Book demo
05 February 2025

A Decade of Innovation and Excellence in Cybersecurity

POCABAR’s journey began unexpectedly in 2014, sparked by a phone call. Wolfgang Mair, a seasoned IT professional, was approached by an old client with an urgent infrastructure issue. After resolving the problem, Wolfgang woke the next day inspired, registering ‘POCABAR’ as the company’s name. There was no initial master plan—just the resolve to deliver excellent service. However, as the business matured, a structured focus on cybersecurity and enterprise infrastructure emerged, shaping POCABAR’s unique identity.

Building a Foundation for Success

For the first two years, POCABAR thrived on organic growth, getting the “right people on the bus” and fostering a work culture rooted in collaboration and enjoyment. “Once the ship is moving,” Wolfgang says, “steering it becomes much easier.” This philosophy of adaptability and fun has been central to the company’s evolution. Starting with its core expertise in enterprise infrastructure, POCABAR developed an innovative cybersecurity strategy from the ground up.

Leading Through Innovation: The SADDI Service

One of POCABAR’s standout innovations is its SADDI Cyber Resilience Service, featuring a mobile recovery solution. This service, initially a ‘ruggedized’ rack-mounted mobile data center, allowed clients to recover operations quickly, even in remote areas. Over time, this evolved into a cloud recovery solution offering enhanced accessibility and separation of duties. These advancements ensure clients can recover securely and efficiently, particularly in today’s regulated environment shaped by frameworks like DORA and NIS2.

The adoption of automation has further cemented POCABAR’s leadership. Tools like Predatar Recovery Assurance enable POCABAR to scale its services while maintaining operational efficiency. Automated testing and validation processes have allowed the company to deliver value to clients without significantly increasing operational overhead.

A Commitment to Quality

POCABAR’s success is driven by an unwavering commitment to quality—a principle deeply rooted in its German heritage. Wolfgang emphasizes quality in every aspect of the business, from hiring practices to customer relationships. The company’s hiring process ensures cultural fit and excellence, fostering a team dynamic akin to a family. Many team members have worked together for decades, contributing to a cohesive and highly productive environment.

When it comes to customers, POCABAR prioritises those who align with its values and vision. Wolfgang describes the selection process as finding the right fit for a long-term partnership, where mutual compatibility and shared goals are essential. Clients unwilling to adopt POCABAR’s rigorously tested, single-source technology solutions are politely declined, ensuring that the company maintains its commitment to quality and seamless service. This approach fosters strong, collaborative relationships that deliver exceptional outcomes for both parties. Wolfgang cited an example where a customer wanted a particular brand of firewall to customise the SADDI service, a request which was declined. POCABAR’s approach is the antithesis to that of the more common reseller type business.

Looking Ahead: Talent and International Expansion

As POCABAR embarks on its next decade, Wolfgang is focused on maintaining the company’s high standards. By partnering with local universities, POCABAR nurtures young talent through apprenticeships, ensuring the next generation upholds the company’s values and innovation.

International expansion is the next frontier. Following initial success in the Gulf states, POCABAR aims to replicate its model globally, bringing its unique blend of innovation and quality to new markets. The company’s branding—evoking the Bavarian Alps and mountaineering—reflects its ethos: encouraging the team to step out of their comfort zones and strive for the next challenge.

POCABAR and Predatar

POCABAR’s relationship with Predatar goes much deeper than a typical customer/supplier arrangement. POCABAR has been selected as one of Predatar’s APEX partners, an elite group of service providers around the world with the capabilities and ambition to deliver world-leading cyber resiliency services with Predatar tech under the hood. Predatar CEO, Alistair Mackenzie explained “There was never any doubt that POCABAR has what it takes to be one of our elite partners. Not only do they have the skills and the vision, but we love their culture and energy too.”

Conclusion

POCABAR’s journey from accidental beginnings to a trailblazer in cybersecurity exemplifies the power of adaptability, innovation, and commitment to excellence. With tools like Predatar enabling operational efficiency and a focus on talent and international growth, POCABAR is poised to scale new heights over the next decade.

Discover how to get in touch with POCABAR or find a Predatar APEX Partner near you.

Learn more about
Predatar recovery assurance

30 January 2025

Is There a Role for Agentic AI in Cyber Recovery and Cleanroom Orchestration?

Agentic AI systems are gaining attention as a potential game-changer for overstretched security and infrastructure operations teams tasked with maintaining cyber resilience. But what exactly is meant by ‘agentic’ in this context?

Let’s start with a definition:
Agentic (adjective): Able to express agency or control on one’s own behalf or on the behalf of another.

Put simply, agentic AI is Artificial Intelligence that is able to make its own decisions. Think of any AI or robotics themed movie and there is probably an agentic machine at the heart of story. I,Robot, The Terminator, or our favourite… Short Circuit. Yes, Johnny 5 is alive, and is undeniable proof that agentic technology can be positive force in the world 😂.

Today, most AI is non-agentic. It’s generally used as a reactive tool and aims to deliver a specific type of output defined by a user or programmer. A human is setting the problem, and defining the type of solution required.

Agentic AI on the other hand, will independently plan and take day-to-day actions towards long-term objectives, adapt dynamically to changing environments, and interact with the world – without requiring constant human intervention.

Clearly, we’re not predicting that humanoids will be running the world – or your storage, but the core principles of agentic AI will prove to be invaluable for boosting and maintaining data resiliency. Storage and backup operations represent a fertile ground for its application. With less than 1% of backup data validated annually for efficacy and cleanliness, the need for smarter tools to address time constraints is undeniable.

This article explores the incremental steps on the path to fully autonomous, agentic, cyber recovery orchestration.

Step 1: Scheduled Recovery Automation

The journey begins with basic automation. Scheduled recovery testing and malware scanning can be proactively added to daily operations. At this stage:

  • Human operators maintain full control over what gets recovered, when, and how to respond to detection events or failed restores.
  • Automation reduces manual effort but doesn’t replace human decision-making.

This foundational step builds confidence in automation while freeing up valuable time for other critical tasks.

Step 2: Self-Directed or AI-Driven Recovery Automation

The next phase involves introducing systems that respond autonomously to detected anomalies. Here’s how it works:

  • The system uses behaviour monitoring or integrates with third-party APIs, such as storage SaaS control planes or SIEM tools to detect potential threats.
  • Affected systems are recovered into isolated cleanroom environments and tested for malware.
  • Over time, AI algorithms refine themselves to reduce false positives, lightening the workload for human operators.

Even at this stage, humans retain control over final actions, ensuring trust and oversight remain intact. While highly efficient, this level doesn’t yet meet the threshold of ‘agentic’ autonomy.

Step 3: Fully Agentic Cyber Recovery Automation

In the final stage, systems achieve full agentic capabilities, executing complex, multi-step tasks and making independent decisions. Examples include:

  • Removing malware from infected production systems as well as the backups.
  • Isolating compromised systems in a secure vault.
  • Applying software patches to remediate vulnerabilities across the network.

These advanced capabilities could raise concerns among operators about relinquishing control. However, the trade-off is significant: reducing repetitive work and accelerating the response to evolving threats.

Pros and Cons for Storage and Backup Professionals

The rise of agentic AI in cyber recovery presents both opportunities and challenges.

