--- title: IT Resilience date: 2026-04-23T14:58:00+02:00 author: Hannes Heckel canonical_url: "https://www.fast-lta.de//en/blog/it-resilience" section: Pillar Pages --- [1. 1. What does IT resilience mean?](#1-what-does-it-resilience-mean)[1. 2. The five pillars of IT resilience](#2-the-five-pillars-of-it-resilience)[1. 3. Cyber resilience: When prevention is not enough](#3-cyber-resilience-when-prevention-is-not-enough)[1. 4. Business continuity and disaster recovery](#4-business-continuity-and-disaster-recovery)[1. 5. The role of backup architecture](#5-the-role-of-backup-architecture)[1. 6. NIS2 and critical infrastructure](#6-nis2-and-critical-infrastructure)[1. 7. Resilience maturity](#7-resilience-maturity)[1. 8. Building a resilient IT architecture](#8-building-a-resilient-it-architecture)[1. 9. Frequently asked questions](#9-frequently-asked-questions) ### 1. What does IT resilience mean? [\#](#1-what-does-it-resilience-mean "1. What does IT resilience mean?") IT resilience is the ability of an IT infrastructure to remain operational under adverse conditions, or to restore operability within a defined timeframe. The concept goes beyond classical high availability: availability protects against individual component failures. Resilience protects against scenarios where entire systems, locations, or infrastructure layers fail simultaneously. #### Resilience vs. availability vs. security [\#](#resilience-vs-availability-vs-security "Resilience vs. availability vs. security") ConceptProtection goalTypical scenarioExample measure**Availability**Individual components fail, system keeps runningDisk failure, server failureRAID, clustering, redundancy**Security**Preventing attacksMalware infection, phishingFirewall, EDR, patch management**Resilience**Becoming operational again after total failureRansomware encrypts everything, data center burnsAir-gap backup, DR site, recovery runbookThe critical insight: **Availability and security can fail. Resilience must not fail** — it is the last safety net when all other layers have been breached. #### Why IT resilience is now a board-level priority [\#](#why-it-resilience-is-now-a-board-level-priority "Why IT resilience is now a board-level priority") Three developments make IT resilience an executive responsibility: 1. **Ransomware as an existential threat:** A successful attack can cause weeks to months of operational downtime. Organizations that cannot recover do not survive. 2. **Regulatory pressure:** NIS2, the KRITIS umbrella law, and sector-specific regulation (BAIT, DORA) make resilience a legal obligation — with personal liability for management. 3. **Supply chain dependencies:** A failure at a critical supplier or cloud provider can interrupt entire value chains. Resilience must be considered beyond the organization’s own boundaries. ### Ransomware Ransomware is malware that encrypts data on infected systems and demands a ransom for decryption — with the goal of forcing organizations and public bodies to pay by paralyzing their operations. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/ransomware) ### DORA DORA (Digital Operational Resilience Act, EU 2022/2554) is an EU regulation that has applied to all regulated financial market participants since January 2025, setting concrete requirements for ICT risk management, backup systems (Art. 11 and 12), third-party provider management (Art. 28–30) and incident reporting. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/dora) ### Ransomware Ransomware is malware that encrypts data on infected systems and demands a ransom for decryption — with the goal of forcing organizations and public bodies to pay by paralyzing their operations. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/ransomware) ### DORA DORA (Digital Operational Resilience Act, EU 2022/2554) is an EU regulation that has applied to all regulated financial market participants since January 2025, setting concrete requirements for ICT risk management, backup systems (Art. 11 and 12), third-party provider management (Art. 28–30) and incident reporting. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/dora) [###### Blog Post | 5/4/2026 What Is IT Resilience? Definition and Distinctions IT resilience is the ability of an organization to restore its information systems and critical business processes to a functional state quickly after a disruption. It is not the ability to avoid disruptions: it is the ability to absorb them, deal with them, and recover from them. As cyberattacks grow more frequent and more sophisticated, resilience has become an existential question for every organization.The definition can be made more precise: IT resilience is the combination of **prevention, detection, response, recovery, and continuous adaptation**. It responds to the central insight of modern IT security: not if, but when you become the target of an attack. This posture distinguishes resilience fundamentally from security alone.The concept is frequently confused with two related but distinct terms: **high availability** and **IT security**. A clear distinction is essential.