Backup & Disaster Recovery Sydney | Data Protection & DR

Key facts

• Backup and disaster recovery are two different things: a backup is a copy of your data, disaster recovery is the tested process for restoring operations.
• Immutable backups, copies that cannot be altered or deleted once written, are the core defence against ransomware encrypting or destroying your backups.
• The 3-2-1 rule is the baseline: three copies of data, on two types of media, with one kept off-site.
• Recovery objectives matter: how much data you can afford to lose (RPO) and how quickly you must be back up (RTO) drive the whole design.
• Microsoft 365 and other cloud services are your responsibility to back up; the provider keeps the service running, not your data safe.

What is the difference between backup and disaster recovery?

A backup is a copy of your data you can restore from. Disaster recovery is the broader plan that says how you get the whole business operating again after an incident, of which restoring data is only one part. You can have backups and still have no disaster recovery, if nobody knows how to use them, how long a restore takes, or what order systems come back in.The distinction matters because businesses that only think about backups get caught out at the worst moment. They have copies, but no tested process, so a ransomware hit turns into days of improvisation. Disaster recovery turns “we have backups somewhere” into “we know exactly how we get trading again, and we have proven it works.” Both are needed, and they are designed together. For businesses that need guaranteed recovery times, we also offer disaster recovery as a service.

How do you protect backups from ransomware?

The key defence is immutability: backups written in a form that cannot be changed or deleted for a set period, even by an administrator or an attacker with stolen credentials. Modern ransomware deliberately seeks out and encrypts or deletes backups first, because attackers know that a business with working backups will not pay. Immutable backups break that play. This is also why managed IT security and backup work together — preventing ransomware getting in is the first line, immutable backups are the last. If the worst happens, see our ransomware recovery service.Immutability works alongside the older 3-2-1 principle: three copies of your data, on two different types of media, with at least one copy kept off-site and ideally offline or air-gapped. The combination means that even if your live systems and your primary backup are both compromised, there is a clean, untouchable copy to recover from. This is the same logic we apply to Microsoft 365 backup, where native retention alone is not enough.

What are RTO and RPO, and why do they matter?

RTO (recovery time objective) is how quickly you need to be back up after an incident. RPO (recovery point objective) is how much data you can afford to lose, measured in time, so an RPO of one hour means losing at most the last hour’s work. These two numbers drive every design decision, because they determine how often backups run and how fast the recovery method has to be.Most businesses have never put numbers to these, and the conversation is revealing. A firm that says it could not survive losing more than an hour of data, but only backs up overnight, has a gap it did not know about. Setting realistic RTO and RPO targets per system is where we start, because a backup plan that does not meet the business’s actual tolerance for downtime and data loss is not really protection.

Does this cover cloud services like Microsoft 365?

Yes, and it needs to. There is a common and dangerous assumption that data in Microsoft 365, Google Workspace, or other cloud services is automatically safe. Under the shared responsibility model, the provider keeps the service available, but protecting and retaining your data is your job. Accidental deletion, ransomware, and departing-staff account removal all lose cloud data that native retention will not bring back.A complete backup and disaster recovery strategy therefore spans everything: on-premises servers, endpoints, and cloud platforms like Microsoft 365. We design it as one picture rather than leaving gaps between systems, because attackers and accidents do not respect the boundary between your server room and your cloud tenant. Our dedicated Microsoft 365 backup service covers the cloud side in detail.