Pros:

  1. Enhanced Oversight: By automating repetitive tasks, professionals can focus on strategic initiatives.
  2. Improved Efficiency: Faster recovery processes minimise downtime and mitigate the impact of ransomware and other cyber threats.
  3. Adaptive Learning: AI-driven tools continuously learn from new threats, improving accuracy and reducing false alarms.

Cons:

  1. Potential for Edge Cases: Systems might encounter scenarios unfamiliar to the AI but recognisable to experienced operators, leading to potential vulnerabilities.
  2. Training Requirements: Storage administrators may need to adapt to managing and refining AI systems, adding a layer of complexity to their job description.
  3. Loss of Direct Control: Trust in autonomous systems requires cultural and procedural shifts, which may not come easily.

Conclusion: A Welcome Development

For many organisations, the processes governing backup and recovery have remained largely unchanged for decades, even as threats have evolved dramatically. Agentic AI offers a way to modernise these systems, addressing the growing cyber resiliency challenge with tools that are both efficient and adaptive.

While the shift to full autonomy will require careful implementation and oversight, agentic AI systems promise to revolutionise cyber recovery, empowering teams to stay ahead of threats and enabling a more resilient future. For now, incremental adoption—starting with scheduled automation and progressing towards self-directed systems—is the key to building trust and demonstrating the value of these transformative technologies.

Start Your Journey to Agentic AI in Cyber Recovery Today

Organisations around the world have already introduced scheduled and AI-powered cyber recovery automation for backups and snapshots with the Predatar Recovery Assurance platform. Starting your journey to resilience with automation and AI is easier than you think.

Watch this video to Discover Predatar in less than 2 minutes.

Learn more about
Predatar recovery assurance

23 January 2025

5 reasons the Cyber Recovery Cleanroom market is growing fast.

As cyber threats grow more sophisticated by the day, organisations are under pressure to protect their critical assets. Cyber recovery cleanroom technology has emerged as a powerful tool in this fight, offering a secure, isolated environment to test and validate restore operations and/or carry them out after a breach.

Cleanroom Technology isn’t a niche solution anymore. It’s on the cusp of widespread adoption, poised to leap from an ’emerging market’ to the ‘high-growth’ phase on the adoption curve.

This article explores five key accelerators fuelling the rapid uptake of cyber recovery cleanroom technology, and explains why you should consider deploying one in your organisation.

If you’re looking for a deeper dive into the tech, check out this Guide to Cyber Recovery Cleanrooms.

Understanding the Adoption Curve

The adoption curve is a well-known framework for understanding how technologies evolve in the marketplace. Typically, it includes phases such as the innovation/emerging market stage, the high-growth phase, and eventually, maturity and saturation.

Technology adoption curve showing phases: emerging, high-growth, and mature markets over time.

Currently, cyber recovery cleanroom technology sits at the tipping point between the emerging and high-growth phases. While early adopters have tested and proven its effectiveness, the broader market is just beginning to recognise its value. The transition to high-growth is often catalysed by external drivers that validate the technology’s relevance and practicality. In the case of cleanroom technology, five accelerators are acting as the spark.

The 5 Accelerators Driving Rapid Adoption

1. Growing Use Cases and Proof Points

One of the most compelling drivers of adoption is the growing body of use cases and proof points demonstrating the effectiveness of new technologies. Across all industries (but especially highly regulated ones such as finance, utilities and healthcare), organisations have leveraged cleanrooms to help avoid or improve their recovery from potentially debilitating ransomware attacks and data breaches.

Take, for instance, a national utilities operator in Austria which successfully identified and removed malware in its backup system before an attack could take place, thanks to its cleanroom-based recovery strategy. Or a US healthcare provider that safeguarded patient data by isolating and neutralising malware using recovery assurance software technology from Predatar.

These success stories are building trust and confidence in the technology by proving its value in real-world scenarios. The standout proof point is that Predatar’s Cyber Recovery Cleanroom technology has helped to identify malicious files in over 75% of all deployments, despite customers having existing cyber security scanning tool in place.

The diversity of use cases also highlights the flexibility of cleanroom technology. Initially it was designed as a safe place to recover data into after an attack, but it’s the new use cases which will help the technology cross the chasm from emerging to high growth market.

Value was added when the technology was put to work as a proactive recovery testing tool which appealed to business continuity and disaster recovery managers.

In early 2024, we saw the adoption of the technology by Managed Service Providers (MSPs) who added recovery assurance software as part of their managed backup and disaster recovery services.

Finally, we started to see the technology incorporated as part of mobile emergency cleanrooms as well as cyber vault solutions.

As more organisations share their success stories, the perception of cleanroom technology is shifting from an experimental tool to a proven necessity.

2. Increasing Platform and Workload Support

Another critical accelerator is the increasing platform and workload support now available for cleanroom technology. In its early days, cleanroom adoption was hindered by limited compatibility with existing IT environments. Today, however, the technology has evolved to seamlessly integrate with a wide range of platforms, from on-premises data centres to hybrid and cloud environments.

This expanded compatibility allows organisations to deploy cleanroom solutions without overhauling their infrastructure. Whether managing legacy systems, modern hypervisor workloads, or a mix of both – cleanrooms can now accommodate diverse environments.

An early pioneer of recovery orchestration technology, Veeam Software, offered recovery testing as a feature of its enterprise backup solution, but its support was limited to VMware workloads only. For large enterprises, cyber recovery cleanrooms need to support more than just VMware – other popular hypervisors such as Microsoft’s Hyper-V and Nutanix’s AHV are required. Support for UNIX platforms such as AIX which often house the most critical business applications are non-negotiable for many organisations too.

We believe cyber recovery cleanrooms are primarily a security technology, not a storage one. The largest security companies including Palo Alto, CrowdStrike and Fortinet are server and storage vendor agnostic. For the acceleration of cleanroom adoption, multi-vendor support is a prerequisite since security officers want to invest in tools which support a range of different server, storage and network vendors.

Additionally, many cleanroom solutions now offer integrations with popular cybersecurity tools, SIEM and SOAR platforms. These advancements simplify deployment and ensure that cleanrooms can connect into existing security ecosystems. As compatibility and support continue to improve, the barriers to adoption are quickly falling away.

3. Reduced Cost and Complexity

Adoption of the automobile in the early twentieth century accelerated dramatically as the price of the Ford Model T fell from $780 in 1910 (equivalent to $25,506 in 2023) to $290 in 1924 (equivalent to $5,156 in 2023) [Wikipedia].

One of the biggest challenges to cyber recovery cleanroom adoption has been its perceived cost and complexity. Early implementations required significant investment in hardware, software, and services, making it an option primarily for large enterprises. In addition, the hardware technology was proprietary, a good example being the Dell Cyber Recovery Vault – a highly successful (if expensive) solution targeted at large enterprises.

Today, advancements in technology are driving down cost and complexity, making cyber recovery cleanrooms more accessible to organisations of all sizes. At Predatar, we have seen the average time for implementation reduce from 20 days for Predatar’s first generation Cleanroom (1.0) to just 2 hours for Cleanroom 3.0. And by utilising commoditised infrastructure, cleanrooms are becoming affordable for all.

For further reading on the business value of Cyber Recovery Cleanrooms we recommend this Guide to Building a Business Case for Cyber Recovery Assurance.

