News

How to Modernize Data Recovery Tactics That Just Don't Cut It Anymore

• By David Ramel
• 06/04/2025

When it comes to disaster recovery, "just having backups" no longer counts as a strategy. That was the blunt message from data architect and international speaker Karen Lopez during the Future-Proofing Data Summit: Modern DR & Protection Tactics, where she helmed a session today titled "The Disaster Recovery Strategies that Aren't Enough Anymore (and How To Modernize Them)," available for on-demand replay for those that missed it.

Lopez led off the June 4 event with a warning: today's complex IT environments -- sprawling across clouds, endpoints, and third-party services -- have outpaced yesterday's recovery plans.

Lopez's session, titled "The Disaster Recovery Strategies That Aren't Enough Anymore (and How To Modernize Them)," outlined why many DR practices fail and what IT pros should be doing instead. She emphasized that modern resilience requires not just backups, but tested restores, automation, immutability, and clear cross-team communication.

Here are just a few of the takeaways from her wide-ranging and insight-packed presentation. Plenty more are detailed in the replay.

Backups Are Not the Goal -- Recovery Is
“One of the biggest mistakes I see," Lopez said, "are teams that rely only on backups as their strategy." While this is a good starting point, she explained, relying solely on backup tooling without a coordinated, orchestrated plan for recovery is a recipe for disaster.

"We don't need backups at all. All we need is our restores and recovery," she said jokingly, adding that organizations must be able to "operate our business, whatever that is," even if it means falling back on offline processes or paper systems in a pinch.

This thinking demands that IT teams prioritize recovery orchestration -- people, places, systems, and actions -- and rehearse it. Random sampling of restores and scheduled recovery drills, she advised, are critical parts of a modern resilience strategy.

The Cloud Won't Save You
Cloud-native services offer high availability by default, "but that doesn't mean they can be relied upon for all disaster recovery needs, Lopez cautioned. "High availability does not save you from a user accidentally deleting a full SharePoint site," she said. "Or a user deleting their mailbox instead of a folder."

She pointed to a common misconception: that because cloud infrastructure replicates data and offers built-in resilience, separate backups are unnecessary. But accidents, misconfigurations, and ransomware don't care whether you're on-prem or in the cloud.

Even within Microsoft 365 environments, she said, it's essential to ask tough questions: Can you back up that data? Can you restore it yourself? How fast can a vendor respond? "You need to know what the cloud provider is responsible for, but you also need to know what you're responsible for on your end."

Modern Assets Need Modern Protection
Lopez also highlighted a growing blind spot in DR plans: the data and configurations that don't live in traditional applications. "Do you even know where all the prompts are being stored that are being used to run your business? Do you know where models are being stored? Do you know how they're secured? Do you know who's responsible for them?" she asked. These assets, often powering key parts of business operations, are rarely covered in typical DR plans.

Other overlooked data types include low-code workflows, third-party SaaS data, and even edge data generated outside the datacenter. "Work-from-home introduces a whole new surface area for risk," she added, noting that users may inadvertently store company data on personal devices or unmanaged networks.

Immutable Is the New Must-Have
Lopez's top recommendation for ransomware resilience? Immutable backups.

"Immutable storage could protect your backups in a way ... But immutable storage means even if it's in another place, it can't be changed," she said. This combination of hardware and software ensures that data -- once written -- cannot be deleted or altered. In an era where attackers often target backup environments as part of their attack chain, immutability offers a critical last line of defense.

While not a silver bullet, she considers it "a must-have" for organizations serious about recovery readiness: "Your risk levels go through the roof without it."

For IT leaders reevaluating their recovery readiness, Lopez's session is essential viewing. We only provided a few of her hard-won advice tips here for lack of room, but the replay is definitely worth watching for the full picture. As she put it: "In 2025, all your recovery playbooks should be in a system that can be automated and, of course, very secured."

And, although replays are fine -- this was just today, after all, so timeliness isn't an issue -- there are benefits of attending such summits and webcasts from Virtualization & Cloud Review and sister sites in person. Paramount among these is the ability to ask questions of the presenters, a rare chance to get one-on-one advice from bona fide subject matter experts (not to mention the chance to win free prizes -- in this case $5 Starbucks gift cards for the first 300 attendees provided by sponsor Rubrik, a leader in cloud data management and enterprise data protection which also presented at the summit).

With all that in mind, here are some upcoming summits and webcasts coming up through the rest of June from our parent company:

• Zero Trust Strategies for the Hybrid Multicloud and AI Era Summit -- June 6
• Ransomware Resilience for Amazon S3 Summit: Tools, Tactics and Best Practices -- June 10
• Cloud-First, Hybrid Ready: Powering Business with a Hybrid Multicloud Platform -- June 12
• Midyear Cloud Security Check-In Summit -- June 18
• SaaS Data Resilience 101 Summit -- June 24
• How To Take Unstructured Data from Chaos to Clarity Summit -- June 27