The ultimate "Convince my boss" Guide for backups!
You're in charge of defining what backup solution to use, and we'll help you convince whoever signs at the bottom!
The Elevator Pitch
- You're working in a startup, a SaaS maybe, a marketplace, in any case you're dealing with databases, code, and a lot of data.
Well, why would you need a backup solution?
You have configured your AWS daily backups, and even-though it cost you a lot of sweat it's now running so, no need right...?
Well it depends.
Do you know if you backups are really running?
Have you checked if you can restore them?
I guess someone from your team is regularly testing these backups .. right?
Btw, do you know if restoring them means restoring your whole server, must be documented... right?
Also, have you considered what would happen if your AWS account was compromised?
What if your lead dev, leaves the company and you need to restore a backup?
Ever heard about RansomWare?
Are you GDPR compliant? What about your backups?
Did Marco tell you that the next ISO certification renewal is in 2 weeks?
Do you have the proper documentation and logs for your security audit?
What if I told you, you could check all of these marks with a single solution?
Well, you may want to consider a Backup-as-a-Service (BaaS) solution.
Run your backups exactly when you want, store them in multiple locations cross-providers.
Get notified on any channels when something goes wrong, and have a clear and documented process.
Have a sharable dashboard with all your backups, and a clear audit trail for you, your team and your customers if needed.
Tell your team you can trigger your backup from a simple trigger URL or even embed it in their CI system and see what a smiling tech team can do!
And most importantly, have a solution that will help you sleep at night, knowing that your data is safe and that you can recover it in a few clicks, without required a doctorate in AWS UX.
Ding, 7th floor, have a good day.
Why do you need a backup solution?
- Understand the threats and the risks you're facing
- Human error: Nearly 40% of data loss is caused by human mistakes—accidental deletions, misconfigurations, or overwriting important files. Without backups, these errors can lead to permanent data loss and costly downtime.
- Technical issues: Hardware failures and software glitches are responsible for about 45% of unplanned downtime, leading to data corruption or loss. A reliable backup ensures quick recovery and minimizes disruption.
- Ransomware: Ransomware attacks surged by 93% in 2023, with businesses facing days or even weeks of downtime. Backups can prevent paying ransom and ensure you recover data without delays.
- Cyber Attack: Cyberattacks target vulnerabilities to steal or destroy data. With regular backups, you can restore your systems quickly and avoid major financial or operational damage.
- Service Outage: Cloud or SaaS platform outages are unpredictable and can leave you without access to critical data. Local or alternative backups guarantee you stay operational, even during service interruptions.
- Why you need to backup your data (per data type)
- Select the type of data you're willing to backup, and we'll provide you with a list of reasons why we think you should back them up on top of the general reasons mentioned above.
Why you should backup your "Managed Databases"
Managed databases are, by definition, managed by a third-party provider. This is beneficial because you gain access to services that typically require a DevOps or DBA specialist, such as instance scaling, security patching, and even basic backup procedures.
However, these solutions alone won't fully protect you from human error, accidental deletion, data corruption, ransomware, or other cyberattacks.- ✅ Own your backups, store them in a separate location
- ✅ Run backups when you need
- ✅ Restore on any provider
- ✅ Be Data-Security Compliant
Why you should backup your "GIT Data"
Despite GIT provider's (GitHub, GitLab, BitBucket, Gitea...) reliability, there are several reasons why maintaining your own backups is essential:
- ✅ Accidental Deletion: Human error can lead to accidental deletions of repositories or branches.
- ✅ Repository Corruption: Though rare, data corruption can occur.
- ✅ Service Downtime: GitHub could experience outages that temporarily limit access to your code.
- ✅ Compliance and Auditing ❗️: Certain industries and projects require regular backups for compliance purposes.
Why you should backup your "Storage" (S3, Object Storage...)
What if your cloud provider has an outage? What if your account is compromised? Well, the best thing you can have in this situations is another Storage that already contains the replicated information form your main storage.
It's then really easy to update your application to point to that secondary storage and avoid any downtime.- ✅ Plug-and-play providers approach
- ✅ Data Migration
- ✅ Be Data-Security Compliant
Why you should backup your "SaaS Applications" (Notion, Knack, ..)
Let's address the elephant in the room: SaaS applications are reliable, secure, and the providers have a strong track record of uptime.
Still, when it comes to backup, their policies is systematically around dealing with outage they may face, not the data you may lose.
Ransomware, accidental deletion, account compromise, are all too common and if your business relies on these applications, you need to have a plan B.
And losing data in a SaaS application is a real thing, and it's not a matter of "if" but "when". Accounts get compromised, a credit card expires and an account is suspended (...).
