Services Microsoft 365 & Modern Workplace Identity & Zero Trust Cybersecurity & AI Security Email Security & Deliverability Network, Wi-Fi & Infrastructure Backup, DR & Continuity Automation & IT Governance
Industries Approach About Us Contact Us
I am:
Service Deep-Dive - Backup & DR

Most businesses have backups.
Almost none have tested them.

A backup that has never been tested is not a backup - it is a false sense of security. We implement, verify, and regularly test your full backup and recovery capability.

3-2-1 Backup ArchitectureImmutable Backup TargetsTested RTO/RPO
What it covers

Everything included in this service

Delivered by senior engineers. Scoped and priced upfront. No scope surprises.

โ˜๏ธ

Microsoft 365 Third-Party Backup

Veeam Backup for M365 or Acronis covering Exchange Online, SharePoint, OneDrive, and Teams. Microsoft native retention is not a data backup.

๐Ÿ’พ

On-Premise & Hybrid Backup

Veeam or Acronis for physical and virtual servers. Immutable copies to protect against ransomware encryption. Air-gapped and offsite replication.

๐Ÿ”„

Disaster Recovery Planning

RTO and RPO defined for each system. DR runbooks documented and tested. Cloud-based failover for critical workloads.

๐Ÿ“‹

Business Continuity Planning

Business impact analysis, critical process identification, and IT failure continuity procedures. Staff communication plans documented.

๐Ÿงช

Recovery Testing

Scheduled recovery tests for all critical systems. Results documented and reported. RTO/RPO validated against agreed targets.

๐Ÿ”’

Ransomware-Resilient Architecture

Immutable backup targets, backup account isolation from production, offline copy retention. Designed to survive a full domain compromise.

Platform overview
Backup, DR & Business Continuity
Most businesses have backups.
Almost none have tested them.
Immutable, tested backup and recovery โ€” designed to survive ransomware, documented to satisfy auditors.
The 3-2-1 backup architecture
3
3
Copies of data
At minimum, at all times
Three independent copies ensure that no single failure โ€” hardware, ransomware, or human error โ€” can destroy all your data.
Production data (primary)
Local backup copy (fast restore)
Offsite or cloud copy (DR)
2
2
Different media types
No single point of failure
Two different storage media ensures a hardware class failure (e.g. disk failure) cannot wipe multiple copies simultaneously.
On-premises NAS or tape
Cloud object storage (immutable)
Air-gapped media for critical workloads
1
1
Copy offsite
Physically separate location
An offsite copy protects against site-level disasters โ€” fire, flood, or a ransomware attack that encrypts everything on the local network.
Cloud replication (Azure, Veeam Cloud)
Isolated from production credentials
Immutable โ€” ransomware cannot delete it
⚠ What an untested backup leaves you exposed to
Ransomware encrypts backups Backup credentials compromised M365 data unprotected Unknown recovery time Corrupt backup discovered mid-recovery No DR runbook
What we back up and protect
M365
Microsoft 365 Backup
Veeam for M365 / Acronis
Exchange Online mailboxes SharePoint sites & document libraries OneDrive for Business Microsoft Teams data & channels Point-in-time restore โ€” not just recycle bin
Servers
On-Premise & Hybrid
Veeam / Acronis
Physical & virtual server backup Hyper-V & VMware support Application-aware backups (SQL, Exchange) Offsite replication to cloud Bare-metal recovery capability
DR
Disaster Recovery
Documented RTO/RPO
RTO defined per workload RPO defined per workload DR runbook documented & tested Cloud-based DR failover option Tabletop exercises annually
Ransomware
Ransomware-Resilient Architecture
Immutable + Isolated
Immutable backup targets Backup accounts isolated from AD MFA on all backup management consoles Offline/air-gapped copy retained Designed to survive full domain compromise
ISO 27001 & NIS2
Backup and BC/DR controls aligned to ISO 27001 Annex A and NIS2 Article 21. Documentation produced as a standard deliverable.
HSE & Healthcare
BC/DR documentation produced to HSE ICT security standard where specified. RTO/RPO validated and evidenced for audit submissions.
Cyber Insurance
Immutability, tested RTO, and documented IR plan are the controls insurers require. We implement and document all three to underwriter standard.
Backup that runs is not enough. Backup you can recover from is.
Tailored to your role

What this means for you

Select your role to see how this service maps to your specific situation.

The backup being green does not mean you can recover

Backup status lights showing green means the job ran. It does not mean the data is recoverable, that the restore process works, that the backup is complete, or that the backup itself would survive a ransomware attack. Recovery capability must be tested, documented, and reported. We implement the architecture and run the tests.