Automation and orchestration have played a significant role in this transformation. Modern cleanroom solutions often come with preconfigured templates, automated workflows, and user-friendly interfaces with integrated AI chatbots, that reduce the need for specialised expertise. This democratisation of technology has opened the door for mid-sized businesses and small enterprises to adopt cleanroom strategies.

Furthermore, as competition in the market increases, providers are offering more affordable pricing models, including pay-as-you-go and SaaS subscription options.

4. Increasing Regulation and Awareness of Cybercrime

The regulatory landscape is another powerful driver of cleanroom adoption. Whilst no regulation explicitly demands the use of cyber recovery cleanrooms, the direction of travel is clearly towards proving recoverability, in addition to the current focus of threat detection and mitigation. Nowhere is this more apparent than in the European Union, with DORA and NIS2 coming into force in 2024 and 2025.

For a country-by-country view on where each country stands on NIS2, this blog is very useful.

At the same time, the rising prevalence of cybercrime is driving awareness and urgency. According to QBE Insurance , the number of disruptive and destructive global cyber-attacks taking place each year has doubled from 2020 to 2024. The cost to UnitedHealth Group of its subsidiary’s Change Healthcare cyber-attack has risen to $2.457 billion, according to the Group’s Q3 2024 earnings report.

And remember, recovery assurance is not just about protecting businesses from human-driven cyber-crime but also plain old accidents and acts of nature. In the second half of 2024, in the largest IT outage in history, Fortune 500 companies alone suffered more than $5 billion in direct losses because of the CrowdStrike outage.

As I write this, 2025 has already witnessed the costliest wildfire in US history, with losses expected to exceed $135 billion. The risk premium will continue to rise as growing losses from traditional disasters are compounded by cybercriminals targeting organisations of all sizes, across all geographies and verticals – causing widespread damage. This growing threat landscape is compelling organisations to invest in solutions that can mitigate the impact and ensure business continuity.

Cleanroom technology, with its ability to isolate and neutralise threats while facilitating rapid recovery is emerging as a cornerstone of compliance and resilience strategies. As regulatory pressure and cybercrime awareness continue to grow, the demand for cyber recovery cleanroom technology is set to accelerate.

5. Focus from Major Tech Vendors

The involvement of major IT vendors is perhaps the strongest signal that cleanroom technology is moving into the high-growth phase. When industry leaders invest in, acquire, and promote a new technology, it validates its importance and potential.

In recent years, we’ve seen significant activity from major vendors in the cleanroom space. Some have launched dedicated cleanroom solutions as part of their cyber resilience portfolios, while others have formed strategic partnerships with specialist providers. These moves not only enhance the credibility of the technology but also expand its reach through established sales channels and customer bases.

Here are a few examples. In 2024 Commvault launched the Commvault Cloud Cleanroom Recovery, a secure Microsoft Azure cloud environment to help recover an environment post attack. IBM continued to advance its Storage Defender solution, a multi-vendor cyber solution spanning both primary and secondary storage, with options to add cyber recovery cleanrooms. HPE has made significant strides in establishing market presence with its HPE GreenLake Cyber Resilience Vault, a new air-gapped solution offering ‘superfast’ recovery.

Moreover, major vendors are investing in R&D to further enhance cleanroom capabilities. From AI-driven threat detection to advanced automation, these innovations are making cleanroom technology even more robust and appealing. The focus from IT giants is a clear indicator that cleanrooms are no longer a niche solution—they’re a critical component of modern cybersecurity strategies.

The Road Ahead: From Emerging to High-Growth Market

The convergence of these five accelerators is creating a perfect storm for the adoption of cyber recovery cleanroom technology. As use cases multiply, compatibility improves, costs decrease, regulations tighten, and major vendors double down, the conditions are ripe for rapid growth.

In the coming months, we can expect to see cleanroom technology move firmly into the high-growth phase of the adoption curve. Organisations that act now to explore and implement cleanroom solutions will be well-positioned to stay ahead of cyber threats and regulatory requirements. Those that delay may find themselves at the mercy of rising insurance premiums and damaging losses.

Conclusion: Recommendations for adopting Cyber Recovery Cleanrooms

Cyber recovery cleanrooms are rapidly transitioning from niche tools to essential components of cybersecurity strategies. To capitalise on this momentum, organisations should:

  1. Prioritise Proactive Implementation: Don’t wait for a breach or regulatory pressure to take action. Implement cleanroom solutions early to build resilience and validate recovery processes. Start with a pilot project to demonstrate value before scaling.
  2. Invest in Compatibility and Training: Ensure your cleanroom solutions integrate seamlessly with existing IT environments and security ecosystems. Equip teams with the necessary training to maximise effectiveness, leveraging vendor support and automation tools for simplicity.
  3. Collaborate with Leading Providers: Partner with vendors offering proven, multi-platform solutions and a focus on continuous improvement. Opt for partners who demonstrate commitment to innovation, regulatory compliance, and flexibility to meet your organisation’s unique needs.

By addressing these areas, organisations can position themselves at the forefront of cyber resilience, safeguarding operations while adapting to the evolving threat landscape.

Learn more about Predatar’s unique Cyber Recovery Assurance capabilities at www.predatar.com

Learn more about
Predatar recovery assurance

14 January 2025

6 ways Disaster Recovery testing is evolving – and why it needs to.

Disaster Recovery testing, or DR testing has been a cornerstone of business continuity for more than 3 decades. While the need for validating recoverability has never been greater, the way that DR testing is done hasn’t kept pace with new technology or the evolving risk landscape.

It’s an inconvenient truth that the simulated scenarios of DR tests no longer reflect real-world threats. Whether they choose to acknowledge it or not – most IT professionals already know it.

Rubrik’s EMEA CTO Harpinder Singh Powar recently discussed the role of DR testing at Predatar’s annual user summit. He states,

“The value of DR testing has dramatically diminished, and for many organisations the practice has become little more than a tick-box exercise.” 

DR testing has the potential to once again become a powerful tool for business continuity. And what’s more, it has a big role to play in the fight against cybercrime. DR testing must evolve. And here’s the exciting part – the evolution is already underway. New approaches to DR testing will help organisations rise from the metaphorical flames of any disaster – and even help to avoid them.

What is Disaster Recovery testing (aka DR testing)?


Disaster Recovery testing is the process of validating an organisation’s disaster recovery plan (DRP) to ensure that IT systems, data, applications, and infrastructure can be effectively restored after a disaster or disruption.

Typically, most organisations execute DR tests on a quarterly, or annual basis. During these tests specific elements of the DRP will be tested, for example failover mechanisms or backup restores.

Why does Disaster Recovery testing need to evolve?

Resource challenges:
IT systems are getting bigger and more complex by the day. At the same time, there is an ongoing global shortage of skilled technical people. DR testing is already time-consuming and resource intensive. This is only getting worse with more edge devices, Internet of Things 4.0 (IoT 4.0), and big data models for AI.

Under-resourced IT teams are struggling to keep up with basic scheduled DR testing, let alone expand the scope to reflect the new data landscape. 
 
The threat landscape:
As the name suggests, Disaster Recovery testing is all about how an organisation will respond in a disaster. It’s always wise to plan for the worst-case scenario, and historically the worst-case scenario was something like a fire or flood taking out your data centre. Following 9/11, terror attacks became a very real concern too.

