MSSP, MSP, Business continuity, Phishing, Vulnerability Management, Malware

Backup Isn’t the Goal. Operational Resilience Is.

COMMENTARY: The conversation is shifting from backup to actual resilience. It’s not about whether data is stored somewhere; it’s about whether systems can be restored quickly and the business can keep running during an attack. That’s where most organizations struggle. For MSPs and MSSPs, this changes expectations. Clients don’t just want backups anymore, they want confidence that recovery will work under real conditions. This puts the focus on how well providers can manage recovery, automate processes, and restore operations at scale. The ones who can do that are moving beyond managing tools to actually keeping businesses running when things go wrong.



For years, too many organizations treated having backups as evidence of preparedness and continuity planning. If copies of data existed somewhere, leadership assumed the business was covered.

Unfortunately, that assumption no longer holds.

Backups still matter, of course. But backups alone do not stop modern ransomware, nor do they guarantee resilience. Today’s ransomware and cyber attacks are designed to do more than encrypt files. They are built to steal data, disrupt operations, and weaponize that disruption, leveraging stolen information, regulatory pressure, and public exposure to maximize financial, operational, and reputational damage. Attackers compound this by introducing a sense of urgency and pressure to respond. This can make it more difficult for organizations to respond in a measured and effective manner.

All of this matters to MSPs and MSSPs because it changes what clients actually need from a provider. The question is no longer, “Do we have backups?”, it’s “Can we restore critical systems and functions at scale and continue operating through an incident or disruption?

One of the biggest misconceptions in the market is that resilience begins and ends with storing data copies. It does not. Resilience is the ability to absorb disruption, contain damage, and recover essential operations under pressure. In practice, backup is one component of the broader operational discipline of resilience. If recovery is slow, fragmented, overly manual, or incomplete, backups alone may offer far less protection than leadership assumes.

That is where many organizations still fail. The issue is often not whether backups exist. In many environments, they do. The real failure point is whether the organization can restore quickly and reliably when it is needed most.

MSPs probably understand this better than most because they see what recovery looks like in the field. It rarely happens under clean conditions. There is confusion, a sense of urgency, and incomplete information. A plan that looked reasonable in a quarterly review can break down quickly in a real-world disruption scenario if it relies on too many manual controls, disconnected tools, or on the assumption that the environment is trustworthy. This is why resilience postures have to be designed and tested, not assumed.

Backup architectures need to evolve along with business realities. Hybrid, distributed, and immutable designs are no longer advanced options; they are becoming baseline expectations. Critical data now lives across endpoints, servers, cloud platforms, and SaaS applications, often changing faster than policies or administrators can keep track of. A recovery model that protects only portions of that environment is not a resilience strategy. It is a coverage gap.

This is especially important for service providers supporting distributed workforces. Endpoints remain among the most underestimated areas of business data risk because they are where work is created, revised, copied, stored, and sometimes lost. Providers who are not thinking seriously about endpoint recovery, version history, and data archives are not really solving the resilience problem clients face.

There is another reason this conversation is getting more urgent: attack timelines are shrinking. is accelerating cyberattacks and ransomware by automating tasks like phishing, vulnerability discovery, and malware deployment – making attacks faster, more scalable, and harder to detect. AI enables highly convincing scams and adaptive malware designed to evade traditional defenses. AI has democratized adversarial capabilities and has accelerated the speed and success rate of attacks. As a result, defenders need to shift from a reactive to a proactive mindset, operating under the assumption that threats are constant, fast-moving, and increasingly automated. This includes ensuring that effective resilience capabilities for critical systems and data are in place and backups are isolated, immutable, trustworthy, and tested.

In other words, backups cannot just exist. They must be reliable under duress.

That is where orchestration becomes just as important as architecture. Recovery today is not simply about retrieving files. It is about sequencing restoration at-scale across environments, validating integrity, restoring access, and ensuring business continuity. The organizations that perform best during cyber events are usually not the ones with the most tools. They are the ones who have a tested plan, a well-architected resilience posture, and the capability to restore operations at scale and continue business.  

For MSPs, this creates both challenges and opportunities. Clients expect their providers to do more than just manage technology. They expect them to reduce business risk and help ensure continued operations. They expect certainty on recoverability, retention, administrative control, and operational readiness. They want to know not only that data is protected, but that it can be recovered when things go wrong.

Many providers still talk about backup as a feature set instead of a resilience outcome. This is an opportunity for forward-thinking MSPs. The providers that stand out going forward will be the ones that offer a resilience model that includes backups, archiving, and recovery for critical systems and data across their clients' environment.  These partners will help their clients think through endpoint, server, and cloud risk and resilience needs -  immutability, isolation, endpoint risk, retention, and recovery sequencing across distributed environments. Just as important, they will build services that are operationally manageable at scale across their clients' organizations. That means broad protection across environments, rapid deployment, and delegated administration, allowing teams to deliver resilience consistently without creating unnecessary overhead.

Modern resilience is measured by time to recover. Not backup job success rates. Not storage volume. Not how many policies exist on paper. The organizations that can restore critical operations within hours, not days, will be the ones most likely to withstand modern cyber events without turning a technical incident into a revenue, customer, or reputational problem.

Clients are not buying backups for the sake of buying backups. They are building confidence that their business can keep functioning through disruption and recover before the damage spreads. MSPs who understand this shift will be in a stronger position to lead.


MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].


Todd Thorsen

Todd Thorsen is the CISO of CrashPlan.

You can skip this ad in 5 seconds