Backup jobs run and show green but recovery has never been attempted
Microsoft 365 data is not independently backed up - relying on Microsoft recycle bin
Backup credentials are accessible from the same environment as production systems
No documented RTO or RPO - you do not know how long recovery would take
Discuss this with an engineer →

By the numbers

5/10
Environments with backups that have never been recovery-tested
58%
Of SMEs that suffer a major data loss event close within 6 months
Zero
4DS client environments without a tested, documented recovery procedure

You need to know your RTO and RPO before the incident, not during it

When something goes wrong, the two most important numbers are your Recovery Time Objective (how long to restore) and your Recovery Point Objective (how much data you lose). Without testing, neither number is known. We define both for every critical workload, implement the backup architecture to meet them, test them quarterly, and report the results. When an incident happens, you already know what the recovery looks like.

No defined RTO or RPO for critical systems - recovery time is unknown until it happens
Backup coverage gaps for cloud systems including M365, SaaS tools, and cloud-hosted servers
Backup account credentials stored in Active Directory accessible from production environment
Ransomware could reach and encrypt backup targets via the same credentials used for production
Discuss this with an engineer →

By the numbers

Monthly
Backup health monitoring and reporting under 4DS managed service
Quarterly
Recovery tests conducted and results documented per agreed RTO/RPO targets
3-2-1
Architecture: 3 copies, 2 different media, 1 offsite - applied to all critical workloads

Recovery capability is what matters - not backup capability

The businesses that recover quickly from ransomware or catastrophic data loss are those that knew their recovery time, had a runbook, had tested it, and had immutable backups that ransomware could not reach. The businesses that close or sustain existential damage are those that discovered how fragile their backup was at the worst possible time. We ensure you are in the first category.

You have no confident answer to the question of how long recovery from ransomware would take
Your cyber insurer is asking about backup immutability and RTO - you are not certain you can answer
Microsoft 365 data is not independently backed up despite being business-critical
No business continuity plan exists for IT failure scenarios affecting the whole organisation
Discuss this with an engineer →

By the numbers

58%
Of SMEs that experience major data loss close within 6 months (University of Texas)
Zero
Additional data loss in a 4DS-managed ransomware scenario with immutable backup in place
24 hrs
Maximum RTO target we define and test for critical workloads in a standard engagement

Backup and BC/DR documentation is mandatory in healthcare and public sector tenders

HSE and HIQA frameworks, as well as most public sector ICT procurement requirements, specify that suppliers must have documented backup procedures with defined recovery time objectives and evidence of periodic testing. A backup that has never been tested and an RTO that has never been validated cannot satisfy these requirements. We implement the procedures and produce the documentation.

No documented backup procedures or RTO/RPO evidence for a tender submission
Recovery has never been tested - cannot certify backup capability in a compliance context
No business continuity plan or IT disaster recovery runbook
M365 backup coverage gaps that cannot be evidenced in a healthcare or public sector audit
Discuss this with an engineer →

By the numbers

ISO 27001
Controls configured to ISO 27001 alignment โ€” evidence available for submissions
HSE
BC/DR documentation produced to HSE ICT security standard where specified
100%
Of 4DS client environments have documented and tested backup procedures
What a first review typically finds

The gaps we find in almost every environment

These are not edge cases. They are the standard state of an SME environment without an independent review.

5/10

Backup never tested

Backup software shows green. Recovery has never been attempted. In several cases the backup was found to be incomplete when tested.

6/10

M365 data not independently backed up

Organisations relying on Microsoft 30-day recycle bin. Not a substitute for point-in-time recovery of mailboxes, SharePoint, or Teams.

4/10

Backup accessible from production

Ransomware operators routinely encrypt backup targets. Backups in accounts accessible from the compromised environment provide no protection.

How we deliver it

The 4DS delivery process

Four stages. No handovers to junior staff mid-project. No scope surprises.

STEP 01

Backup Audit

All data sources inventoried. Current backup solution, retention policy, and last recovery test reviewed. Gap analysis produced.

STEP 02

Architecture Design

3-2-1 architecture designed with immutable targets. RTO and RPO defined per workload. Ransomware-resilient architecture specified.

STEP 03

Implementation & Testing

Solution deployed and verified. Initial recovery test conducted before handover. Results documented and reported.

STEP 04

Ongoing Management

Monthly backup job monitoring. Quarterly recovery tests. Annual BC/DR plan review and tabletop exercise.

Get in touch

Get in touch

Tell us about your current backup setup and whether any recovery tests have been conducted. No commitment required.

  • Full backup posture review โ€” M365 coverage, immutability, recovery testing status
  • RTO and RPO defined and validated โ€” not just documented
  • Scoped and priced upfront โ€” clear costs before any commitment

Get in touch

Tell us about your current backup setup and whether any recovery tests have been conducted.

No commitment required.

Enquiry received

No commitment is required at this stage.