Fast forward 20 years. Today the biggest threat is a very different beast. Where once the odds of a ‘disaster’ striking were perhaps 1 in a million, now it’s closer to 1 in 50. The big threat is cyber attacks.

Where ‘traditional’ disasters have tended to be indiscriminate and hit suddenly, cyber attacks are often super-targeted, and are executed over an extended period. They silently spread across networks to cause maximum disruption. Disaster Recovery wasn’t built to deal with this new type of scenario.

How is Disaster Recovery Testing changing?

1. Continuous DR testing

Few people would disagree that increasing the frequency of testing is a good thing to do. But cost, complexity and resource limitations mean that most organisations only run DR tests periodically – typically, on a quarterly, or annual basis. What’s more, these tests only check a very small subset of the data the organisation stores (less than 1% on average).

DR testing is a perfect use case for automation. Organisations that deploy automated DR testing workflows can run continuous recovery tests, 24/7 – with no additional burden on busy IT teams, and no disruption to day-to-day IT systems and operations.

This new approach to testing means that organisations can validate the recoverability of all of their data every few weeks. The most critical systems can be checked every few days.

2. AI-powered DR testing

Artificial intelligence is changing the world, and it’s got a significant role to play in the future of DR testing. AI is already being put to work in many organisations to identify data with the highest likelihood of recovery failure. These potential ‘problem’ workloads can then be prioritised for testing – boosting the chances of finding and fixing issues. This approach will ultimately increase the efficacy of recoveries. AI can also be used to detect signs of a cyberattack by spotting tell-tale patterns of nefarious behaviour in your data. This will enable IT and security teams to act early – before the issue escalates into a crisis.

The third and final application of AI for DR testing we want to highlight is AI-generated scenarios. By understanding the complex data patterns of real-world disaster scenarios, and how the responses play out, AI will be able to test drive DR plans against realistic scenarios and automatically optimise the response for maximum success.

3. DR testing with integrated security tools

In most modern cyber attacks, malicious files are present within the victim’s IT network for weeks – sometimes months – before the attack is activated. Traditional DR methods won’t detect this dormant malware. As a result, a DR test might produce a successful result for recoverability of an infected workload, even though the data could become encrypted and rendered useless as part of a cyber attack.

It’s an eye-opening fact that Predatar has uncovered hidden malware in more than 70% of its customer environments within just a few weeks of deployment. In most cases the malware had been present for several months, and had the potential to cause significant disruption if left undetected.  

By integrating cyber security tools such as Endpoint Detection & Response (EDR) and Extended Endpoint Detection & Response (XDR) into DR testing procedures, organisations can validate the cleanliness of their data and remove malware before it can cause damage.

What’s more, by integrating DR testing with SIEM and SOC platforms, DR testing can become more responsive to the real-world threats that cyber security teams are managing every day.

4. DR testing as a proactive threat detection weapon

We’ve just highlighted how a new generation of DR testing capabilities will uncover hidden threats and vulnerabilities within stored data. In some cases, the DR test will be the first alert of a potential issue within an organisation.

Integration with SOC and SIEM platforms not only means IT teams can receive intelligence from security teams,  they can provide intelligence to security teams too. DR testing has the potential to be an early warning system for prevailing cyber attacks. In the new world of DR testing, backups are elevated from reactive insurance policy to a proactive threat intelligence tool.

5. Joined-up DR testing

Today, DR tests are often compartmentalised, with tests executed on a systems-by-system basis. In a real-world scenario, bringing back one system at a time is far from optimal. Your business’s most critical applications may have dependencies across multiple systems. By using unified recovery environments and recovery orchestration applications, businesses can build and test recovery plans to restore data from different systems in an optimised sequence. This will enable them to get the most vital systems up and running faster. By minimising operational downtime, IT teams can and reduce the impacts of a cyber incident or other data loss event.

6. DR testing for compliance

the business case for efficiency and cyber resilience are compelling drivers for change. But it’s regulations that are really accelerating the innovation and adoption of new DR testing practices. A new wave of operational resilience regulations is being introduced around the world – FISMA, DORA, HIPAA, PRA and NIS2 to name a few. Not to mention more stringent requirements from cyber insurance too. The need to provide evidence of recoverability is rapidly becoming essential.

As you evolve your DR testing processes and toolsets, be sure to evaluate your reporting capabilities too. In the new world of DR testing, spreadsheets and hand-cranked reports will be a thing of the past. Most modern applications include easy-to-use, configurable dashboards and reporting features. These tools are designed specifically to boost visibility, save time and provide the evidence that regulators and auditors need.

In Conclusion

Disaster Recovery testing needs to evolve to meet the operational resilience challenges facing organisations today. Automation, Artificial Intelligence and integration with security applications will provide the biggest wins. The future of DR testing is closer than you think. Predatar’s Recovery Assurance platform is a practical way to get started with AI-powered, automated recovery testing and malware scanning for backups and snapshots.

Find out more about the world’s most innovative Recovery Assurance platform at www.predatar.com or book a demo now.



  

Learn more about
Predatar recovery assurance

09 January 2025

Is Your AIX Environment Safe from Ransomware?

AIX systems are often the IT backbone of medium and large enterprises. They power everything from critical financial systems to supply chain operations to industrial controls. Uptime is non-negotiable. However, while organisations have invested heavily in safeguarding virtualised environments and primary storage snapshots, AIX has often been left behind.

This isn’t an oversight, it’s due to technical hurdles. The proprietary nature of AIX systems combined with their complexity, has made it difficult to perform recovery testing at scale. As a result, many businesses have no choice but to simply hope that their AIX backups will work when disaster strikes.

The AIX myth.

You’ve probably heard this one…

The often-accepted logic suggests that ransomware gangs are most interested in hitting the most widely used platforms like Windows and VMware, and that AIX simply doesn’t have the footprint to be worthwhile for attackers. While there is sense in the logic, it’s not that black and white.

While AIX might not be as prevalent as Windows or VMware; for the businesses that rely on it, AIX often holds the crown jewels of their data. Take down the AIX, and many organisations will be left totally unable to operate. Retail businesses will be unable to transact. Hospitals will be unable to access patients’ medical records. Production lines will grind to a halt.

Attackers want to cause maximum disruption in order to increase the size and likelihood of a ransom payout. When it comes to targets, AIX is a bullseye.

This isn’t just theoretical. There’s a growing trend of ransomware groups creating variants or modules to reach into UNIX-based systems, including AIX. Ransomware families like DarkRadiation and RansomEXX have already been engineered to strike Linux environments, meaning an AIX variant is just a tweak away. And given the potential payout from infiltrating the kind of critical data managed on AIX, it’s only a matter of time before ransomware gangs prioritise this OS.

More than just a good practice

AIX systems tend to be found in industries with high-value, business-critical data like finance, healthcare, and manufacturing. It’s no coincidence that these are the 3 industries most targeted by ransomware attacks, and no coincidence that these are amongst the most highly regulated industries.

With a raft of operational resilience regulations coming into force around the world (DORA, FISMA, PRA, and NIS2 to name a few), proof of effective recovery from AIX is becoming more than just good practice. For lots of organisations – it’ll be mandatory.

