Backup or replication?

22/05/25 Wavenet
Backup or replication? placeholder thumbnail

When considering whether to backup or replicate to protect your data, there’s a lot to consider.

Your business creates and uses a lot of data. If you were to experience any form of disruption that impacts your data or access to it, you need to know where to focus your resources to enable you to resume operations as swiftly as possible. Your main options are backup or replication. So which do you choose, and why?

Paul Timson our Product Manager for business continuity, shares his top tips and advice on how to get this right…

Firstly, it’s important to classify your data, applications and their dependencies so that you can apply the most appropriate level of protection to all of your data. This will help you to focus on recovering what’s most important when recovery is required, so that you don’t prioritise less important data at the expense of something more critical.

Working out recovery time and recovery point objectives

Customer facing systems need to be recovered quickly if there’s an incident. It’s important to set a recovery time objective (RTO) that you can plan for, so that you have a strategy for recovering your data before productivity, customer service and even your reputation, are impacted by downtime. (Your RTO is your maximum acceptable period of downtime.) There will be data that’s not just important, it’s business-critical and the impact of its loss can be measured by the second – you not only need to think about availability and downtime, you also need to meet your required recovery point objective (RPO) so that you can make adequate provision to keep critical data loss to an absolute minimum. (Your RPO is your maximum acceptable amount of data loss, measured in time.) Once you consider your data loss tolerance, imagine a situation where your data gets stolen (exfiltrated) from your company and held to ransom.

Encrypting your commercially sensitive data or crown jewels, is essential to ensure that even if your data is stolen, it’s unreadable. Immutability is important because it makes your backup copies read-only and no-one can delete them. These are the basics you need to get right before you begin to look at the wider attack threats from cybercrime which we’ll look at another time.

Some initial data protection considerations

Before making any decisions about backup and replication, it’s important to remember that how you protect your data will impact your recovery options. Knowing what systems interact with other systems and even external supply chain systems will impact your recovery plans.

6 key data protection questions to help inform your strategy…

Important questions that you need to think about, across your data sets and workloads:

  • Do you know where your data is stored? Is it on your premises and encrypted or stored elsewhere like public cloud? Is it immutable and in another location when it’s backed up? You must ensure you have an encrypted, immutable air-gapped copy of your data as your reliable go to source for recovery.
  • Do you know if your data is all protected and how many different tools and teams you operate to keep it safe? In an ideal world one product to backup everything would be perfect, and it can be done. However, usually backup tools have grown organically to protect this or that, and there are different silos of data and teams to manage them, all with different capabilities. This can be a big overhead so it’s well worth looking at an overhaul of your backups to see if one tool can do all of it – it’s likely to pay for itself with saving in management overheads. The other big benefit of a single tool is that it can help you in managing your dependency mapping, so recovery from any incident becomes easier.
  • How often do you test that you can fully recover - and how long does it take, with how many people involved? On-demand and automated rehearsals are now becoming a standard requirement of data protection and recovery because an annual DR test no longer cuts the mustard. Regular weekly/monthly testing can prove your recovery plans and timescales whilst also flagging up any issues before you really need to rely on them. If you’re only testing once or twice a year, consider adopting an automated on-demand approach as these are often easy to do and don’t involve lots of resource from your company or provider and the benefits are huge. Not least of which is, if you perform an automated recovery on what you believe is a dependent group of servers or applications (a subset of your entire estate) and then find there’s a change that’s been made or a new application installed which means this now also needs to be included. Better to find out before you need to rely on it!
  • How much data can you tolerate losing? Zero data loss is the aim, but we all know reality just doesn’t match that unless you have very deep pockets and endless resources. Losing an hours’ worth of data or 15 minutes can be costly but this is where valuing your data and its dependencies is key. The value of the data will then help you protect it accordingly and give your business the ability to determine the loss vs cost decision-making. Focussing on what we call your ‘critical viable business’ - what’s the minimum IT setup that will keep you in business and what workloads, apps and networking will be needed to provide it? This is a great place to start and will help prioritise your recovery.
  • Do you know the relative importance and dependencies of your different types of data? Similar to other points we’ve discussed already, the value of data and its dependencies runs right through every aspect of data protection and recovery. Knowing how data moves between systems, understanding where it is at risk - does it pass over networks outside your organisation? Knowing your systems and the data they work on will drive your decisions on protection and will impact recovery. This feeds into your recovery strategy as often, inter-dependent systems need to be recovered together.
  • If one application is compromised and needs recovering, will other dependent systems also need to be rewound to the same point to maintain consistency? Today’s IT very rarely sits in isolation, particularly with the advent of containers where developers can build small interacting components into an application. Recovering only part of that group of interworking parts may result in others failing because they are less or more up to date than those recovered. This is most starkly demonstrated with point-of-sale applications where customers may interact with an application and choose a product to purchase, which then passes information to a stock system and then a billing system and finally logistics to get it delivered. If the stock system has an issue and is recovered to, say, last night, but the other systems are up to date as of now, the stock system may not report correct stock levels or refuse to work as it cannot work with the now out of sync billing system. So, it pays to know what each component talks to and relies on when recovering partial systems.