--- [](https://www.fast-lta.de//en/blog/was-ist-it-resilienz-definition-und-abgrenzung "What Is IT Resilience? Definition and Distinctions")](https://www.fast-lta.de//en/blog/was-ist-it-resilienz-definition-und-abgrenzung "What Is IT Resilience? Definition and Distinctions")[###### Blog Post | 5/6/2026 IT Resilience vs. IT Security: Where Is the Difference? This is the central confusion in modern IT practice. Many organizations believe that investments in IT security (firewall, EDR, multi-factor authentication) are sufficient to handle cyberattacks. The data says otherwise: according to the Veeam Ransomware Trends Report 2025, about 7 in 10 organizations were hit by at least one ransomware attack in the preceding year, despite improved defenses, and in 89% of those attacks the adversaries targeted the backup repositories.This reveals the fundamental problem: IT security alone does not provide adequate protection. A solid understanding of the difference between security and resilience is the first step toward a more effective defensive strategy.--- [](https://www.fast-lta.de//en/blog/it-resilienz-vs-it-sicherheit-wo-liegt-der-unterschied "IT Resilience vs. IT Security: Where Is the Difference?")](https://www.fast-lta.de//en/blog/it-resilienz-vs-it-sicherheit-wo-liegt-der-unterschied "IT Resilience vs. IT Security: Where Is the Difference?") ### 2. The five pillars of IT resilience [\#](#2-the-five-pillars-of-it-resilience "2. The five pillars of IT resilience") IT resilience is not a single product or a single measure — it is an architectural principle resting on five pillars. #### Pillar 1: Prevention [\#](#pillar-1-prevention "Pillar 1: Prevention") Preventing attacks and failures where possible. - Patch management and vulnerability management - Endpoint Detection and Response (EDR) - Network segmentation - Zero-trust architecture - Security awareness training **Reality check:** Prevention reduces risk but does not eliminate it. Attackers often remain undetected in networks for weeks, sometimes months — many attacks are only discovered after the damage has already been done. #### Pillar 2: Detection [\#](#pillar-2-detection "Pillar 2: Detection") Identifying attacks and anomalies before maximum damage occurs. - SIEM (Security Information and Event Management) - Network Detection and Response (NDR) - Anomaly detection in backup systems - Log analysis and correlation - 24⁄7 Security Operations Center (SOC) #### Pillar 3: Response (incident response) [\#](#pillar-3-response-incident-response "Pillar 3: Response (incident response)") Acting quickly and in a structured way when an incident occurs. - Incident response plan with defined roles and escalation steps - Communication plan (internal and external) - Forensic analysis capability - Coordination with authorities (BSI, state criminal offices) - Documentation obligations under NIS2 #### Pillar 4: Recovery [\#](#pillar-4-recovery "Pillar 4: Recovery") The most critical pillar: restoring systems and data within an acceptable timeframe. - Multi-tier backup architecture with air-gap layer - Documented Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) - Recovery runbooks for all critical systems - Regular recovery tests (quarterly) - Prioritized recovery sequence **Why recovery is the decisive pillar:** Prevention, detection, and response can fail. Recovery is the point where it is decided whether an organization survives or not. And recovery only works when the data from which you are recovering has not also been compromised. #### Pillar 5: Adaptation [\#](#pillar-5-adaptation "Pillar 5: Adaptation") Learning from incidents and continuously improving resilience. - Post-incident reviews (lessons learned) - Adapting architecture to new threats - Tabletop exercises and simulations - Annual architecture reviews - Exchange in sector CERTs and ISACs ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) ### RTO / RPO RTO (Recovery Time Objective) is the maximum acceptable downtime after an IT failure; RPO (Recovery Point Objective) is the maximum acceptable data loss — both are metrics that must be technically demonstrably met in backup architectures and must not merely be defined as aspirational targets. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/rto-rpo) ### RTO / RPO RTO (Recovery Time Objective) is the maximum acceptable downtime after an IT failure; RPO (Recovery Point Objective) is the maximum acceptable data loss — both are metrics that must be technically demonstrably met in backup architectures and must not merely be defined as aspirational targets. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/rto-rpo) [###### Blog Post | 5/12/2026 The 5 Pillars of IT Resilience: A Practical Framework A robust IT resilience strategy does not rest on a single pillar. It rests on five. Each pillar has specific technologies, processes, and responsibilities. Many organizations invest heavily in Pillar 1 (Prevention) and neglect the other four. That is a classic mistake that leads to vulnerability, and it is also a compliance gap: NIS2 (Directive (EU) 2022/2555) explicitly requires backup management, disaster recovery, and crisis management alongside preventive measures.Here is a practical framework showing what belongs to each pillar and how to implement it.--- [](https://www.fast-lta.de//en/blog/die-5-s%C3%A4ulen-der-it-resilienz-praxis-framework "The 5 Pillars of IT Resilience: A Practical Framework")](https://www.fast-lta.de//en/blog/die-5-s%C3%A4ulen-der-it-resilienz-praxis-framework "The 5 Pillars of IT Resilience: A Practical Framework")[###### Blog Post | 3/3/2026 Creating an Incident Response Plan: Template and Guide An incident response plan (IRP) is the backbone of resilience. It is the document that prepares your organization for a cyberattack before it happens. A well-structured IRP significantly reduces response time and minimizes the extent of damage. Yet many organizations have none, or only an outdated concept that nobody has tested.Under the NIS2 Directive (Directive (EU) 2022/2555), incident handling is an explicit risk management requirement for essential and important entities. Here is a concrete template with 8 required sections that every IR plan must have.