IBM and Trend Micro: Fortifying AIX and SAP Environments on Power

IBM’s collaboration with Trend Micro to bring Trend Vision One™ to Power servers reinforces the critical point… AIX isn’t immune to ransomware or cyber threats. Trend Vision One’s SAP Scanner, integrated with SAP NetWeaver and SAP HANA, actively scans for hidden threats, showing IBM’s commitment to securing these high-value environments. If AIX were untouchable, this level of security wouldn’t be necessary. For organisations relying on AIX for sensitive data, IBM’s partnership with Trend Micro validates the importance of a robust, proactive approach to cyber resilience.

Predatar’s Approach to Validating AIX Cyber Resilience

At Predatar, we’ve also taken up the challenge. Our latest product release, R17.3 Viper, brings Predatar’s full Recovery Assurance capability to AIX workloads. Customers heavily invested in IBM storage tech can now validate the cleanliness and recoverability of their Storage Protect/Plus VMs, their FlashSystem Safeguarded Copies and their AIX backups with a single Predatar licence and one Predatar CleanRoom.

AIX customers with multi vendor storage environments benefit from this release too. Predatar supports Veeam, Rubrik and Cohesity backups, and immutable Pure Storage snapshots too.

Our approach leverages the power of Predatar’s Aurora™ AI, to continuously monitor and test backup environments, flagging potential threats and validating recovery workflows. In a world where ransomware attacks are increasingly sophisticated, it’s more important than ever to know that your backups are not just complete – but clean and secure.

The Importance of Scanning Backups

When ransomware strikes, it doesn’t always attack production data first. Sometimes it sneaks into backup data, hiding until an attempted recovery brings the infection back into the environment. Scanning backups of AIX is about making sure that in the worst-case scenario, when an organisation is recovering, it’s truly safe. A comprehensive scan can prevent re-infection, validate the security of recovery copies, and ultimately serve as the final line of defence against sophisticated ransomware strategies.

In short, for those organisations relying on AIX to protect their most valuable data, the stakes are too high to overlook cyber resilience.

Final Thoughts

The risk of ransomware is real and it’s growing. Cybercriminals will increasingly focus on big, critical targets, including AIX environments. By leveraging solutions like Predatar and IBM’s and Trend Micro’s Trend Vision One, organisations can gain confidence in their ability to detect, prevent, and recover from ransomware threats targeting AIX.

Protect your AIX systems like the crown jewels, because to a ransomware gang, that’s exactly what they are.

Visit the Predatar website to find out how Predatar can give you recovery confidence.

Learn more about
Predatar recovery assurance

17 December 2024

Mega Trend for 2025: The Convergence of Backup and Recovery with Security Operations

What will 2025 have in store for the world of Backup and Recovery? As ever, Predatar’s CEO Alistair Mackenzie has some thoughts and opinions. History tells us that his predictions are never far off the mark. So, let’s take a look at his perspective on the year ahead…

Author: Alistair Mackenzie

In 2025, the backup and recovery landscape will continue its shift toward becoming a core function of enterprise security operations. This trend, emerging in the mid-market, will accelerate across large enterprises as organisations recognise that data backup is no longer just an IT infrastructure task—it’s a critical line of defence against cyber threats. As backup systems increasingly fall within the domain of Security Operations Centres (SOCs), the industry will see a series of transformative outcomes.

1. A Major Merger Between a Security and Backup Vendor 

With backup now a security priority, the stage is set for a significant merger between a security and backup vendor. This groundbreaking partnership will affirm the need for seamless integration between backup and cybersecurity and act as a catalyst to further accelerate the convergence. As a result, enterprises will be able to simplify their stack and their their resilience strategies.

2. New KPIs for Backup and Storage Administrators 

The roles of backup and storage administrators will shift rapidly. Security-related key performance indicators (KPIs)—such as anomaly detection, data integrity validation, and ransomware recovery times—will complement traditional metrics like uptime and speed, reflecting the dual mandate of safeguarding and restoring data.

3. Recovery Assurance Cleanrooms Become Ubiquitous 

As organisations prioritise recovery assurance, Recovery Cleanroom technology—dedicated environments for validating and recovering clean backups—will become more accessible and affordable. This ubiquity will make cleanrooms a standard feature in IT datacenters, reducing risk and boosting recovery confidence.

This short video explains how a Predatar CleanRoom in your DataCentre or in the Cloud will continually validate backups for recoverability and cleanliness:

4. AI Dominates Backup and Recovery 

The competition among vendors will increasingly revolve around artificial intelligence. AI-powered tools will automate backup administration, from anomaly detection to error remediation, dramatically reducing manual intervention and enabling IT teams to focus on strategic tasks.

5. Recovery Automation Embedded in SIEM and SOAR 

Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms will integrate recovery automation workflows and runbooks directly. This will enable SOC teams to respond to incidents with rapid, automated recovery processes, reducing downtime and improving overall resilience.

Conclusion 

As the boundaries between backup, recovery, and cybersecurity blur, organisations must prepare for a future where backup is at the heart of their security strategy. This convergence will drive innovation, reshape roles, and reinforce the critical link between resilience and security in enterprise IT.

Kick-start your convergence

Predatar’s AI-powered Recovery Risk report is a great way to get started. Quickly get insights into the performance of your backup environment from a security perspective, and see practical recommendations to improve your data resilience.

Learn more about
Predatar recovery assurance

12 December 2024

Backup Shake-Up: Cohesity & Veritas Merge

Why the Cohesity & Veritas Merger Will Kick-Start Other Big Moves in the Market

This week’s completion of the big merger between two of the major players in the backup and recovery space, Cohesity and Veritas, has sparked debate. Advocates argue that this move will accelerate innovation and deliver greater value to customers. Critics, on the other hand, foresee financial and organisational challenges leading to customer disruption as product portfolios are inevitably streamlined.

The truth lies somewhere in between. In the short term, legal and financial hurdles will delay noticeable market changes. And yes, customer impact will vary. Some will enjoy competitive pricing, new features, and faster innovation. Others, however, will face the expense and disruption of transitioning to alternative backup solutions.

Yet, this shake-up is ultimately necessary. The backup market has long been in need of transformation, and this merger is likely to be the catalyst.

Why Does the Backup Market Need to Change?

The backup and recovery market is overly fragmented and complex, leaving customers frustrated. With a mix of long established vendors (e.g. IBM, HPE, Dell, Veritas, and Commvault) and newer cloud-native players like Druva, Rubrik, and Cohesity, there’s no single solution that fully meets diverse organisational needs.

Instead of competition driving value, the market forces buyers into lengthy and costly evaluations to identify the right combination of products. Many organisations bring in large consultancy firms for advice, further adding to the expense. Yet, even after all the due diligence, implementation often reveals gaps between expectations and reality, leaving buyers feeling let down, exposed, and significantly out of pocket.

Why More Mergers and Acquisitions Will Follow

This merger positions Cohesity and Veritas to deliver a more comprehensive solution. Other vendors now face a choice: either remain specialised and force customers to integrate multiple products, or combine forces to offer a unified proposition. Those who choose to go it alone may find it increasingly difficult to compete with the simplicity of a ‘one stop shop’ model.

While another merger of this scale may not happen immediately, we expect to see a wave of smaller mergers and acquisitions in the near future. These moves will likely blur the lines between backup, recovery, and security, as vendors aim to offer integrated platforms addressing multiple organisational challenges.