It's crucial to own your data, not matter what happens.- ✅ Own your data
- ✅ Data pipeline (transfer SaaS data to other systems)
- ✅ Be Data-Security Compliant
- Assess how your data is secured, today
While a backup solution, helps you configuring your backups, making sure these backups are reliable, resilient and that you know how to restore them (...), all of this can also be achieved without the help of a solution.
This means that no matter the option you pick, you'll have to make sure you have a proper Disaster Recovery Plan in place.Backup Strategy:
- List all your critical assets
- For each, define the frequency these data have to be backed up
- Define where these backups have to be stored (Multi-Storage, 3-2-1 strategy ...)
- Automated these backups schedules
Backup Reliability:
- Can you confirm your backups are well running?
- How do you mitigate the risk of backup corruption/anomaly?
- Can the backup strategy be easily controller by other people from the team?
Recovery Strategy:
- Define your RTO (Recovery Time Objective)
- Define the list of who should be able to restore your backups
- Document the Backup Recovery process
- Test your Backup Recovery frequently
✅ If you can confirm all the above are in place, you're good to go, if not, you may want to consider a solution that will help you with all of this.
Data Loss
Cyber Threat
Service Outage
Understand what Backup-as-a-Service (BaaS) is and why you might need it?
- What are the alternative backup solutions?
- There are 3 main alternatives to BaaS Solutions:
1. On-premise Solutions
Many backups solutions often tailored for MSP, like VEEAM, allow you to configure backups for most systems. It can be great for MSP dealing with the infrastructure of many (100+) customers and having strong in-house DevOPS team that know about these solutions.
These solutions usually also integrate backups for personal computers and most common company softwares (MS365...). This won't be a self-served, setup in no time and with clear and transparent pricing options though. It will require the help of a consultant or a in-house devops team to maintain it.- ⚠️ Complicated setup
- ⚠️ Requires third party experts to setup and maintain
2. Custom Solution
While backups may sound easy, there's an iceberg situation here. For some backup types, like a basic MySQL small database it may be easy to setup a shell script and configure a CRON to automate it but it's not something you can rely on in a production environment. If you have the resources to build it in-house, you'll have to tackle topics like:- Storing Backup on external Storages and Multi-cloud resiliency
- Backup Rotation Mechanisms
- Notifications and reporting in case something goes wrong
- Team access
- Easy to access reports, for auditing
- Encryption, and overall data-security
- Version updates and security patches
- ...
- ⚠️ Requires maintenance
- ⚠️ Is rarely tested
- ⚠️ Lacks essential features allowing to trust backups and disaster recovery plan
3. Cloud Provider Built-in Solution
You'll find most Cloud Provider offering built-in backups solutions for most of their services. Most will offer things like automatic daily server Snapshots and some will offer more advanced services backups like managed database backups. While this is a convenient solution, it's a red flag for every Disaster Recovery Plan and here are a few reasons why:- If the IaaS has an outage, so does your backups
- If your IaaS account is compromised, your backups are compromised as well
- This is a single point of failure, ideal for ransomware scenario
- IaaS never offers flexible scheduling options
- IaaS per definition do not offer multi-cloud solution
- IaaS do not offer granular backups, but usually a very generic backup, that will require a full system restore
- Lack of cost optimization (because backups are bound to the same provider)
- ...
- ⚠️ Cannot be trusted for data-safety (backups centralised with data)
- ⚠️ Lacks granularity (need to run at specific time...)
- ⚠️ Backups are not "owned" by you
- What are the key features you should be looking for in a BaaS solution?
Multi-Cloud Backups
Serverless Solution
Encryption & Compliance
Alerts & Anomaly Detections
Provider Agnostic Solution
Built-in Backup Restore
Human Support
No code, no maintenance
Backup Management Interface
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.
Disaster Recovery
Worry-free backup recovery with clear steps and automation: anyone in your team can restore your data at any time.
No guessing, pick a backup and restore it in a few clicks.
No Maintenance
Backups is critical, know when something fails, be ready for version updates without maintenance, nor code.
Compliance & Audit ready
We got you covered with our compliance dashboard and audit exports helping you getting GDPR, HIPAA, SOC2, ISO 27001 compliant smoothly.
SimpleBakcups provides all the tools and documentation you need to pass your audits.
Alerts & Detections
Backups have to be monitored constantly and you need to know when something goes wrong.Built-in advanced notifications, anomaly detection, and reporting.
Security Built-in
Keeping your backups secured is an essential aspect of your DR plan.Built-in end-to-end Encryption, Private keys handling, SSL, MFA for all your backups.
API & Automation
Automate your backups using our API and automation end-points to integrated backups in your development process.
Your obligations when it comes to backup
- The case for Agencies and Development Shops
- As a service agency (digital agency, development studio, etc.), your clients trust you to protect what you've built for them, along with the data generated through these projects.
Whether infrastructure and hosting are part of your offering or not, you need to manage or configure the necessary tools to ensure their data is secure—an industry standard.
