Hyperscale cloud providers design the custom hardware that powers their data centers with reliability in mind. Amazon S3, for example, only loses one file a year for every 100 billion records it holds. Some on-premise storage arrays offer similar durability, but matching cloud platforms’ hardiness in practice requires more than just suitable hardware. There are also disaster recovery procedures to implement and backup environments to create. Because of the task’s complexity, companies often bring in external expertise to support their data protection efforts.

Recovery Point Systems is a 26-year-old Maryland firm that provides managed disaster recovery services. It also has a consulting arm that helps firms with tasks such as creating a business continuity plan. Boardroom Insight caught up with Brett Moss, Recovery Point’s newly appointed president and chief growth officer, to get a closer look at the technologies that are helping companies avoid data loss in 2025. We also received a primer on the best practices that IT teams use to bounce back from infrastructure failures. 

Boardroom Insight: One of Recovery Point’s specialties is providing disaster recovery services for IBM mainframes. How do the data protection requirements of a mainframe differ from those of an Intel server environment?

Brett Moss: Mainframe environments have fundamentally different resilience requirements compared to Intel-based systems. Mainframes often run mission-critical applications that demand continuous availability and zero data loss, driving the need for synchronous replication, journaling, and specialized tooling like GDPS or IBM Z Global Mirror. Recovery Point has extensive experience managing these types of platforms, which require deep domain expertise, highly granular recovery capabilities, and real-time monitoring. In contrast, Intel server environments tend to rely more on snapshot-based protection, asynchronous replication, and flexible recovery options. While both require strong SLAs and security, the architectural philosophies and performance expectations differ significantly, which is why a hybrid resilience strategy is essential for enterprises with mixed infrastructure.

Boardroom Insight: Many data protection vendors have released features for creating immutable backups over the past few years. If a company uses immutable backups that can’t be deleted or encrypted, does ransomware stop being a risk?

Brett Moss: Immutable backups are a critical line of defense, but they are not a silver bullet. Ransomware has evolved beyond simply encrypting files, it now often includes data exfiltration and operational disruption. While immutability ensures the availability of a clean backup, the recovery window and the ability to orchestrate a full restoration under pressure are equally important. At Recovery Point, we emphasize a layered approach, which includes immutability, but also comprehensive DR testing, air-gapped recovery environments, and rapid failover capabilities. Ransomware doesn’t stop being a risk, it becomes a business resilience test. Preparedness is measured not only in prevention but in how quickly you can recover and resume operations.

Boardroom Insight: What does testing that a disaster recovery workflow functions as expected involve exactly?

Brett Moss: Testing a disaster recovery workflow is far more than verifying that backups exist, it involves confirming end-to-end system recoverability under real-world conditions. At Recovery Point, our testing protocols and automation tools simulate actual failover scenarios, validate RTOs and RPOs, and confirm that dependent systems, network configurations, access controls, and application stacks function seamlessly post-recovery. It involves coordination across infrastructure, security, and business continuity teams, and incorporates reporting for audit and compliance. Effective DR testing should be automated and orchestrated and occur yearly and quarterly. It’s key to reset your risk level with every test by decreasing the “testing gap.”

Boardroom Insight: How is AIOps influencing data protection, if at all, in terms of the types of tasks that make up administrators’ work and the amount of time those tasks require? Can the impact of AIOps be described as significant?

Brett Moss: AI is playing an increasingly critical role within modern data protection platforms, particularly in the areas of threat detection, anomaly identification, and alerting. At Recovery Point, we’re seeing AI embedded in backup and replication technologies that continuously monitor for unusual patterns, like unexpected data change rates, deletion behaviors, or encryption spikes that may indicate ransomware or insider threats. Rather than administrators combing through logs or dashboards to validate system health or spot issues, AI is now doing that work in near real-time, surfacing intelligent, contextual alerts that allow IT teams to act faster and more precisely. This significantly reduces the time spent on routine verification and post-event forensics.

That said, we view AI as an augmentation layer rather than a full replacement for operations. It’s a valuable strategic enabler, but human expertise and judgment remain essential, particularly when orchestrating complex recovery workflows or adapting protection policies in dynamic environments. AI is helping teams move from reactive to proactive, but it’s not pushing people out of the loop.

Photo courtesy of Recovery Point