Good to Know

Whether you are already a Predatar customer, or you’re exploring recovery assurance solutions, it’s worth knowing that Predatar supports multiple backup and recovery technologies.

With all the twists and turns that are coming in the market, you can’t be certain which backup and storage products you’ll be using tomorrow, but you can have confidence that your recovery will be assured with Predatar.

Learn more about
Predatar recovery assurance

03 December 2024

Cyber Vault vs Cyber Recovery Cleanroom: What’s The Difference?

The emerging cyber resiliency marketplace is evolving fast, and there’s lots of new terms to get to grips with. As a market-leader in cyber recovery cleanroom tech, we often get asked… “What’s the difference between a cyber recovery cleanroom and a cyber vault?” These two terms often get confused, and while they share some similarities, they are fundamentally different.

This article will explain:

  1. What each of these terms mean
  2. How they are different
  3. Which one you need

Before we dive in, it’s worth noting that this article focuses on the concepts and high-level technology. It doesn’t dig into, or promote any technology vendor’s solutions specifically.

What is a Cyber Vault?

A cyber vault is a highly secure, isolated environment designed to protect critical data from cyber threats such as ransomware, insider attacks, and other malicious activities. Its primary purpose is to ensure that organisations have a safe repository for their most sensitive or valuable data, which can be restored in the event of a breach or data corruption.

Think of it like a bank vault. Once your valuables are locked away they can’t be accessed by unauthorised parties. Anything you lock away will remain completely untouched and unchanged until you choose to access it.

To be classed as a cyber vault, a solution should have the following features or characteristics:

• Isolation and Air-Gapping:
The cyber vault should be either physically or logically separated from the primary network, ensuring attackers cannot directly access it during a cyberattack. A physical air gap could be created by backing up a copy of your data to tape media and storing the tape in a vault, literally! If using connected storage, the access should be restricted by network segmentation.

Immutable Backups:
Data stored in the vault should be immutable, meaning it cannot be altered or deleted once written, safeguarding it from tampering.

Multi-Factor Authentication (MFA) and Encryption:
Strict access controls and data encryption are essential to protect the vault from unauthorised access.

Here’s the next common question:
Does a cyber vault give me cyber resilience?

The answer:
Not quite.

While immutable backups are a crucial component of cyber resiliency, they do not protect you from all possible events.

Immutable backups are safe from modification once stored, meaning they can’t be tampered with or encrypted by malicious actors once they are stored in your cyber vault. But they don’t protect against an initial infection.

If your primary systems are compromised before a backup is made, your backups will almost certainly become compromised too. This is particularly concerning for ransomware attacks, where the attack might go unnoticed for long periods. Essentially, undetected malware will be replicated into your vault, with the risk of reinfecting your systems if you need to run a restore from your vaulted data.

Restoring from immutable backups can also be a complex process, especially if recovery processes aren’t regularly tested. Some organisations struggle with recovering from an immutable backups due to lack of familiarity with the specific tools or processes required. Therefore, the use of immutable storage may be restricted to a subset of data – usually the most critical assets.

What is a Cyber Recovery Cleanroom?

A cyber recovery cleanroom is also a secure, isolated environment – but its main purpose is to validate the cleanliness and recoverability of backup systems (including immutable snapshots) with the goal of minimising downtime during a data loss incident.

There are a variety of cyber recovery cleanroom solutions on the market and the prevailing trend shifts the emphasis from post-crisis recovery to proactive, automated, daily validation to help prevent attacks, and not just remediate the impacts. This means that a cleanroom is no longer a reactive ‘just in case’ investment – your cleanroom is a proactive weapon for both defence and response.

Unlike a cyber vault, where the whole purpose is that the data remains unchanged, data in your cleanroom is active. Your cleanroom is a location to run validation processes and in some cases, malware removal processes too.

For a deeper-dive, check-out this Guide to Cyber Recovery Cleanrooms.

Which Do You Need, A Cyber Vault or a Cyber Recovery Cleanroom?

It shouldn’t be an either/or decision. Both technologies deliver different benefits, and the most robust solutions for cyber resilience should incorporate the characteristics of both cyber vaults and cyber recovery cleanrooms. This customer story explains how a large utilities operator have deployed a cyber recovery cleanroom alongside their cyber vault solution.

For ultimate resiliency, mature organisations build secure storage and backup platforms that incorporate these 5 fundamentals:

  1. Keeping multiple copies of data (preferably three or more)
  2. Keeping an air-gapped copy of data
  3. Encrypting your most sensitive data
  4. Employing immutable copies to prevent corruption of data
  5. Using orchestration to recovery test and scan backup copies

For more information on the 5 fundamentals of cyber resilience check out the Recovery Gap eBook.

Start Your Journey to Greater Resiliency

If you want to boost cyber resilience in your organisation, a Recovery Risk Report is a great place to start. It’s an automated, AI-powered reporting tool, designed to quickly highlight vulnerabilities and uncover recovery risks in your backup environment without the need for costly, intrusive consultancy.

Learn more about
Predatar recovery assurance

28 November 2024

Build a Business Case for Cyber Recovery Assurance

Cyber recovery assurance is a relatively new concept, but it’s one that is quickly becoming essential for most organisations.  Driven by the rapid evolution of cyber threats and a new generation of operational resilience regulations (including DORA, FISMA, PRA, and NIS2), cyber recovery innovation is thriving.

If you have evaluated the options but are struggling to get stakeholder buy-in or secure the budget for the technology you need, you are not alone.  After all, it is not like your business hasn’t already invested extensively in security and business continuity projects.

As the title suggests, the purpose of this article is to help you build a business case for your cyber recovery project. We will quickly explore the ‘why’ of cyber recovery, but the focus will be more on answering the following questions:

  1. Which department should pay for a cyber recovery project – infrastructure, security, or business continuity?
  2. What does this solution replace in my existing security, storage, or disaster recovery arsenal?
  3. How do I justify this expenditure to my financial officer?

Why Cyber Recovery Matters

After the terrorist attack on the World Trade Center in 2001, many companies scrambled to build out mirrored datacenters. Prior to this event, it was mainly the banks who could justify the expense of synchronous replication to a second or third site. As the cost of storage came down, more industries followed suit.

Since then, the threat landscape has grown and morphed, but the methods of defence have not kept pace.

The traditional threats to business continuity haven’t gone away – fires, floods, power outages, and terrorist activity – but now you must plan for cyber incidents too. In a cyber attack scenario, replication only exacerbates the problem. In 2024, ransomware attacks increased both in frequency and sophistication. Cyber criminals have increasingly targeted high-value sectors such as critical infrastructure, healthcare, telecommunications, and financial services. 

The Growing Importance of Backups.

The new threat of cyber attacks threw a spotlight on backup. Prior to this development, the backup market had started to move away from tape-based solutions – which were slow and difficult to manage – towards disk solutions. While this meant much faster recovery, it was at the expense of the ultra-safe, air-gapped tape copy – often stored in an off-site vault.

Suddenly, backup became part of the cyber problem. Threat actors were increasingly targeting backup repositories, and despite massive investment in security and disaster recovery, the ability of companies to avoid having to pay a ransom was actually decreasing. This represented a colossal return-on-investment failure of risk management.

