Backups: What They Are, What They Protect, and What They Can’t Recover

Backups are one of the most important — and most misunderstood — parts of IT and cybersecurity.

Many people assume that having “a backup” means everything is always recoverable. In reality, backups are incredibly powerful, but they are not a rewind button for every possible scenario.

This post explains what backups are, the different types, what is (and isn’t) backed up, how cloud backups work, what immutable backups mean, and — just as importantly — their limits.

What is a backup?

A backup is a separate copy of data taken at a specific point in time that can be restored if something goes wrong.

Backups protect against:

  • Accidental deletion

  • Hardware failure

  • Ransomware and malware

  • Corruption or failed updates

  • Lost or stolen devices

  • Human error

A critical concept to understand:

Backups capture what existed at the time they ran — not what happened after.

An important reality: backups are not real-time

Backups run on schedules — for example:

  • Once per hour

  • Once per day

  • Multiple times per day for critical systems

That means:

  • A file created after the last backup has not been backed up yet

  • A file deleted before the next backup runs may be gone permanently

Example

  • You save an important file at 3:55 PM

  • The last backup ran at 2:00 PM

  • The file is deleted at 4:00 PM

  • The next backup runs at 6:00 PM

Result:
That file was never captured in a backup and cannot be restored.

Backups reduce risk — they do not eliminate it entirely.

Two main types of backups

Image-based backups (full system backups)

An image-based backup captures an entire system, including:

  • The operating system

  • Applications

  • Settings and configurations

  • Files on the device

This allows a system to be restored to a previous working state.

What image backups are great at

  • Recovering from hardware failure

  • Restoring systems after ransomware

  • Getting a computer or server running again quickly

What they don’t do

  • Recover files that never existed at backup time

  • Undo actions that occurred after the last snapshot

File and folder backups

A file and folder backup captures specific locations such as:

  • Documents

  • Desktop

  • Shared folders

  • Project directories

What file backups are great at

  • Restoring individual files or folders

  • Recovering earlier versions of files

  • Protecting user data

What they don’t do

  • Back up applications or system settings

  • Recover files deleted before they were backed up

What is typically backed up

Backups are intentionally scoped. Common items include:

  • File servers and shared drives

  • Critical application data

  • Virtual machines

  • Important workstation folders

  • Configuration data

Not everything everywhere is automatically backed up unless it has been explicitly included.

Cloud services: availability ≠ backup

OneDrive and SharePoint

Services like OneDrive and SharePoint are excellent collaboration and availability tools, but they are not full backups by themselves.

Important limitations:

  • Deletions sync across devices

  • Ransomware can sync encrypted files

  • Retention periods are limited

  • Admin deletions can be permanent

A dedicated Microsoft 365 backup:

  • Creates independent, point-in-time copies

  • Allows restores beyond Microsoft’s default limits

  • Protects against large-scale deletion or corruption

A critical limitation: some things cannot be “undone”

This is one of the most important expectations to set.

Examples of non-recoverable scenarios

  • A file created and deleted between backup runs

  • A system or service deleted outside backup scope

  • A cloud tenant (such as Salesforce, Microsoft 365, etc.) being deleted

  • Data removed by an administrator with no retention or backup in place

In many SaaS platforms:

  • There is no global undo button

  • Deletions may be immediate and irreversible

  • Even the vendor may not be able to recover the data

  • An MSP may not have the technical or contractual ability to restore it

Backups only work where backups exist.

What “immutable backups” mean

An immutable backup is a backup that cannot be altered, deleted, or overwritten for a defined period of time — even by administrators.

Why immutability matters

  • Ransomware often targets backups first

  • Attackers try to delete or encrypt backup data

  • Immutable backups prevent this

Think of immutability as:

A locked vault with a timer — even IT can’t delete it early.

Immutable backups protect the backup data itself, but they still:

  • Only contain what was captured at backup time

  • Cannot recover data that never made it into a backup

What backups do (and don’t) guarantee

Backups DO provide:

  • A recovery path after incidents

  • Protection against many common failures

  • Business continuity options

Backups DO NOT guarantee:

  • Zero data loss

  • Recovery of data never backed up

  • Undo for every administrative action

  • Protection against every possible scenario

This is why backups are part of a broader strategy, not a standalone solution.

Our recommendation

We recommend a layered backup approach that includes:

  • Image-based backups for critical systems

  • File-level backups for important data

  • Dedicated backups for Microsoft 365 (OneDrive and SharePoint)

  • Immutable backups to protect against ransomware

We also emphasize clear expectations:

  • Backups reduce risk — they do not eliminate it

  • Not all data is recoverable in all scenarios

  • Prevention, awareness, and careful handling of data still matter

If you’d like to review what is backed up in your environment, how often backups run, or what recovery scenarios are covered, we’re happy to walk through it with you.

Al Davis