It's a term you may not have heard of before, but why is MVC relevant to businesses?

The concept of a Minimum Viable Company (MVC) is a fairly new one within our industry, but as it grows more prominent in cyber security, we begin to see just how important it is to businesses today in the increasing threat landscape. In fact, research finds that 4,000 new cyberattacks occur every single day, and that a company is attacked by ransomware every 14 seconds somewhere in the world, keeping your systems alive and ready is becoming an issue.

The rise of cyber-attacks is forcing organisations to rethink their recovery strategies.

While detecting threats remains critical, a more significant challenge has emerged: ensuring protected data is clean and available to bring a company back online.

With attackers strategically infiltrating systems, staying undetected for extended periods, and creating widespread repeat damage, Security and IT teams have begun to focus on advanced practices to minimise the impact of downtime their most important, business-critical assets.

Minimum Viability - sometimes referred to as a “Minimum Viable Company” - goes beyond traditional asset discovery, categorisation, and disaster recovery, offering a strategic approach to cyber resilience that focuses on rapidly restoring essential capabilities needed for an organisation to function after a cyberattack.

By definition, an MVC is the “smallest possible version of an organisation that can still function and serve customers should an incident bring down part(s) of the operations and systems.” As a result, it “offers the potential to maintain business continuity and to help minimise business disruption.” A term previously used in consultancy, but the big question here is, of course, how can an organisation define the MVC concept so they can maximise resilience? That’s where companies such as COOLSPIRiT and Commvault can offer support.  

The first step is to identify your systems and infrastructure that must be secure and operational at all times in order to keep the lights on for your business. This will always include critical applications, assets, processes, and people, which collectively can ensure the business can keep ticking over until normal operations have been fully restored.

More specifically, maintaining core IT infrastructure, such as ensuring secure access to authentication and identity management services remains in place, is vital. Alongside this, essential communication platforms, such as email, messaging, and collaboration tools such as Microsoft Teams, must remain operational to support internal teams and external stakeholders. The objective should always be to reinstate these as soon as possible in the event these systems are impacted by a security breach.

Don’t forget this kind of resilience relies as much on people as on technology. Clearly defining the roles and responsibilities of key personnel in the MVC hierarchy can play a huge role in determining how well an organisation can deliver on its recovery objectives.

Strategically planning ahead is fundamental to MVC, but this isn’t just about securing key technologies and having a playbook ready, as important as these things are. MVC also depends on implementing and supporting a culture whereby organisations become more cyber-resilient on a fundamental level.

There can be no doubt, for example, that organisations who build awareness training into their continuous improvement processes are much better placed to avoid security breaches than those that do not. This ethos should also extend to scenario planning and cyber recovery drills that put processes to the test and identify any shortcomings. Should a security crisis happen, businesses that have at least some idea of what to expect, what their immediate priorities should be, and how decision-making processes will operate, should be well placed to recover to a minimum viable state without serious delay.

Ultimately, businesses that embrace MVC principles are not only mitigating downtime, but also protecting their reputation and long-term viability.

We thank Jason Gerrard, Senior Director, Sales Engineering – Channel, EMEAI, Commvault for this detail on MVC.

How COOLSPIRiT can help, with Commvault, is simple. Request our Ultimate Guide, our customers are given a comprehensive guide and plan to ensure they are educated to what systems and infrastructure make up their MVC. You will also find out how together we offer capabilities to help organisations get to minimum viability and beyond as quickly as possible. These include Active Directory, Commvault Cloud Cleanroom Recovery, and AirGap Protect.