So what does this all mean? Should you backup or replicate or both?

I recommend that you always backup, this can be as frequent as every 15 minutes, if need be, and replicate only as required for selected key workloads.

Replication is brilliant for what we refer to as ‘traditional IT disasters’, such as user error, upgrades gone wrong, malicious insider, fire, server failure…the list is endless.

Replication is not so good when a cyber incident occurs and here’s my reasoning, whether you agree with me or not:

  • Backups can be achieved every 15 minutes compared to seconds for replication, which means that for replication to be better than frequent backup, your cyber incident needs to be cleaned up within 15 minutes, which is unlikely.
  • Replication is intended to be able to failover immediately an incident occurs. In a cyber incident you cannot failover because you will failover to a duplicate problem. You will have called in your cyber incident responders from Wavenet or another provider, who will spend hours and often days forensically investigating the infiltration, the damage and the steps to remediate so you don’t get a repeat break in.
  • Once you have passed the seconds/minutes elapsed time that replication gives you, recovering from a backup becomes more attractive. It is possible for replication tools to keep a journal for up to 30 days, so it may be possible after the cyber teams have finished and give you a safe restore window, replication can still be of use. However, booting directly from a clean backup offers the same options at a lower cost than recovery from replication. The dwell time that an infiltration has been in progress is on average longer than 30 days, rendering replication obsolete.
  • However your cyber incident management team supports you, there will be the need for a cleanroom or isolated recovery environment in which to restore your data to be checked as clean by forensics before you restore to the required recovery location, whether that be public cloud or our range of recovery options. Each workload and its dependencies and the recovery order and point in time need to be considered as we have mentioned in the earlier points.

Benefit from an experienced business continuity and cyber resilience provider

Both backup and replication have their place, but no incident is the same for any business so it’s important to seek advice from a provider with industry and recovery experience. Traditional data protection and recovery will protect you well when it is done correctly and looked after, but please do not rely on this when cyber comes calling – specialist responses are required here and it’s important to have the right protection in place.

Paul Timson Headshot

About the author

Paul Timson is the Product Manager in business continuity at Wavenet. He has worked in the business continuity field for almost his entire career, and with Wavenet for over 35 years. Starting out helping DEC VAX and AXP customers, through to delivering our comprehensive business continuity, disaster recovery and cyber resilience services as a technical engineer, to now planning and looking to the future to ensure we’re able to protect our customers, come what may.

Backup & Recovery, Cyber Security, business continuity

Latest blogs

See all posts
managed soc
What is a Managed SOC? Key benefits and how it protects your business

With cyber security threats evolving at an unprecedented pace - businesses face constant challenges in safeguarding their data and systems. Managed Security Operations Centres (SOCs) offer a solution to these challenges. They provide round-the-clock monitoring and management of security incidents. This service is crucial for businesses aiming to protect their assets.

Read more
colocation-services
Major business benefits of colocation: cost, efficiency, security & continuity

Managing servers and infrastructure can be costly and complex. Colocation services offer a strategic solution.

Read more
wavenet IT support
How we support our customers | Managed IT services UK

