惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
LINUX DO - 热门话题
S
Secure Thoughts
TaoSecurity Blog
TaoSecurity Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threat Research - Cisco Blogs
AI
AI
B
Blog RSS Feed
S
Schneier on Security
雷峰网
雷峰网
Schneier on Security
Schneier on Security
Help Net Security
Help Net Security
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
罗磊的独立博客
有赞技术团队
有赞技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
The Cloudflare Blog
Webroot Blog
Webroot Blog
Last Week in AI
Last Week in AI
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
美团技术团队
L
Lohrmann on Cybersecurity
T
The Blog of Author Tim Ferriss
The Last Watchdog
The Last Watchdog
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Vercel News
Vercel News
Know Your Adversary
Know Your Adversary
O
OpenAI News
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cybersecurity and Infrastructure Security Agency CISA
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
PCI Perspectives
PCI Perspectives
H
Heimdal Security Blog
I
InfoQ
GbyAI
GbyAI
T
Threatpost
C
Cisco Blogs

Information Age

Is the SaaSpocalypse already over? - Information Age Stopping bad data from becoming bad business - Information Age Google I/O 2026 shows why enterprise AI governance needs an operating model Moving off the cloud – how to get repatriation right The AI inventory is the EU AI Act artefact most teams underestimate From speed to safety – how regulation is reshaping DevOps Quantum is coming. Here’s what CTOs can be doing today Small Language Models (SLMs) as the gold standard for trust in AI Your employees are waiting for your change programme to blow over How technical debt turns your IT infrastructure into a game you can’t win The business mobility trends driving workforce performance in 2026 Four actions CIOs must take to turn innovation into impact Eliminating blind spots – nailing the IPv6 transition Goodbye Software as a Service, Hello AI as a Service Smart auto-tiering vs. data reduction – logical efficiency vs. architectural efficiency The value of reducing middle office emissions for ESG How to match tech investment with real-world output
Why every organisation needs a minimum viable company strategy
Darren Thomson · 2026-05-14 · via Information Age

  • Traditional disaster recovery strategies typically focus on restoring the entire IT environment. It can take months, leaving businesses unable to function properly in the meantime.
  • A minimum viable company is the leanest version of a business that is still capable of operating and serving its customers if parts of its systems or processes are disrupted. This approach helps organisations maintain continuous business, even amidst a cyber attack.
  • By knowing in advance which systems and data to prioritise, organisations avoid the inefficiency of trying to restore everything at once. Recovery efforts can focus on the core environment that keeps operations moving, while the broader IT estate is brought back in parallel.

For modern organisations, the main challenge associated with cyber attacks has shifted from whether an attack will occur to how quickly they can restore essential operations once it does.

The incidents affecting M&S and Jaguar Land Rover (JLR) last year once again brought the scale of disruption into sharp focus. At M&S, recovering from an incident that came to light in late April 2025, reached a major milestone in early August when its click and collect services came back online. That’s nearly four months of lost revenue, not to mention the impact on brand reputation and consumer confidence.

The minimum viable company

Dealing with this kind of sobering reality requires a fundamental shift in perspective. A significant part of the problem is that traditional disaster recovery strategies typically focus on restoring the entire IT environment, a process that can take months, leaving even the most well-resourced businesses unable to function properly in the meantime.

So, what’s the alternative? This is where the Minimum Viable Company (MVC) concept comes into play.

An MVC is the leanest version of a business that is still capable of operating and serving its customers if parts of its systems or processes are disrupted. This approach helps organisations maintain continuous business, even amidst a cyber attack.

From an operational and IT point of view, what constitutes minimum viability will vary from one organisation to another, but typically the emphasis falls on areas such as communication and collaboration platforms, identity and access management and the core business applications that underpin supply chains, logistics, finance, customer services and, in the case of companies like JLR, production.

Without these essential services up and running, even a business that is technically ‘recovering’ can remain unable to function. The MVC, therefore, represents a practical starting point for resilience planning, bridging the gap between immediate continuity and longer-term restoration.

Defining an MVC

While the logic behind the MVC is straightforward, and recent research found that 36% of businesses recognise with its value, most organisations struggle to define and size it. The biggest barriers were found to be the complexity of existing systems and applications (52%), keeping recovery plans in line with changing business needs (47%), and difficulties separating ‘core’ systems from ‘broader’ operations (30%).  Large enterprises, in particular, often lack a clear, documented view of the systems and processes that make up their minimum viable state, and even fewer have tested that view end to end.

A key part of the difficulty lies in the way IT functions are typically structured. Teams responsible for networking, storage, cloud platforms, collaboration tools and servers tend to operate in silos, which means critical dependencies between systems are easily overlooked. A customer-facing application, for example, may rely on ERP, warehousing and CRM platforms in the background. Without all of these aligned, restoring the front-end service alone achieves very little.

The complexity of hybrid infrastructures is another factor. With on-premises, SaaS, and cloud-native services running in parallel, determining what to recover and in what order is far from straightforward. The result is that organisations remain vulnerable to extended disruption, even when they believe they have resilience plans in place.

When a major incident occurs, incident response and recovery teams both need access to the same infrastructure under intense pressure. Safeguards that organisations expect to rely on frequently fail; disaster recovery sites can be compromised if they share the same domain and backups are often corrupted or encrypted.

As a result, identifying a clean restore point can take days, with further time needed to build infrastructure and validate applications. Total downtime of 20 to 23 days is not unusual – a period many organisations would struggle to withstand. This underlines why defining an MVC in advance is critical: it provides a baseline for recovery that avoids weeks of paralysis.

Sizing a minimum viable company

As a rule of thumb, allocating around 20% of production in terms of storage, compute and workload scope offers a workable resource baseline. This subset should be made immutable and air-gapped to protect it from compromise, with around 10% of that allocation reserved for a cleanroom or isolated recovery environment.

For example, an organisation with a 4-petabyte production estate could begin with 800 terabytes of immutable backup, of which 80 terabytes are set aside for clean recovery. While not a substitute for full MVC analysis, this approach provides a foundational layer of resilience while longer-term planning continues.

By knowing in advance which systems and data to prioritise, organisations avoid the inefficiency of trying to restore everything at once. Recovery efforts can focus on the core environment that keeps operations moving, while the broader IT estate is brought back in parallel.

Added to this, modern recovery platforms can also cut downtime dramatically. By continuously scanning backup copies for malware, identifying clean restore points, spinning up isolated recovery environments on demand and orchestrating application rebuilds with dependencies intact, recovery that once took 20 days can be reduced to a matter of hours or a single day.

Equally, bringing incident response and recovery into a single pane of glass is a big advantage, not least because it enables teams to ensure the right systems are restored in the right order. For smaller organisations this can begin with a minimal package — such as immutable backup of Microsoft 365 and secure Active Directory recovery — while enterprises can scale the same principles with consulting support. Either way, establishing a Minimum Viable Company can go a long way to mitigating the headline-grabbing risks of business downtime.

Darren Thomson is Field CTO EMEAI at Commvault.

Read more

The risks of supply chain cyberattacks on your organisation – Nick Martindale explores the risks to organisations associated with supply chain cyberattacks and what you should do about it

Will more AI mean more cyberattacks? – An increased use of AI within organisations could spell a rise in cyberattacks, explains Nick Martindale. Here’s what you can do

What the first 24 hours of a cyber incident should look like – The early stages following a cyber incident are arguably the most important. Here’s how to manage it and learn from it