--- [](https://www.fast-lta.de//en/blog/incident-response-plan-erstellen-vorlage-und-anleitung "Creating an Incident Response Plan: Template and Guide")](https://www.fast-lta.de//en/blog/incident-response-plan-erstellen-vorlage-und-anleitung "Creating an Incident Response Plan: Template and Guide")[###### Blog Post | 5/27/2026 Recovery Runbook: What Goes in It and Who Maintains It A recovery runbook is not an IT philosophy. It is an operational handbook. It is the document your IT team reaches for during an actual disaster and uses to work through, step by step, how to bring systems back up.A good runbook is specific enough that someone who does not normally maintain the system could still restore it. That is the quality benchmark.--- [](https://www.fast-lta.de//en/blog/recovery-runbook-was-hineingeh%C3%B6rt-und-wer-es-pflegt "Recovery Runbook: What Goes in It and Who Maintains It")](https://www.fast-lta.de//en/blog/recovery-runbook-was-hineingeh%C3%B6rt-und-wer-es-pflegt "Recovery Runbook: What Goes in It and Who Maintains It") ### 3. Cyber resilience: When prevention is not enough [\#](#3-cyber-resilience-when-prevention-is-not-enough "3. Cyber resilience: When prevention is not enough") Cyber resilience is the specialization of IT resilience for cyberattacks. It addresses a specific problem: cyberattacks — in particular ransomware — are designed not only to disrupt individual systems but to destroy the entire recovery capability. #### The ransomware dilemma [\#](#the-ransomware-dilemma "The ransomware dilemma") Modern ransomware specifically targets backup infrastructure. This means: the classical disaster recovery plan, which assumes that backups are intact, no longer works. **The scenario that cyber resilience must solve:** - Production systems: encrypted ✗ - Active Directory: compromised ✗ - Online backup: deleted ✗ - Cloud backup: deleted via compromised IAM credentials ✗ - **Air-gap backup: intact ✓** — was physically unreachable Cyber resilience means: even in the absolute worst case — where an attacker had domain administrator rights and went undetected for weeks — at least one recovery path remains intact. #### The three principles of cyber resilience [\#](#the-three-principles-of-cyber-resilience "The three principles of cyber resilience") **Principle 1: Assume breach** Assume your network will be compromised. Build your recovery architecture to work even then. **Principle 2: Isolated recovery capability** At least one recovery path must be physically separated from the production network — not just logically, not just through software policies, but physically unreachable. **Principle 3: Verified recoverability** A backup that has never been tested is not a recovery plan — it is an assumption. Quarterly recovery tests are the minimum. #### Cyber resilience architecture: Three zones [\#](#cyber-resilience-architecture-three-zones "Cyber resilience architecture: Three zones") ``` Zone 1: Production zone ├── Servers, VMs, databases, applications ├── Network-connected systems └── Attack surface: HIGH Zone 2: Backup zone (network-connected) ├── Primary backup repository ├── Snapshot immutability (supplementary) └── Attack surface: MEDIUM (credentials-reachable) Zone 3: Isolated recovery zone (air gap) ├── Hardware air gap system ├── Only reachable during backup windows ├── No network interface when offline └── Attack surface: MINIMAL ``` **Zone 3 is the cyber resilience insurance:** Even if Zone 1 and Zone 2 are fully compromised, data in Zone 3 remains intact. → [How the hardware air gap works](/en/products/silent-brick-system/) ### IT Resilience IT resilience is the ability of an IT infrastructure to remain functional under adverse conditions — from cyber attacks through hardware failures to natural disasters — or to restore functionality within a defined timeframe so that critical business processes are maintained. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/it-resilience) ### IT Resilience IT resilience is the ability of an IT infrastructure to remain functional under adverse conditions — from cyber attacks through hardware failures to natural disasters — or to restore functionality within a defined timeframe so that critical business processes are maintained. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/it-resilience) ### Air Gap An air gap is the complete physical interruption of all network connections between a backup system and the rest of the IT infrastructure, so that the system has no addressable network interface in its offline state and is therefore unreachable by ransomware and attackers. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/air-gap) [###### Blog Post | 5/8/2026 Cyber Resilience vs. IT Security: Why Both Are Necessary Cyber resilience is not an alternative to IT security. It is a **specialisation of IT resilience, focused on cyberattacks**. The distinction matters, because it shows: you cannot neglect one of the two and hope the other will be sufficient.IT resilience is broad. It covers natural disasters, hardware failures, software bugs, human error, and cyberattacks.Cyber resilience is narrow. It deals specifically with recovery from malicious, intelligent attacks designed to destroy your backups and sabotage your recovery.That makes cyber resilience harder: it requires more layers of defence, because the adversary reacts intelligently. The Veeam Ransomware Trends Report 2025 found that in 89% of ransomware attacks, the attackers went after the backup repositories, and on average about a third of those repositories were modified or deleted.