By using a Backup-as-a-Service (BaaS) solution, you can configure all your projects' backups from a single interface, granting access to the customers who need it while keeping everything private and secure. You can also provide your customers with access to a simplified "Disaster Recovery and Compliance Dashboard," allowing them to monitor their backup activity and access all required compliance reporting. - The case for SaaS and Tech teams
- In the case of SaaS companies, or tech teams dealing with the development of products supporting a business, you probably have some sort of backup mechanism in place.
If you don't, you should,.. period!
In too many case, these things are handled by the in-house development team, which knows how to configure and run backups of the system they've built. And that's usually great, until it's really tested.
Your obligations as a tech-lead in your company is to guarantee that your systems run smoothly, and that the data generated via your systems is safe and secure.
It's not about having a script, configured to run every night, it's about ensuring that the data is safe, and that your team can recover it.
Practically, it means you have to:- Create backups scripts/routines
- Have monitoring systems in place alerting you of any anomalies
- Have the system documented, accessible by the entire team
- Regular tests
- Data Security, and compliance regulations with Backups
- A reliable BaaS must ensure all data is secured using end-to-end encryption, ensuring it remains private and tamper-proof throughout the entire backup process.
Additionally, compliance with data protection regulations such as GDPR, ISO 27001, HIPAA, SOC2, and other industry standards will require you to have Disaster Recovery plan in place.
SimpleBackups helps you stay compliant by providing secured backups, audit logs, and customizable data retention policies, ensuring your business meets regulatory requirements without added complexity.
This means you not only protect your data but also reduce legal and financial risks associated with non-compliance.
Data Security with SimpleBackups
- Encryption, in transit, at rest
- At SimpleBackups we're focusing on providing the most secure and transparent backup solution, and that's why we've built a "security-first" page that documents every data we deal with and how we deal with it.
![simple backups database backup flowchart]()
Your Backup configurations
Depending on backup types, SimpleBackups will require you to input different kinds of credentials in order to be able to run your backup.
All of these data are systematically encrypted and securely stored using a rotating key.
On top of that, you don't have to provide root access to SimpleBackups, in face we recommend against it. Root access is always something to avoid, and we've built our solution to be able to backup your data without it and by requiring the least possible permissions from you.
ℹ️ Some backup types also allow you to get credentials configured on your end without storng them on SimpleBackupsBackup data access
During the backup process NO DATA is transiting via SimpleBackups infrastructure. Meaning that your data is directly sent to the storage you've configured, without any intermediary.
The only exception to this is when using Serverless, where the backup is streamed from SimpleBackups isolated serverless infrastucture to your storage. Even in that case the data is never stored on our end.Encryption in transit
We use encryption at rest and in transit for all your backups. This means that you can configure your backups to be encrypted using your own private key but also that all the data transiting between SimpleBackups and your storage is encrypted using AES256.
As mentioned above the data stored on SimpleBackups (configuration...) are encrypted using a rotating key. Adding your own encryption key to backups means that no backups are readable by anyone, even us at transit, since the encrypted output is sent to your storage. The process happens in complete autonomy with real-time logs available for you to check.Encryption on storage
Your backup can be stored on any connected Storage Provider and you can define an encryption key generated on your end, unique to you, that will be used to encrypt your backup archive before the transit.
This means only you, owner of your private key, can ever decrypt it (as long as you don't lose the key of course).
Additionally, SimpleBackups supports technologies like SSE-C to ensure your data is encrypted on the storage provider side. - Certifications, compliance and auditing
- While many self-claim to be ISO 27001 "compliant" fewer are actually "certified".
We, at SimpleBackups, are certified since 2023, and are being audited on a yearly-basis.
Being ISO 27001 certified means we have obligations, when it comes to implementation of strict data security measures and that everything we do is documented and audited.
We're also based in Europe, where data security is known to be heavily scrutinized, and we're GDPR compliant, meaning that we have to follow strict data security regulations and that we have to provide you with all the tools you need to be compliant as well.
While we're not officially SOC2 and HIPAA certified, we are compliant with their requirements and can provide you with all the documentation you may need to attest of our compliance.ISO 27001 Requirements
ISO 27001, specifically in Annex A.12.3, outlines requirements for "backup" and disaster recovery in the context of information security. It mandates that organizations implement appropriate backup procedures to protect against data loss, ensuring that information and software essential to business operations are regularly backed up. Backups must be tested periodically to verify their integrity and effectiveness in disaster recovery scenarios. The standard requires that backup copies are stored securely, with defined access controls, and that they are kept separate from the operational environment to prevent data corruption or loss in case of system failure. Additionally, the organization must ensure that backup policies align with business continuity and disaster recovery plans, and that backup procedures comply with legal, regulatory, and contractual obligations.GDPR Requirements
The GDPR does not explicitly mandate backups, but it requires organizations to implement appropriate technical and organizational measures to ensure the security, availability, and resilience of personal data, as stated in Article 32. While backups are not a direct requirement, they are often necessary to meet these obligations, particularly for ensuring data availability and timely recovery in the event of system failures, breaches, or other disruptions. Consequently, having a robust backup strategy is typically part of demonstrating compliance. Moreover, any backups containing personal data must adhere to GDPR principles, such as data confidentiality and integrity, which means they must be protected with measures like encryption and access controls.SOC2 Requirements
In the context of SOC2, backups are not explicitly required, but they are commonly implemented to meet the Availability and Security principles.