While secure backup is critical, so is speed of recovery, so ‘rewinding’ to tape-based solutions, stored in off-site vaults, in underground bunkers, doesn’t solve the problem.

The rise of Recovery Assurance technologies has been driven by the need to guarantee that backups are safe and recoverable, before they are called-on in a crisis.

What is a Cyber Recovery Cleanroom?

Arguably, the cornerstone of any Recovery Assurance solution – a cyber recovery cleanroom is quickly becoming a necessity for operational resilience in many organisations.

A secure, isolated environment designed to proactively recover critical data and systems both before and after a cyber incident – a cleanroom is physically or logically separated from the main IT infrastructure to ensure safety from malware and unauthorised access.

With a cleanroom, users can validate the integrity of data before restoring it, ensuring that only clean, uncompromised data is reintroduced to the network. For a deeper dive into Cyber Recovery Cleanroom solutions, read our guide.

Aligning Cyber Recovery Assurance with Business Goals

According to Sophos, the average ransom in 2024 is $2.73 million. That’s an increase of $1 million from 2023.

On top of the cost of the ransom itself, organisations also face loss of income, and reputational damage. The CrowdStrike outage in July 2024, which wasn’t even a malicious attack, led to a combined loss of $4.5 billion for the Fortune 500 companies. Read the Guardian article.

If the need to recover from backups is increasingly likely, any solution which increases the predictability, while also decreasing the time to recover, will clearly align with the business goals of continuity and operational resilience.

Next, we will start to look at building a business case but before we do, consider that the average cost to run a datacentre for a medium sized company is between $5m and $15m per year (based on a mid-sized Russell 2000 company).

A second datacentre is designed for the old threat landscape of high-impact low probability events. A recovery assurance solution is designed for both new and old threats and costs a fraction of traditional disaster recovery.

Quantifying the Financial Risks of Inaction

Step 1 – Calculate downtime cost

As a rule of thumb, the average cost of an hour of downtime for mid-sized businesses is $84,650, making prevention a high-priority investment. This cost varies dramatically across different industry sectors, so, the first task in building a business case is to catalogue your applications and calculate the cost of an hour of downtime for each one.

Step 2 – Measure restore time

For each application add the time to restore from backup, assuming the backup is validated and safe to restore to production. Don’t know your restore time from backup? You are not alone. Organisations typically restore less than 1% of their data from backup in any given year.

A Recovery Risks Report can quickly give you insights into your backup environment and will help you understand the recovery time for each application.

Step 3 – Calculate Risk Premium

Map as many downtime-creating events as you can for which a recovery from backup might be required. Rank them based on likelihood and severity of impact. Examples include a localised server failure, datacentre power outage, database corruption, cyber or terrorist attack. Calculate the Risk Premium for each event. Here is an example:

Probability (P) is 1:50 in any given year, which is a 2% probability

Cost of event (C) is $1,000,000

The formula for Risk Premium = PxC

In this case the Risk Premium = 0.02 x 1,000,000 = 20,000

You could add more sophisticated techniques such as Quantitative risk analysis (QRA) or use Monte Carlo analysis, which considers many more variables and would be recommended for large projects.

Using this technique, or simply knowing your cyber insurance annual premiums will help to present a business case to a CFO in language they understand. In the example above, if the solutions cost $20,000 or less than you would expect little resistance from executives.

Step 4 – Create a Risk Matrix – Likelihood vs. Impact

Following on from Step 3 present the data in a Risk Matrix such as the one shown below.

Step 5 – Create a Cyber Resilience ROI matrix.

There is no single solution which can eliminate the risk of downtime from either a power outage or a cyber-attack. Building resilience is a journey. It’s about managing risk and taking a pragmatic approach to prioritisation. Some steps will be small, others will be much bigger.

For more information read the Closing your Cyber Recovery Gap eBook.

Once you have identified the recovery gaps in your organisation, map them out on a cost vs impact matrix (example below).

In the final assessment, it’s a judgement call. For example, if the cost of a data breach is estimated to cost your company $5 million, is an additional investment of $200,000 in a cyber recovery cleanroom, an appropriate one to dramatically reduce the impact?

Whose budget is it anyway?

According to a Splunk article, since the pandemic, IT security spending has experienced notable growth as organisations adapt to increasing cyber threats and digital transformation challenges. Recent data indicates global year-over-year growth in security and risk management spending of 14.3% in 2024, reaching $215 billion, compared to $188.1 billion in 2023. This expenditure far outweighs the equivalent figures for the backup and recovery market. And yet, the cyber insurance premiums continue to rise – suggesting the return on this investment has been poor.

Where to allocate the budget for a cyber recovery assurance project depends on its primary objectives, who stands to benefit, and who will manage it.

The considerations below are based on implementing a Cyber Recovery Cleanroom. Arguably, the security team stands to benefit the most but here are some options to think about:

  1. Infrastructure team (storage and backup).
    If the cleanroom will integrate with existing IT systems, ensure robust technical functionality, and automate manual backup administration tasks, assigning the budget to the infrastructure team is ideal. They can manage the hardware, software, and operational aspects efficiently.
  2. Security (CISO).
    When the cleanroom is aimed at mitigating advanced cyber threats or meeting compliance standards, the security team should oversee the budget. This ensures alignment with threat response and regulatory requirements, making the cleanroom a critical cybersecurity asset.
  3. Business Continuity (CFO / Compliance officer)
    For minimizing downtime and operational disruptions, the business continuity team is best suited to manage the cleanroom budget. This allocation could also help compliance officers meet regulatory requirements such as NIS2, DORA or GDPR. For a highly regulated business, a fine of 2% of revenue should be factored into any cost benefit analysis.

Ultimately, a cross-departmental approach provides the most comprehensive justification for the budget, ensuring alignment with technical, security, and business objectives.

How to get started?

If you are still struggling to get the commercial buy-in having followed the 5-step approach above, we suggest documenting your current recovery risks to provide additional evidence to support the business case. Predatar’s Recovery Risk Report evaluates vulnerabilities in recovery processes, identifying gaps in backup integrity, disaster readiness, and cyber resilience. This tool quantifies potential risks and impacts, enabling organisations to justify investment in cyber recovery assurance by demonstrating tangible benefits in operational continuity and reduced risk exposure.

Conclusion: Investing in Confidence and Resilience

Building a business case for cyber recovery assurance requires aligning its value with organisational goals like operational resilience, data integrity, and regulatory compliance. By quantifying downtime costs, assessing recovery times, and evaluating risks, buyers can clearly demonstrate the financial and operational benefits. Assigning responsibility—whether to infrastructure, security, or business continuity teams—depends on the project’s primary objectives and impact areas. Ultimately, a collaborative approach ensures the investment supports both technical needs and strategic priorities, reducing risk and enhancing preparedness for evolving cyber threats. Use tools like Predatar’s Recovery Risk Report to strengthen your case with actionable insights.

Learn more about
Predatar recovery assurance

25 November 2024

Building business biceps from 40 years of experience and hard knocks.

An MSP Evolution Story: Kon Kakanis, OneTeam IT

For the IT Channel, evolution isn’t just a buzzword; it’s the difference between thriving and going out of business. For OneTeam IT, an Australian reseller and MSP, that’s risen to become a Predatar APEX Partner, their journey has been one of resilience, reinvention, and a deep understanding of people and problems.

