In this era of ransomware attacks, backup and recovery capabilities are more important than ever. If all else fails, and a ransomware attack is successful, having an effective backup and recovery solution that works for modern IT environments is essential for ensuring business continuity and recovery from being locked out of business-critical data without having the cost or risk of paying the ransomware operators or having to rebuild data from scratch. 

Painful experience has shown that paying ransoms is often not a solution. There is no guarantee that the decryption key will be provided, and even if it is, there is no guarantee that the data will not be corrupted or that the attackers will not try attack again and even try to extort more money out of the victim organization by threatening to leak copies of the data. 

The best way of protecting against ransomware attacks is by preventing them from happening in the first place through multi-layered security controls in combination with security policies and processes, but 100% security can never be guaranteed.  

Organizations must always assume that they can and will be attacked, and they need to be prepared for that. In the case of ransomware, that means having the means to carry on the business and recover if business critical data is encrypted and becomes inaccessible, which is where backup and recovery comes in. 

However, while there is a mature market with many backup and recovery solutions for the protection of data in IT services on premises, the way IT services are delivered and consumed is changing. This change has been accelerated by the changes in working patterns as a result of the Covid-19 pandemic, with more people working from home. 

Organizations are moving to a hybrid delivery model, which means that traditional backup and recovery solutions are no longer effective. In the light of the changing IT environment, organizations need to review their backup and recovery capabilities to ensure that data used in cloud-delivered infrastructure and applications is as well protected as on-premises data.  

Some existing [backup and recovery] solutions on the market do not yet provide comprehensive coverage for the hybrid IT model. Where an existing solution does not meet the business requirements, the organization should consider the new to market solutions, if only as a stop gap.

— Mike Small, Senior Analyst, KuppingerCole

Because we understand the importance of backup and recovery, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats. 


A backup and recovery capability has never been more important, and although the market is evolving to meet the needs of organizations with hybrid IT, not all solutions are created equal. For guidance on choosing the solutions the best fit your organization, have a look at the newly-published Market Compass on Cloud Backup and Disaster Recovery, which explores the benefits of adopting backup and recovery as a cloud service and outlines the essential capabilities to look for in a solution. 

This Market Compass on Global IaaS Providers Tenant Security Controls, focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence and looks at the specific capabilities they provide for the tenant to ensure their secure and compliant use of the service, including backup and recovery. 

For additional perspectives on backup and recovery in the cloud context, have a look at these Buyer’s Compasses on Hybrid Cloud Services and IaaS Tenant Security Controls, which also focus on IaaS and include questions to ask vendors, criteria to select your vendor, and the requirements for successful deployments.  

If you are interested in backup and recovery specifically in the context of ransomware attacks, have a look at this Buyer’s Compass on Ransomware Protection


As well as moving to hybrid IT, organizations now commonly use multiple cloud services. This KuppingerCole Architecture Blueprint on Hybrid Cloud Security provides a set of building blocks needed to design, implement and integrate security for the Hybrid Cloud. 

To explore the issue of availability in the context of cloud, have a look at this Advisory Note on Avoiding Lock-in and Availability Risks in the Cloud

The last edition of KC Navigator featured an Advisory Note on the Maturity Level Matrix for Cyber Security. If you have not done so already, have a look because it provides a handy methodology for evaluating the maturity of your IAM organization and current IAM, IGA, and CIAM programs and their cloud readiness, which all relates to the overarching topic of cloud security.  

In addition to backup and recovery solutions, there are several countermeasures organizations can take to safeguard data in the cloud, which are detailed in this Advisory entitled: Protect Your Cloud Against Hacks and Industrial Espionage or have a look at these Advisories on Cloud Services and Security, How to Assure Cloud Services, and Security Organization Governance and the Cloud


If you would like a quick insight into topics, have a look at the following blog posts. Business Continuity and the Cloud looks at why business continuity must be part of digital transformation, and Cloud: hope for the best but plan for the worst highlights the fact that switching to cloud services does not absolve businesses of the responsibility to ensure business continuity.  


If you would prefer to listen to what our analysts have to say on this topic, a good place to start is this this presentation on why Cloud Backup and Disaster Recovery is an essential component of digital transformation. 

In addition, you can listen to this Analyst Chat on Ensuring Business Continuity for the Cloud, which examines the fact that despite being essential, business continuity is often overlooked when organizations adopt cloud services as part the push towards digital transformation. 

Tech Investment

Organizations investing in technologies to improve their backup and recovery capabilities for a hybrid IT environment can have a look at some of the related technology solutions that we have evaluated: