Follow us :
Xen Bilişim
TR
Get a Quote
Service

Data Security & Backup

Last reviewed:

Most ransomware recoveries fail because backups were not tested. Data security is not a product — it is a posture: classification, protection in motion and at rest, immutable storage, verified restore, and breach response readiness.

Immutable Backup

Acronis Cyber Cloud with ransomware-resistant backup, monthly restore test.

M365 Backup

Mailbox, OneDrive, SharePoint, Teams backup — beyond Microsoft's shared-responsibility limits.

Data Classification

Purview Sensitivity Labels: Public / Internal / Confidential / Restricted.

DLP

Data Loss Prevention rules — block unauthorized sharing of personal data, IP, financials.

Backup strategy

The 3-2-1 backup rule, adapted to cloud-era SMB:

  • 3 copies — production, primary backup (Acronis local agent + cloud), secondary archive (cold cloud).
  • 2 storage types — local (NAS / Azure storage) + cloud (Acronis Cyber Cloud).
  • 1 offsite — geographically separated cloud retention with immutability.
  • Monthly restore test — sample restore validated; un-tested backups don't count.

Microsoft 365 backup

A frequent misunderstanding: Microsoft 365 includes data resilience (replicated storage, recycle bin, retention policies) but is not a backup. Microsoft's shared-responsibility model places long-term backup with the customer. We deploy Acronis or Microsoft 365 native backup to cover this gap.

Frequently Asked Questions

Doesn't Microsoft 365 already back up our data?

No — Microsoft 365 has resilience features (recycle bin, retention policies, versioning) but Microsoft's shared-responsibility model places long-term backup with the customer. For 90-day+ retention and ransomware recovery you need a dedicated backup product.

Which backup product do you use?

Acronis Cyber Cloud is our default for SMB and mid-market — single agent for endpoints, servers and M365, with immutable cloud storage. For larger environments or specific scenarios (VMware, SAP) we also work with alternative vendors.

How often should we test restore?

Monthly sample restore is the minimum. Annually a full DR drill (entire workload restored in a sandbox) validates that backup truly works. Untested backups are a false sense of security.

What about KVKK retention requirements?

KVKK requires personal data to be erased when its lawful basis ends. Backups must support targeted deletion or be excluded from "production" retention duties. We design retention policies per data category aligned with your VERBİS commitments.

How Xen Bilişim delivers Data Security & Backup

  1. 1. Discovery: Stakeholder interviews, current-state inventory, compliance review and risk mapping; deliverable: written discovery report.
  2. 2. Plan: Target architecture, SKU/licence selection, migration plan and SLA scope documented; quote signed.
  3. 3. Implement: Phased rollout with pilot → full deployment; user training and runbook delivered; KVKK/ISO compliance evidence collected.
  4. 4. Operate: Continuous monitoring, quarterly health-checks, incident response and roadmap reviews — under MSP retainer or project-end transfer.

Typical end-to-end timeline: 4-6 weeks (varies by scope).

Get a free preliminary assessment for Data Security & Backup

Get a Quote 0850 259 5949