eastbaycyber

What Is Backup?

Glossary 6 min read
EC
East Bay Cyber Editorial Team Reviewed 2026-05-13
Definition

A backup is a copy of production data or systems stored separately so it can be restored later.

A backup is a separate copy of data, systems, or configurations kept so you can restore them after deletion, corruption, hardware failure, misconfiguration, or cyberattack. In practice, backup is less about making copies and more about recovery. If the original data is lost and you cannot restore it, the backup strategy did not do its job.

Backups are a core resilience control for both IT operations and security. They matter for ransomware recovery, accidental deletion, failed updates, and broader disaster recovery planning. For related guidance, see what is ransomware and what is disaster recovery.

How backup works

A backup process copies data from a live environment to another location and preserves it long enough to support recovery.

Data is copied from a primary source

The source system might be:

  • A laptop or desktop
  • A file server
  • A cloud workload
  • A database platform
  • A Microsoft 365 or Google Workspace tenant
  • A virtualization environment

The goal is to preserve enough data to recover what the business actually needs, not just whatever is easiest to copy.

The copy is stored somewhere else

Backups can be stored:

  • On a local backup appliance
  • In another site or data center
  • In cloud object storage
  • On removable media
  • In a managed backup platform

Where backups live matters. If backup storage is reachable with the same compromised admin account or sits on the same flat network as production, an attacker may be able to delete or encrypt both.

Jobs run on a schedule

Most organizations use scheduled backup jobs based on:

  • How often data changes
  • How much data loss is acceptable
  • How quickly systems must be restored
  • Retention and compliance requirements

Common backup schedules range from multiple times per day to weekly full-image jobs, depending on the workload.

Retention policies define how long copies stay available

Retention determines how long backup copies are kept. That matters because some incidents are not discovered immediately.

For example, if malware has been present for weeks, a very short retention period may leave you with only corrupted or encrypted restore points.

Recovery is the real test

A backup has value only if it can be restored successfully.

Restore scenarios may include:

  • One deleted file
  • A mailbox or document library
  • A database table or record set
  • A virtual machine
  • An entire application stack

This is why backup teams regularly test restores instead of relying only on successful job logs.

Common types of backup

Different backup methods balance storage use, speed, and recovery complexity.

Full backup

A full backup copies all selected data each time.

Advantages:

  • Simple restore process
  • Clear recovery point

Tradeoffs:

  • Uses more storage
  • Takes longer to run

Incremental backup

An incremental backup copies only changes since the last backup job, whether that last job was full or incremental.

Advantages:

  • Efficient storage use
  • Faster backup windows

Tradeoffs:

  • Restore can be more complex
  • Multiple backup sets may be needed for full recovery

Differential backup

A differential backup copies changes since the last full backup.

Advantages:

  • Simpler restore chain than incremental in many cases
  • Less storage than repeated full backups

Tradeoffs:

  • Can grow larger over time until the next full backup

Image-based backup

Image-based backups capture an entire system or workload, often including operating system, applications, and settings.

These are useful for restoring complete servers or virtual machines after major failure or ransomware.

Why backups matter in cybersecurity

Backups are one of the most important controls for resilience because they reduce the impact of destructive events.

Ransomware recovery

If ransomware encrypts production data, clean backups may allow you to recover without depending entirely on the attacker.

That does not make backups a complete ransomware defense, but they are central to response planning.

Accidental deletion and human error

Users delete files. Admins make mistakes. Scripts run against the wrong system. Backups provide a way to recover from routine operational failure, not just attacks.

Hardware and platform failure

Disks fail, systems crash, storage gets corrupted, and cloud services can still experience outages or administrative mistakes.

Bad updates and misconfiguration

A faulty patch, broken deployment, or harmful configuration change can damage systems just as effectively as malware.

What makes a good backup strategy

A strong backup strategy is not just “we run jobs every night.” It includes design choices that improve survivability.

Separation from production

Backups should be isolated enough that compromise of production does not automatically compromise recovery.

Access control

Only a limited set of users should be able to modify, delete, or restore backups. Strong password practices and access hygiene matter here, which is why teams often use a password manager such as Try 1Password → for admin credentials tied to backup systems.

Immutability

An immutable backup cannot be altered or deleted for a defined period. This is especially useful against ransomware and malicious insider activity.

Encryption

Backup data often contains sensitive business or personal information, so encryption at rest and in transit is usually appropriate.

Monitoring and alerting

Backup failures, unusual deletion attempts, and sudden policy changes should generate alerts.

Restore testing

The most important question is not “Did the backup finish?” It is “Can we restore cleanly and fast enough?”

Backup vs snapshot

A snapshot is a point-in-time state of a system or volume. It can be useful for quick rollback, but it is not always a substitute for a separate backup, especially if it lives in the same environment and shares the same risk.

Backup vs replication

Replication copies data to another system, often for availability. It helps with uptime, but it can also copy corruption, deletion, or attacker activity. Replication alone is not the same as backup.

Backup vs archiving

Archiving is mainly for long-term retention and reference. Backup is mainly for recovery after loss, corruption, or disruption.

Backup vs disaster recovery

Disaster recovery is the broader plan for restoring services after a major incident. Backups are one important part of that plan, but not the whole plan.

Where you will encounter backup planning

Backup strategy comes up in many routine business and security situations, including:

  • Ransomware preparedness
  • Cloud migration projects
  • SaaS risk reviews
  • Cyber insurance questionnaires
  • Compliance assessments
  • Business continuity planning
  • Incident response tabletop exercises

Small businesses often underestimate backup complexity because “files are in the cloud” sounds safe enough. In reality, recovery still depends on retention, admin controls, and whether the platform gives you the restore options you expect.

For teams protecting endpoints in addition to backup systems, security software such as Get Malwarebytes → can help reduce the chance that commodity malware or ransomware reaches the systems you rely on for daily operations.

Practical backup questions to ask

A simple way to evaluate backup readiness is to ask:

  • What data and systems are actually backed up?
  • Where are those backups stored?
  • Who can delete them?
  • How long are restore points retained?
  • Are there immutable or offline copies?
  • How long would a real restore take?
  • When was the last successful restore test?

If you cannot answer those clearly, the backup program may be weaker than it appears.

Final takeaway

A backup is a separate copy of data or systems kept so they can be restored after deletion, corruption, failure, or attack. The goal is not just storage. The goal is recovery.

Good backups are separated from production, protected from tampering, monitored for failure, and tested regularly. In real incidents, the difference between “we have backups” and “we can restore the business” is often what determines whether disruption lasts hours, days, or much longer.

Last verified: 2026-05-13

Disclaimer: This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.