--- [](https://www.fast-lta.de//en/blog/cyber-resilienz-vs-it-sicherheit-warum-beides-n%C3%B6tig-ist "Cyber Resilience vs. IT Security: Why Both Are Necessary")](https://www.fast-lta.de//en/blog/cyber-resilienz-vs-it-sicherheit-warum-beides-n%C3%B6tig-ist "Cyber Resilience vs. IT Security: Why Both Are Necessary")[###### Blog Post | 5/21/2026 Assume Breach: The Design Principle That Changes Your Architecture "Assume Breach" is not just a security slogan. It is a fundamental design principle that reshapes the entire architecture of an organization. Think it through consistently, and you have to rebuild parts of your IT.The concept is simple: **not if, but when will your organization be attacked and compromised?**This is not pessimism. The data is unambiguous: in the Veeam Ransomware Trends Report 2025, roughly 7 in 10 organizations reported at least one ransomware attack in the preceding year, despite improved defenses. For exposed industries (financial services, healthcare, manufacturing), the question is realistically only: when?--- [](https://www.fast-lta.de//en/blog/assume-breach-das-designprinzip-das-ihre-architektur-ver%C3%A4ndert "Assume Breach: The Design Principle That Changes Your Architecture")](https://www.fast-lta.de//en/blog/assume-breach-das-designprinzip-das-ihre-architektur-ver%C3%A4ndert "Assume Breach: The Design Principle That Changes Your Architecture")[###### Blog Post | 5/25/2026 Isolated Recovery Environment: Building a Protected Recovery Zone An Isolated Recovery Environment (IRE), sometimes called a cleanroom, is not a single device. It is an infrastructure zone that is completely isolated from the production network. It is the place where you restore, verify, and clean compromised systems before returning them to production.Without an IRE, recovery in a compromised network is a gamble: the restored server gets reinfected before you can use it.--- [](https://www.fast-lta.de//en/blog/isolated-recovery-environment-aufbau-einer-gesch%C3%BCtzten-recovery-zone "Isolated Recovery Environment: Building a Protected Recovery Zone")](https://www.fast-lta.de//en/blog/isolated-recovery-environment-aufbau-einer-gesch%C3%BCtzten-recovery-zone "Isolated Recovery Environment: Building a Protected Recovery Zone") ### 4. Business continuity and disaster recovery [\#](#4-business-continuity-and-disaster-recovery "4. Business continuity and disaster recovery") #### Business Continuity Management (BCM) [\#](#business-continuity-management-bcm "Business Continuity Management (BCM)") Business Continuity Management is the organizational framework within which IT resilience operates. BCM defines: - **Critical business processes:** Which processes must be restored first? - **Maximum Tolerable Downtime (MTD):** How long can a process be unavailable before the organization suffers existentially threatening damage? - **Business Impact Analysis (BIA):** What financial, operational, and reputational damage occurs per hour of downtime? #### RTO and RPO: The two metrics that determine everything [\#](#rto-and-rpo-the-two-metrics-that-determine-everything "RTO and RPO: The two metrics that determine everything") MetricMeaningExampleDetermined by**RTO** (Recovery Time Objective)Maximum acceptable downtime4 hours: ERP systemBusiness requirement**RPO** (Recovery Point Objective)Maximum acceptable data loss1 hour: transaction dataBackup frequency**The most common mistake:** RTO and RPO are defined but never tested against the actual backup architecture. An RTO of 4 hours is worthless if an actual restore takes 48 hours. #### Disaster recovery: The plan for worst case [\#](#disaster-recovery-the-plan-for-worst-case "Disaster recovery: The plan for worst case") A disaster recovery plan documents exactly how systems are restored after a total failure. It must contain the following elements: 1. **Trigger criteria:** When is the DR plan activated? 2. **Roles and responsibilities:** Who decides, who acts? 3. **Recovery sequence:** Which systems first? 4. **Technical recovery steps:** Step-by-step instructions per system 5. **Communication plan:** Who is informed when and how? 6. **Success criteria:** How do we know recovery is complete? **Critical:** The DR plan must be available offline — printed, in a safe. If your IT infrastructure is compromised, your SharePoint folder with the DR plan may not be accessible either. #### Typical RTO values by backup architecture [\#](#typical-rto-values-by-backup-architecture "Typical RTO values by backup architecture") SystemTarget RTO (typical)RTO with online backupRTO with hardware air gapActive Directory1 – 2 hours1 hour2 – 4 hoursERP system4 hours2 hours4 – 8 hoursEmail system4 hours1 hour4 – 6 hoursFile server (10 TB)8 hours4 hours6 – 10 hoursFull environment24 hours8 hours\*12 – 24 hours*\*Online backup: RTO only achievable if backup was not compromised — no guarantee in a ransomware attack.* ### Business Continuity Management Business Continuity Management (BCM) is the organizational framework that ensures critical business processes can be maintained or restored within defined timeframes even during severe IT failures, cyber attacks or other crises. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/business-continuity-management) ### Business Continuity Management Business Continuity Management (BCM) is the organizational framework that ensures critical business processes can be maintained or restored within defined timeframes even during severe IT failures, cyber attacks or other crises. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/business-continuity-management) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) [###### Blog Post | 6/4/2026 Creating a Business Continuity Plan: Guide for IT Leaders A Business Continuity Plan (BCP) is not just an IT document. It is the written strategy for how an organization maintains (or quickly restores) its critical business processes when a disruption occurs. A cyberattack, a natural disaster, a building failure: the BCP covers all of it.Many IT leaders confuse the BCP with a DR Plan (Disaster Recovery Plan). That is a mistake. The DR Plan is technical (how do we bring systems back up?). The BCP is business-oriented (which processes are critical, and how long can they be down?).--- [](https://www.fast-lta.de//en/blog/business-continuity-plan-erstellen-leitfaden-f%C3%BCr-it-leiter "Creating a Business Continuity Plan: Guide for IT Leaders")](https://www.fast-lta.de//en/blog/business-continuity-plan-erstellen-leitfaden-f%C3%BCr-it-leiter "Creating a Business Continuity Plan: Guide for IT Leaders")[###### Blog Post | 6/1/2026 Defining RTO and RPO Correctly: A Practical Guide RTO (Recovery Time Objective) and RPO (Recovery Point Objective) are the most critical metrics in any resilience strategy. They answer two questions:- **RTO:** How long can my system be down? - **RPO:** How much data loss can I tolerate?The problem: many organizations "estimate" RTO/RPO based on gut feeling or IT tradition. That is the wrong approach. RTO/RPO must be derived from a **Business Impact Analysis (BIA)**, not the other way around. The BIA-first approach is also what the relevant standards expect: ISO 22301 builds the entire BCM system on it, and NIS2 (Directive (EU) 2022/2555) requires risk-based backup management and disaster recovery.--- [](https://www.fast-lta.de//en/blog/rto-und-rpo-richtig-definieren-praxisanleitung "Defining RTO and RPO Correctly: A Practical Guide")](https://www.fast-lta.de//en/blog/rto-und-rpo-richtig-definieren-praxisanleitung "Defining RTO and RPO Correctly: A Practical Guide")[###### Blog Post | 6/3/2026 Disaster Recovery Test: How to Test Your DR Plan A DR plan that has never been tested is fiction. This is not an overreaction. It is IT reality. Backups that have not been tested often cannot be restored. Recovery runbooks that have never been rehearsed contain countless errors. RTOs that have never been measured are guesswork.The good news: regular DR tests are not impossible. There are three practical methods, varying in effort and depth.--- [](https://www.fast-lta.de//en/blog/disaster-recovery-test-so-testen-sie-ihren-dr-plan "Disaster Recovery Test: How to Test Your DR Plan")](https://www.fast-lta.de//en/blog/disaster-recovery-test-so-testen-sie-ihren-dr-plan "Disaster Recovery Test: How to Test Your DR Plan") ### 5. The role of backup architecture [\#](#5-the-role-of-backup-architecture "5. The role of backup architecture") #### Backup as the foundation of resilience [\#](#backup-as-the-foundation-of-resilience "Backup as the foundation of resilience") The backup architecture is the technical foundation of every resilience strategy. Without intact backups, there is no recovery — and without recovery, there is no resilience. #### The multi-tier reference architecture [\#](#the-multi-tier-reference-architecture "The multi-tier reference architecture") A resilient backup architecture works in tiers — each tier addresses a different risk scenario: **Tier 1 — Primary backup (online)** - Network-connected backup repository - Function: Fast recovery of individual files and VMs - RPO: 1 – 4 hours | RTO: < 1 hour - Risk: Credentials-reachable — potentially compromised by ransomware **Tier 2 — Air-gap layer (physically isolated)** - Hardware air gap system (e.g. Silent Brick System) - Function: Ransomware-resistant recovery of entire systems - RPO: 24 hours | RTO: 4 – 8 hours - Risk: Minimal — physically unreachable outside backup windows **Tier 3 — Long-term archive (WORM)** - Immutable archive (e.g. Silent Cubes) - Function: Audit-proof long-term retention, historical recovery - RPO: 7 days | RTO: 8 – 24 hours - Risk: Very low — written data physically immutable **Tier 4 — Geographic redundancy** - Off-site replication to a second location - Function: Protection against site-wide disasters - RPO: 4 – 24 hours | RTO: 4 – 24 hours #### Why the air-gap layer is decisive [\#](#why-the-air-gap-layer-is-decisive "Why the air-gap layer is decisive") In a ransomware situation, Tier 1 (online backup) and Tier 4 (cloud replication) are potentially compromised — both are network-reachable. Tier 3 (WORM) protects archive data but not necessarily current backup generations. **Tier 2 — the air-gap layer — is the resilience insurance:** It contains current backup data that was physically unattackable. → [Silent Brick System: Air-gap backup](/en/products/silent-brick-system/) → [Silent Cubes: WORM archiving](/en/products/silent-cubes/) ### WORM WORM (Write Once, Read Many) refers to a storage principle in which data is written once and can technically no longer be altered or deleted — in hardware WORM, this immutability is a physical property of the storage controller, independent of software, operating system or user privileges. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/worm) ### WORM WORM (Write Once, Read Many) refers to a storage principle in which data is written once and can technically no longer be altered or deleted — in hardware WORM, this immutability is a physical property of the storage controller, independent of software, operating system or user privileges. