Off-site backup
Off-site backup for business: second copy, ransomware and restore tests
Off-site backup becomes useful only when you can answer three questions: what will be restored, how fast, and from which point in time. A file copy alone is not a continuity strategy.
Short answer
Off-site backup becomes useful only when you can answer three questions: what will be restored, how fast, and from which point in time. A file copy alone is not a continuity strategy.
3-2-1 without the slogan
In practice you must describe data sources, local copy, off-site copy, retention, restore testing and access procedure when the primary site is down.
Ransomware and isolation
Off-site backup should reduce the risk that one mistake, one account or one administration network deletes or encrypts all copies.
Databases, mail and files
A SQL database, a VM, a mailbox and a document repository restore differently. Each data type needs a plan.
Backup monitoring
Backup without alerts is a promise. You need job reports, capacity, increments, duration, errors, restore tests and periodic review.
Practical checklist
- List critical systems and assign RPO/RTO plus a business owner.
- Choose backup technology for VMs, databases, mail, files and SaaS applications.
- Define short retention, long retention, GFS, encryption, account separation and emergency access.
- Test restore at least once for each data type and after major changes.
- Treat backup reporting like a production system: alerts, capacity, trends and review.
Frequently asked questions
Does off-site backup protect against ransomware?
It helps if it is separated, has retention, limited accounts, monitoring and tests. A copy inside the same administration domain may not be enough.
Must off-site backup be in another city?
Not always, but it must be outside the main location and outside the same operational risk. For DR, a second-location scenario is worth considering.
What matters more: capacity or restore?
Restore. Capacity is a cost, but backup value appears only during recovery.