SOC2 focuses on ensuring that systems are reliable and available as committed, and backups are a typical way to achieve this. While organizations have flexibility in how they meet these criteria, a strong backup and disaster recovery plan helps demonstrate the ability to restore data and maintain operations during disruptions. Backups also need to be secured with proper access controls and encryption to comply with SOC2’s confidentiality and security standards.HIPAA Requirements
Under HIPAA’s Security Rule, backups are explicitly required to ensure the availability and integrity of Protected Health Information (PHI).
The Contingency Plan standard (45 CFR § 164.308(a)(7)(ii)(A)) mandates that covered entities and business associates implement a data backup plan to create and maintain retrievable copies of electronic PHI. This ensures that critical health data can be restored in case of emergencies or data loss. Backups must also be protected with appropriate security measures, such as encryption and access controls, to meet HIPAA’s confidentiality, integrity, and availability requirements. Regular testing and verification of these backup plans are strongly recommended to ensure effectiveness. - Code of conduct, and security practices
Minimal access to the team
As described in our"security-first" page the data stored on SimpleBackups (configuration...) are encrypted with no one in the team having access to your raw data, at any time.
On top of encryption mechanisms, you're also able to encrypt your backups using your own key, this ensure the data stored on your end is also encrypted.ISO 27001 documentation trail
We keep track of all that touches security, and log it.
This is a requirements for us to be ISO 27001 certified. We also, keep an opened "Status Page" that will list any system failure our outage, informing you in real time of what happens but also showing you that we're transparent about our system.Bug Bounty Programs
While we have strong development practices and automated test systems that ensure everything we do is secure, tested, and reviewed we also leverage the skills of talented security experts that are not part of our team to challenge our system.- Questions and concerns
- Choosing the right Backup Solution is a critical decision for your business, and we understand that.
We're here to help you make the right decision, and we're here to answer any questions you may have.
We've bundled below the most common questions users are asking us:What access does SimpleBackups need?
Short answer - You can provide read only access limited to what needs to be backed up, and we encourage you to use a dedicated user for backups.
Long answer - We're ISO 27001 certified and follow strict security guidelines, we do not store any access config without proper encryption, have encryption with rotating keys, encourage firewall restrictions, ...
With that, we also encourage proper permission management, and giving SimpleBackups the least possible permissions required to complete each backup.
Based in Europe
ISO 27001 Certified
SOC2 Compliant
HIPAA Compliant
GDPR Compliant
Auditing & Security Programs
Discover SimpleBackups
- Configuring a backup
Connect your managed database
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
Schedule your Backup
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
Define where to store your Backup
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
- Restoring a backup
Select the Backup you want to restore
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
Select your a restore method
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
Execute the restore command
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
- Backup Recovery Plan, Compliance Dashboard and Security Options
Share your Backup Dashboard to your team/clients
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
Export Audit Reports
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
Configure Reporting
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
Enable Backup Testings
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
Setup end-to-end Encryption
Configure and control all your backups from a modern UI.
Connect storage, configure notifications, generate audit reports, configure scheduling and more right from your team space.![]()
A quick glance at how configuring your backups within SimpleBackups will look like.
Discover how SimpleBackups helps you with your:
Real-world use cases
- SaaS & Tech team securing their products with SimpleBackups
- SaaS companies and tech companies dealing with internal development of apps, uses SimpleBackups for:
- ✅ Save time and avoid maintenance for your development team to focus on your product
- ✅ Trust your backups are correctly handled while you scale your product
- ✅ Clear, accessible backups for the entire team (not handled by one in-house person)
- ✅ Clear, restore process
- ✅ Save time on compliance efforts (ISO 27001, SOC2, HIPAA, GDPR...)
![]()
No Maintenance
Expert support
ISO 27001 certified vendor
- All Geeks, securing their hobby project
- We've always supported the idea of having a backup for your hobby projects for free, and we've seen many users using SimpleBackups for:
- ✅ Easy database backup until you're ready for production!
- ✅ Infrastructure agnostic solution
![]()
No Hassle setup
Multi-Storage
Alerts and Notifications