Predatar Founder & CEO, Alistair Mackenzie managed to speak to Kon as he was high-tailing it out of Brisbane to escape the supercell storms which were threatening to batter the Queensland coast. Not so much the “Sunshine State” that day but it did seem to be an appropriate scenario to be talking about resilience with this 40-year IT industry veteran.

From IBM to OneTeam: Building Credibility from Scratch 

Kon’s journey began at IBM, where, at the age of just 21, he was tasked with selling mainframes to senior government officials. Armed with a prestigious business card and good old-fashioned IBM training, he gained firsthand experience in earning credibility without an established track record. 

At 25, Kon helped to launch the reseller, Sundata, and found the transition from Big Blue was anything but easy. The memory of that time prompted my first question for Kon “How do you build trust when you’re starting from zero?” Imagine the stress and pressure he faced from his fellow board members, who waited 18 months for him to land his first significant deal. But that was 18 months of building trust with prospects, many of whom are still doing business with him today at OneTeam IT.

Kon explained that making the transition from reseller to service provider sometimes feel like starting again from zero. But it all starts with building trust with prospects and customers.

“Tell Me Where It Hurts”

Kon outlined a fundamental principle of the company’s trust-building approach, starting with the customer’s pain points. 

“It’s like going to the doctor,” Kon says. “The first thing you ask is, ‘Where does it hurt?’ People love to talk about their challenges, and if you genuinely listen, you’re halfway to solving the problem.” 

This consultative approach isn’t about flashy presentations or sales tricks. It’s about having the courage to delve into areas that might initially seem beyond your expertise. As Kon puts it, “If I don’t know the answer, I’ll go find it. But I’ll always tell the customer honestly whether we can help or not. Wasting their time would be wasting my own.” 

This ethos resonates throughout OneTeam’s culture, where fostering meaningful conversations has been the key to building long-term trust with clients.

The IT Industry – Then and Now

Reflecting on the industry’s evolution, Kon notes that the channels for building relationships have changed dramatically. “Forty years ago, you’d pick up the phone, and people answered. Now, we’re competing with voicemail, email filters, and endless distractions,” he explains. 

Yet, the core of the business remains the same: understanding the customer’s needs. And while the tools and strategies have evolved, Kon believes that authenticity and persistence are timeless.

Mentoring the Next Generation

One Team’s journey is also about passing the torch. Kon mentors MBA students and aspiring entrepreneurs, many of whom are diving into the world of software-as-a-service startups. 

“It’s inspiring to see their passion,” he says. “These young entrepreneurs aren’t necessarily drawn to the infrastructure side of IT like I was—they’re building cloud-based solutions from their garages. It’s a different world, but the same principles apply; solve real problems, build trust, and stay curious.” 

Scaling the business with Managed Services

For OneTeam IT, a strategic pivot has been the move toward managed services—a shift driven by the need for sustainable, high-margin revenue. Managed services encompass everything from managing systems to providing backup services and other recurring contracted offerings.

 Today, OneTeam is leveraging its partnership with Predatar to scale its backup-as-a-service offering, focusing on recovery assurance. Kon likens it to starting over but with decades of experience as a guide. 

“It’s like launching a new business within the business,” he says. “The energy is different, but the lessons learned over 40 years help us avoid the blind alleys and focus on delivering real value.” 

Addressing Customer Churn with Proactive Strategies

One of the significant hurdles for managed service providers (MSPs) is contract churn, often caused by customers underestimating the value of services once their IT environments are stabilised. As Kon explains, the phenomenon can feel like “a leaky bucket.” Customers initially approach MSPs to address pressing grievances, but as the provider resolves these issues, the customer may start questioning the necessity of the ongoing relationship.

To counter this, One Team IT employs a two-phase strategy:

1. Proactive Issue Mitigation: Before initiating a Managed Services Agreement (MSA), the company conducts an in-depth “take-on period” to address any major grievances upfront. This establishes a stable foundation for ongoing services, ensuring initial buy-in from the customer.

2. Continuous Optimisation: During the first six months, the team works to improve system efficiency and reliability, automating processes and gaining a deeper understanding of customer needs. This effort reduces costs and reinforces the value of the partnership.

This strategy creates the link between customer value and price, allowing OneTeam to offer a point of differentiation.

Lowering cost or dropping price?

A standout feature of OneTeam IT’s approach is its flexible pricing model. Recognising that customers appreciate transparency and fairness, Kon emphasises a commitment to lowering costs as systems stabilise.

“If you sign an MSA with us, we will commit to a reduction in cost for the same scope if you renew,” Kon says. This anti-inflationary approach not only builds trust but also demonstrates the company’s confidence in its ability to deliver value through automation, efficiency, and process improvements.

Shifting the Perception of Managed Services

Many customers perceive MSPs as expensive when compared to the costs of hiring in-house staff. According to Kon, this perception stems from a lack of understanding of the broader value MSPs provide. Talking data protection, he draws an analogy to a well-maintained house that can withstand storms versus relying on insurance to rebuild a flimsy house after damage, perhaps caused by one of those Queensland cyclones!

In this context, OneTeam IT positions its recovery assurance services not as “insurance” but as an investment in operational resilience. For instance, in backup and disaster recovery services, the emphasis is on ensuring data integrity and recoverability, rather than just selling a policy that covers potential losses. This shift from a cost-focused to a value-focused narrative helps customers appreciate the strategic importance of robust IT systems.

Tell them what you are doing. Then tell them again.

Effective communication is a cornerstone of customer retention for OneTeam IT. Kon highlights the importance of concise and impactful reporting to keep stakeholders informed of the value being delivered. “You don’t want to do it at a systems administrator level; you want to do it at a CIO or CEO level,” he asserts.

OneTeam IT’s service reports include:

  • Summaries of recovery testing outcomes.
  • Key performance indicators (KPIs) for metrics such as Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
  • Visual dashboards that clearly communicate system health and compliance.

Such transparency reassures customers that their IT environments are being managed effectively, addressing concerns from finance leaders who are inclined to question the value of every offering.

Driving Growth with Predatar

Predatar has been instrumental in transforming OneTeam IT’s operations. Its advanced dashboard capabilities allow OneTeam IT to provide customers with clear insights into their IT performance, including cleanroom recovery testing and adherence to SLAs. This level of visibility not only strengthens customer confidence but also aligns with the company’s goal of demonstrating continuous value.

Kon notes that tools like Predatar are particularly effective in illustrating the outcomes of disaster recovery tests and compliance with recovery metrics. These insights provide tangible evidence of the MSP’s effectiveness, helping to counter the misconception that IT services are merely a line item on the budget.

Conclusion

As customer expectations of MSPs continue to increase, OneTeam IT is proving that success lies not just in solving technical problems but in building trust, confidence, and resilience for its customers. With a clear vision and innovative strategies, OneTeam IT is well positioned to lead the industry into the future.

Is Your IT Channel Business Ready To Evolve?

More than 20 exceptional channel businesses are already on an evolution journey with Predatar. If your organisation has an ambition to deliver world-leading cyber resiliency services, get in touch to learn more about the APEX partner program.

Learn more about
Predatar recovery assurance