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/worm) ### WORM WORM (Write Once, Read Many) refers to a storage principle in which data is written once and can technically no longer be altered or deleted — in hardware WORM, this immutability is a physical property of the storage controller, independent of software, operating system or user privileges. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/worm) ### Ransomware Ransomware is malware that encrypts data on infected systems and demands a ransom for decryption — with the goal of forcing organizations and public bodies to pay by paralyzing their operations. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/ransomware) [###### Blog Post | 3/20/2026 Multi-Tier Backup Architecture: Best Practices 2026 The idea that "backup = one copy on external hardware" is sufficient is no longer defensible in 2026. Ransomware attacks backups just as aggressively as production systems: the Veeam Ransomware Trends Report 2025 found that 89 percent of attacks targeted backup repositories. A modern backup architecture requires multiple tiers that are isolated from each other and offer different trade-offs between performance, cost, and security.The 4-tier model is the practical standard for cyber resilience, and it maps directly onto what the NIS2 Directive (Directive (EU) 2022/2555) demands: backup management, disaster recovery, and crisis management as mandatory risk measures.--- [](https://www.fast-lta.de//en/blog/mehrstufige-backup-architektur-best-practices-2026 "Multi-Tier Backup Architecture: Best Practices 2026")](https://www.fast-lta.de//en/blog/mehrstufige-backup-architektur-best-practices-2026 "Multi-Tier Backup Architecture: Best Practices 2026")[###### Blog Post | 4/3/2026 Air Gap as a Resilience Layer: Why Tier 2 Decides Everything A common strategy is: "We have online backups (Tier 1) and cloud copies (Tier 4). That is enough." This is a critical mistake that sets you up to fail against ransomware attacks.Why? Because both Tier 1 and Tier 4 are network-connected. An attacker with sufficient access can compromise both.Tier 2 (air gap) is the only layer protected by physical isolation.--- [](https://www.fast-lta.de//en/blog/air-gap-als-resilienz-layer-warum-tier-2-%C3%BCber-alles-entscheidet "Air Gap as a Resilience Layer: Why Tier 2 Decides Everything")](https://www.fast-lta.de//en/blog/air-gap-als-resilienz-layer-warum-tier-2-%C3%BCber-alles-entscheidet "Air Gap as a Resilience Layer: Why Tier 2 Decides Everything") ### 6. NIS2 and critical infrastructure: Resilience as a legal obligation [\#](#6-nis2-and-critical-infrastructure-resilience-as-a-legal-obligation "6. NIS2 and critical infrastructure: Resilience as a legal obligation") #### NIS2 Directive: Resilience is no longer a recommendation [\#](#nis2-directive-resilience-is-no-longer-a-recommendation "NIS2 Directive: Resilience is no longer a recommendation") The NIS2 Directive and the NIS2 transposition law make IT resilience a legal obligation for thousands of organizations. §30 BSIG-new specifically requires: NIS2 requirement (§30 BSIG-new)Resilience measureBackup management and recoveryMulti-tier backup architecture with defined RTO/RPOCrisis managementDR plan with roles, escalation, communicationSupply chain securityAssessment of backup hardware and software vendorsIncident handlingIncident response plan with forensic capabilityBusiness continuityBIA, BCM plan, regular testing#### Personal liability of management [\#](#personal-liability-of-management "Personal liability of management") NIS2 tightens liability: managing directors and board members are personally liable for ensuring that appropriate risk management measures are implemented. ​“We did not know” is not a defense — the NIS2 transposition law requires management to inform themselves regularly about the cybersecurity situation and to approve measures. #### KRITIS umbrella law: Physical and IT resilience converge [\#](#kritis-umbrella-law-physical-and-it-resilience-converge "KRITIS umbrella law: Physical and IT resilience converge") The KRITIS umbrella law extends the resilience concept to physical security. For critical infrastructure operators, this means: IT resilience and physical resilience must be planned together. A data center requires not only ransomware protection but also protection against power failure, flooding, and physical access. #### What auditors will check [\#](#what-auditors-will-check "What auditors will check") Affected entities must expect audits. Typical checkpoints in the area of resilience: - \[ \] Is a documented data backup concept in place? (BSI CON.3) - \[ \] Are RTO/RPO documented per system and verified through tests? - \[ \] Is a physically separated (air-gapped) backup in place? - \[ \] Are recovery tests conducted regularly and documented? - \[ \] Is a DR plan with defined roles and communication paths in place? - \[ \] Is the DR plan available offline (printed, in a safe)? - \[ \] Are backup systems managed with separate administrator accounts? - \[ \] Is management informed about the resilience measures? ### KRITIS (Critical Infrastructure) KRITIS refers to organizations and facilities whose failure or impairment would cause significant supply shortages or threats to public safety — KRITIS operators are subject to heightened IT security requirements under §8a of the German BSI Act and must demonstrate compliance to the BSI every two years. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/kritis-critical-infrastructure) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) [###### Blog Post | 1/13/2026 NIS2 and IT Resilience: What the Directive Specifically Requires Directive (EU) 2022/2555 (NIS2) applies across the EU. Member states had to transpose it by 17 October 2024; Germany, for example, did so with the NIS2UmsuCG, in force since 6 December 2025 and without a general transition period. For organisations in scope, NIS2 demands more than cybersecurity controls: Article 21 explicitly requires **IT resilience**, meaning the proven ability to keep operating and to recover after an incident.This is not a checkbox exercise. It is governance with personal consequences for management, which must approve the measures, oversee their implementation, and attend training.--- [](https://www.fast-lta.de//en/blog/nis2-und-it-resilienz-was-das-gesetz-konkret-fordert "NIS2 and IT Resilience: What the Directive Specifically Requires")](https://www.fast-lta.de//en/blog/nis2-und-it-resilienz-was-das-gesetz-konkret-fordert "NIS2 and IT Resilience: What the Directive Specifically Requires")[###### Blog Post | 1/21/2026 Personal Liability Under NIS2: What Executives Need to Know This is uncomfortable but important: under NIS2, cybersecurity is explicitly a management duty, and breaching it can cost executives personally. Article 20 of Directive (EU) 2022/2555 requires the management body to approve the cybersecurity risk management measures, oversee their implementation, and attend training. Member states must ensure that management can be held liable for infringements of these duties. National implementation acts spell this out; in Germany, for example, the amended BSIG makes executives liable towards their own company for culpable breaches of these duties, and that claim targets personal assets. This article explains how the liability works across the EU and what executives can do to minimise it. --- [](https://www.fast-lta.de//en/blog/personal-liability-under-nis2 "Personal Liability Under NIS2: What Executives Need to Know")](https://www.fast-lta.de//en/blog/personal-liability-under-nis2 "Personal Liability Under NIS2: What Executives Need to Know") ### 7. Resilience maturity: Where does your organization stand? [\#](#7-resilience-maturity-where-does-your-organization-stand "7. Resilience maturity: Where does your organization stand?") #### The resilience maturity model [\#](#the-resilience-maturity-model "The resilience maturity model") Use this model for self-assessment. Where does your organization fit? **Level 1 — Reactive (unprepared)** - No documented DR plan - Backups exist but are never tested - RTO/RPO not defined - No incident response process - *Risk: Existentially threatening in a ransomware attack* **Level 2 — Basic (partially prepared)** - DR plan exists but is outdated - Backups run, but recovery tests are rare - RTO/RPO defined but not verified - Backup systems managed with production credentials - *Risk: Weeks to months of downtime possible* **Level 3 — Defined (structured preparation)** - Current DR plan with defined roles - Regular backups with occasional recovery tests - RTO/RPO documented and reflected in backup architecture - Network segmentation in place - *Risk: Days to weeks of downtime in a ransomware attack* **Level 4 — Managed (resilient)** - Multi-tier backup architecture with air-gap layer - Quarterly recovery tests with documented results - Separate administrator accounts for backup systems - Incident response plan with regular exercises - DR plan available offline - *Risk: Hours to days of downtime — controllable* **Level 5 — Optimized (cyber-resilient)** - Automated hardware air gap with verified recovery - Cyber resilience architecture with isolated recovery zone - Annual tabletop exercises and red team tests - Continuous improvement after every incident - NIS2/KRITIS-compliant with full documentation - *Risk: Controlled — recovery within defined timeframes demonstrated* #### Where most organizations stand [\#](#where-most-organizations-stand "Where most organizations stand") Based on our experience from over 2,500 installations, most German organizations are at **Level 2 or 3** — they have backups and basic processes, but no demonstrated recovery capability when a ransomware attack also hits the backup infrastructure. The jump from Level 3 to Level 4 — introducing an air-gap layer and regular recovery tests — is the single most impactful step to increase IT resilience. ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) ### Air Gap An air gap is the complete physical interruption of all network connections between a backup system and the rest of the IT infrastructure, so that the system has no addressable network interface in its offline state and is therefore unreachable by ransomware and attackers. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/air-gap) ### IT Resilience IT resilience is the ability of an IT infrastructure to remain functional under adverse conditions — from cyber attacks through hardware failures to natural disasters — or to restore functionality within a defined timeframe so that critical business processes are maintained. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/it-resilience) [###### Blog Post | 5/15/2026 IT Resilience Maturity: Self-Assessment for IT Leaders Most organizations do not know where they stand on the resilience maturity scale. They say "We have backups," but that could mean anything: from "someone sporadically copies data to a USB stick" to "a professional 4-tier backup architecture with quarterly tests."A maturity model in the style of the Capability Maturity Model (CMM) helps. It defines 5 maturity levels for IT resilience. Use these questions to assess where you stand, and where the most impactful next step is. Maturity evidence also matters for compliance: NIS2 (Directive (EU) 2022/2555) expects demonstrable backup management and disaster recovery, and DORA requires financial entities to test their resilience.