We already have backups through our IT provider.

Good — we audit them first. The most common findings: backups on the same network they're protecting, no immutability, and no one has ever timed a restore. If yours pass, we'll tell you and you'll only pay for the drill program.

What does “compliance mode” mean?

It's the strictest object-lock setting: retention can be extended but never shortened, and nothing — no role, no support ticket — can delete data early. We use it deliberately.

Can we keep our current IT company?

Yes. We design and verify; your IT provider can operate day-to-day. Many of our clients come through their IT provider — see /msp-partners.

Backups even your administrator can’t delete.

Modern ransomware crews don’t just encrypt your data — they find your backups first and destroy them. So we build backups that cannot be altered or deleted by anyone, including us, including your IT admin, including an attacker holding your admin’s credentials.

How it’s built

Object-lock immutability

Backups are written to storage with compliance-mode object lock: once written, they are physically unalterable until their retention period expires. There is no override. Not for us, not for the vendor, not for a court-ordered admin. That's the feature.

3-2-1-1-0 architecture

Three copies, two media types, one offsite, one immutable, zero unverified — every backup is automatically integrity-checked, and the quarterly drill is the human verification on top.

Executive-gated recovery (the three-key protocol)

Destructive operations and vault access require quorum approval — typically your CEO, CFO, and security officer each confirming through separate channels. One stolen credential, one disgruntled insider, one social-engineered help desk call: none of them can touch the vault alone.

Retention designed for your obligations

HIPAA, tax, and contractual retention mapped per data class, so immutability never collides with your legal hold or deletion duties.

THE ARCHITECTURE, END TO END

PRODUCTION
LOCAL BACKUP
OFFSITE IMMUTABLE VAULT(OBJECT LOCK)
[3-KEY QUORUM]
ISOLATED RESTORE

What it costs

One-time architecture and migration from $4,000 (typical SMB: $4,000–$12,000 depending on data volume and system count), plus monthly storage passthrough at cost + management. Exact quote follows the readiness assessment.

Questions we get

We already have backups through our IT provider.: Good — we audit them first. The most common findings: backups on the same network they're protecting, no immutability, and no one has ever timed a restore. If yours pass, we'll tell you and you'll only pay for the drill program.
What does “compliance mode” mean?: It's the strictest object-lock setting: retention can be extended but never shortened, and nothing — no role, no support ticket — can delete data early. We use it deliberately.
Can we keep our current IT company?: Yes. We design and verify; your IT provider can operate day-to-day. Many of our clients come through their IT provider — see /msp-partners.

Get your backup architecture audited

If what you have already passes, we'll tell you — and you'll only pay for the drill program. If it doesn't, you'll know exactly what to fix before an attacker finds out first.

Get your backup architecture audited