We support organisations by bringing together the core building blocks of modern IT - secure, resilient networking; flexible cloud and data platforms; and collaboration tools that help people work from anywhere. As the UK’s most trusted managed service and security provider, we combine a broad portfolio across connectivity, cloud, communications and cyber security with deep technical expertise to design solutions that fit each customer’s goals, not a one-size-fits-all template. From connecting people and places to applications and data, to optimising Microsoft services and costs, enabling AI-driven productivity, and protecting environments with proactive security and incident response, We help customers stay secure, agile and focused - while building the operational resilience needed to anticipate, respond to, and recover from disruption. Watch this video to find out more Transcript: 0:05 Wavenet is the UK's most trusted managed service and security provider with a broad portfolio in connectivity, cloud, communications and cybersecurity. 0:15 We employ 1700 brilliant people with over 950 of those being highly skilled technologists. 0:22 So how do we use our broad portfolio, market leading partnerships and deep technical expertise to support our customers? 0:30 Intelligent networks are the foundation upon which everything else is built. 0:34 If the network is not robust, secure and scalable then anything that's connected to it will be affected. 0:40 From supplying broadband to designing networks from scratch, we connect people and places to data and applications. 0:46 As an ISP, we know there is no one-size-fits-all when it comes to network connectivity, so we take the time to assess the situation and goals before making a recommendation. 0:56 With the intelligent network in place, we make applications and data accessible. 1:00 These can reside anywhere within the Wavenet cloud, whether that be public, private, community or SAS based services unique to the market on demand. 1:09 Azure provides you with access to technical change and run squads for transformation, engineering and support, aligned with your own initiatives and priorities and as scalable as you need. 1:21 In public services such as Azure and Microsoft 365, financial management is a critical component and we have the tools that can effectively review consumption and make recommendations to streamline costs by effective use of licences, application of Azure services and 365 subscriptions. 1:39 Modern Workplace provides secure access for colleagues to the applications and data they need, regardless of location, whether they're in the office, at home, or working remotely. 1:49 They can access their apps and data from the Wavenet cloud, or they can be delivered as SAS services over the Intelligent network. 1:56 Our Copilot adoption and readiness packages unlock productivity, making your people more efficient. 2:02 Our Desktop as a service offering manages the full life cycle of consumer devices from provision, iMac management, recovery and recycle. 2:10 Bundled with complementary services such as End User Service Desk and Customer Site Tech Desk to support your staff and colleagues, ensuring that they're able to use the technology efficiently. 2:20 Our mobile services offer cost effective connectivity and airtime plans from all the UK's mobile network providers. 2:28 IoT services can be described as modern workplace with cameras, sensors, scanners and other devices providing data and insight over the foundation network. 2:37 Once we have connected users to your business applications and data, we help them communicate and collaborate with colleagues, suppliers and customers. 2:45 We empower sales and contact centre users with generative and agentic AI tools, pulling real time data information from your systems before, during and after customer interactions to deliver outstanding customer experiences. 2:59 We protect your environment with a range of proactive security services including security testing, managed detection and response. 3:06 Seem security awareness training and cyber certifications. 3:10 Providing reassurance in the event of an attack through fast and effective cyber incident response. 3:16 Underpinned by our highly skilled people, modern platforms and ITIL aligned processes. 3:22 Our advisory, monitoring, support and manage services simplify technology management, enhance user experience and control complex environments. 3:31 Helping you stay secure, agile and focused. 3:35 From supporting your in house IT teams to fully outsourced infrastructure and end user support across connectivity, cloud, communications and cybersecurity, we scale our services to support your business needs. 3:48 Wavenet has a long heritage in delivering operational resilience services and business continuity management consultancy. 3:54 With services that have evolved to meet the growing demands of UK organisations and new technology, we deliver the ability to anticipate, prepare for, respond to and recover from disruptive events or challenges that could impact your operations. 4:09 The goal is not just to survive disruptions, but to be able to maintain critical operations and recover quickly when things go wrong. 4:16 This is especially important in a fast-paced, interconnected world where businesses faced increased vulnerabilities. 4:23 As you can see, using our economies of scale, diverse vendor relationships and cutting edge expertise, we empower customers to make their technology work smarter.

Read more
Did your cyber defences hold up during Black Friday and Cyber Monday?
Did your cyber defences hold up during Black Friday and Cyber Monday?

Cyber Monday and Black Friday have come and gone, with the UK consistently ranking second in global participation to what is the biggest online shopping event. Each year continues to set new records, Barclay’s predicted that UK shoppers would spend a whopping £10.2bn this Black Friday1.

Read more
building cyber resilience
Building cyber resilience with modern backup & DRaaS

Wavenet and Assured Data Protection experts come together for a practical, data-driven webinar exploring the critical importance of proactive backup and disaster recovery strategies. Demonstrating how immutable backups and instant recovery can protect your organisation from ransomware, outages, and compliance risks.

Read more
API Security
Mobile app security - a pen tester’s view

The real threat to mobile apps isn’t the app, it’s API security. Chris Watt, an experienced Wavenet penetration tester, discusses mobile security…

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.