--- [](https://www.fast-lta.de//en/blog/resilienz-reifegrad-messen-selbstbewertung-f%C3%BCr-it-leiter "IT Resilience Maturity: Self-Assessment for IT Leaders")](https://www.fast-lta.de//en/blog/resilienz-reifegrad-messen-selbstbewertung-f%C3%BCr-it-leiter "IT Resilience Maturity: Self-Assessment for IT Leaders") ### 8. Building a resilient IT architecture [\#](#8-building-a-resilient-it-architecture "8. Building a resilient IT architecture") #### The 10-point plan for IT resilience [\#](#the-10-point-plan-for-it-resilience "The 10-point plan for IT resilience") No.MeasurePriorityTimeframe1Conduct Business Impact AnalysisCritical2 weeks2Define RTO/RPO per critical systemCritical1 week3Introduce air-gap layer in backup architectureCritical4 – 8 weeks4Create recovery runbooks for all critical systemsHigh2 – 4 weeks5Set up separate backup administrator accountsHigh1 week6Establish quarterly recovery testsHighOngoing7Create and practice incident response planHigh2 – 4 weeks8Make DR plan available offlineMedium1 day9Document BSI CON.3 data backup conceptMedium2 weeks10Annual architecture reviews and tabletop exercisesMediumOngoing#### Quick wins: What you can do this week [\#](#quick-wins-what-you-can-do-this-week "Quick wins: What you can do this week") 1. **Create a backup inventory:** List all backup systems. For each: could an attacker with admin credentials delete it? If yes — it is at risk. 2. **Find out when the last recovery test was:** When was the last complete restore tested? If the answer is ​“never” or ​“over a year ago” — critical gap. 3. **Print the DR plan:** If your DR plan only exists digitally, print the most critical sections and place them in a safe. 4. **Request a resilience assessment:** Have your architecture assessed by an outside perspective — fresh eyes see gaps that routine overlooks. → [Request a free resilience assessment](/en/contact/) → [View reference architecture](/en/solutions/data-protection/) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) ### Disaster Recovery Disaster recovery refers to the structured processes and technical measures that ensure IT systems can be restored within defined timeframes (RTO) with maximum data loss (RPO) after a severe failure — ransomware attack, hardware failure or data center outage. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/disaster-recovery) #### What is the difference between IT resilience and IT security? IT security aims to prevent attacks. IT resilience ensures that the organization can become operational again after a successful attack. Security is a subset of resilience — resilience additionally encompasses recovery, business continuity, and adaptability. #### Does every organization need an air-gap layer? Every organization with real ransomware risk benefits from an air-gap layer. For NIS2-affected organizations and critical infrastructure operators, physically isolated backup is in practice a regulatory obligation. ### KRITIS (Critical Infrastructure) KRITIS refers to organizations and facilities whose failure or impairment would cause significant supply shortages or threats to public safety — KRITIS operators are subject to heightened IT security requirements under §8a of the German BSI Act and must demonstrate compliance to the BSI every two years. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/kritis-critical-infrastructure) ### NIS2 The NIS2 Directive (EU 2022/2555) is an EU regulation that obliges essential and important entities to implement specific cybersecurity measures — including demonstrable backup management, crisis management and reporting obligations — with personal liability for management bodies in case of non-compliance. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/nis2) #### What does IT resilience cost? The cost of a resilient architecture is a fraction of an uncontrolled outage. According to Bitkom 2024, a ransomware attack causes an average of EUR 5.3 million in damage (estimate based on aggregated total damage figures). An air-gap backup solution costs a fraction of that depending on capacity — and reduces downtime from weeks to hours. #### How often should recovery tests be conducted? Quarterly recovery tests of critical systems are the minimum — recommended by both BSI (CON.3.A11) and NIS2 requirements. Additionally, a complete recovery test of all critical systems with timing against RTO targets should be conducted annually. ### NIS2 The NIS2 Directive (EU 2022/2555) is an EU regulation that obliges essential and important entities to implement specific cybersecurity measures — including demonstrable backup management, crisis management and reporting obligations — with personal liability for management bodies in case of non-compliance. [Mehr erfahren →](https://www.fast-lta.de//en/glossary/nis2) #### Can resilience be measured? Yes. The most important measurable metrics are: (1) RTO — measured in the recovery test, not estimated; (2) RPO — actual data loss in the recovery test; (3) backup success rate — share of successful backup jobs; (4) recovery success rate — share of successful restore tests; (5) Time to Detect (TTD) and Time to Respond (TTR) for incidents. #### What does NIS2 specifically require for IT resilience? §30 BSIG-new requires: backup management and recovery, crisis management, business continuity, incident handling, supply chain security, and vulnerability management. Management is personally liable for implementation. Fines: up to EUR 10m or 2% of global annual revenue.