SERVICES / Disaster Recovery & Business Continuity
DISASTER RECOVERY & BUSINESS CONTINUITY
When the worst happens, the clock starts.
Immutable backups, documented runbooks, quarterly restore drills, and Essential 8-aligned recovery planning across Microsoft 365 and Google Workspace. So when ransomware hits, a tenant breaks, or someone permanently deletes a folder, you recover in minutes, not days.
THE MOST EXPENSIVE ASSUMPTION IN IT
"Microsoft 365 already backs itself up."
No. It doesn't. Microsoft operates under a shared responsibility model, they keep the lights on; you're responsible for protecting your data. The same applies to Google Workspace. Retention policies and version history aren't backups. Deleted items past 30 days are gone. A ransomware attack that propagates through OneDrive, SharePoint or Drive will encrypt your "backed up" files too.
BaseHost delivers true third-party backup, immutable, isolated from your tenant, retained on your schedule, and tested every quarter.
WHAT WE PROTECT
Everything that matters, backed up properly
Microsoft 365 / Google Workspace
Mail, calendars, contacts, files (SharePoint / Drive), OneDrive, Teams / Meet chat history, all retained per your schedule.
Endpoints
Laptop and desktop point-in-time recovery. File-level restore, image-level recovery, ransomware rollback.
Servers & VMs
On-prem and cloud VM backup. Hyper-V, VMware, Azure VMs, Google Compute Engine. Bare-metal restore capability.
Identity & configuration
Entra ID / Cloud Identity exports, Conditional Access policies, Intune configuration profiles, tenant baselines.
Network & infrastructure
Firewall configurations, switch configs, DNS records, routing tables, version-controlled and recoverable.
Secrets & keys
Encryption keys, certificate stores, Key Vault / Secret Manager contents, API tokens, escrowed and recoverable.
RECOVERY POSTURE
Backup that's actually tested
A backup you haven't restored from is a hypothesis. We test in production every quarter, with written evidence.
1
Immutable storage
Backup data lives in immutable cloud storage. Ransomware can't encrypt it. Admin compromise can't delete it.
2
Documented RTO & RPO
Every system tier has a written Recovery Time and Recovery Point objective, agreed with you and documented in your DR runbook.
3
Quarterly restore drills
Real restores, performed every quarter. You get written evidence: what was restored, how long it took, what went wrong, what we fixed.
4
Essential 8 aligned
Mitigation Strategy 8 implemented to ML2 by default, ML3 available. Maps to ISO 27001 A.12.3 and SOC2 CC9.
FREQUENTLY ASKED
Common questions
What's the typical RPO and RTO?
For a properly configured BCP, RPO 1-4 hours and RTO 4-24 hours are achievable for most workloads. The numbers we commit to in your SLA are the numbers we test against.
How often are restores actually tested?
Quarterly for managed clients, with written evidence. An untested backup is theatre.
What about immutable backups for ransomware?
Yes. Immutability and air-gap separation are core architectural requirements. The backup tier sits outside your production identity boundary.
Do you support Microsoft 365 backup?
Yes, third-party M365 backup is a recommended foundation control. We typically deploy Datto, Veeam or Spanning depending on your environment.
What about cloud-to-cloud disaster recovery?
For workloads in Azure or M365, we architect failover regions, replicated storage and tested recovery procedures.
Are licenses included?
Engineering and management are included; the backup tooling and storage licensing is billed separately at vendor cost.
HOW WE DELIVER DR
Backup and recovery built around the worst day, not the brochure.
DR is engineered against documented Recovery Time and Recovery Point Objectives, not a vague promise that "we have backups". Geo-redundant copies sit in a separate cloud region with immutable retention so ransomware cannot wipe them. Quarterly test restores prove the backups actually work, not just that they ran. Runbook drills with your team make sure people know what to do when the worst day arrives, instead of reading the document for the first time under pressure.
We assume the production tenant is gone and work back from there: which systems come up first, in what order, against which DNS, with what data state. A backup nobody has ever restored is not a backup, it is a hope. Our quarterly proof runs catch silent failures before you need them, and the next runbook update gets scheduled on the same call.
Get a free backup posture review. 30 minutes, no obligation.
We'll audit what's actually being backed up in your current setup, identify the gaps that would hurt most, and give you a clear remediation roadmap.
RELATED READING