replace.
How do backups help defend against ransomware?
Backups are one of the most reliable defenses against ransomware. Even if attackers encrypt live data and snapshots, an offline or immutable backup provides a clean restore point.
Best practices include:
- Regularly testing backups to ensure they are clean.
- Using immutable storage that prevents tampering.
- Maintaining an air gap between production and backups.
Ransomware gangs often target backups first, so strong protection measures are essential.
How do you back up virtualised environments?
Virtualisation complicates backup strategies. Workloads may shift between hypervisors, and licensing changes (such as those following Broadcom’s acquisition of VMware) can increase costs.
The good news is that most leading backup vendors support multiple platforms:
- Microsoft Hyper-V
- Open-source hypervisors like Proxmox
- VMware alternatives
This flexibility allows organisations to maintain protection even if they switch virtualisation strategies.
What about containers and Kubernetes?
Containers are becoming mainstream for critical workloads, but they require specialised backup tools. Two main approaches are emerging:
- Dedicated Kubernetes backup products (e.g., Veeam Kasten, Portworx PX-Backup, TrilioVault)
- General backup suites with Kubernetes support (e.g., Veritas NetBackup, Cohesity Helios, NetApp Astra)
These tools can back up clusters, namespaces, and persistent volumes, ensuring data protection for modern containerised applications.
What is cloud-to-cloud backup?
Cloud providers don’t automatically back up customer data. They protect infrastructure but not against accidental deletions, ransomware, or misconfigurations.
That’s why cloud-to-cloud backup is increasingly common. These services protect SaaS applications and cloud workloads by copying data between providers or back to on-premises storage.
While Backup-as-a-Service (BaaS) typically focuses on on-premises systems, cloud-to-cloud backup is tailored for SaaS and cloud-native environments. Many vendors now offer solutions that cover both.
The takeaway
Backup is more than just a safety measure—it’s the backbone of data protection, disaster recovery, and business continuity. From traditional full and incremental backups to Kubernetes-native tools and cloud-to-cloud services, strategies must adapt to diverse infrastructures.
Key principles like RPO, RTO, the 3-2-1 rule, and immutable storage remain essential, but new challenges such as ransomware and cloud reliance demand more robust, flexible approaches.
In today’s hybrid IT landscape, a strong backup strategy isn’t optional—it’s the only way to ensure resilience.
Read more about data protection
Data protection: Snapshots, replication and backups explained. Discover how snapshots, replication and backups work together to protect your data. Learn the benefits, limitations and best practices for a layered data protection strategy.
RPO and RTO: Their roles in disaster recovery planning. RPO and RTO define acceptable downtime and data loss in disaster recovery. Learn how to calculate them, apply tiers, and align storage and cloud strategies.