Protect and secure your data from cyber attacks
Data Protection
Data Security
Data Insights
The 5 Steps to Cyber Resilience
Cloud & SaaS
Enterprise
Industries
MVC is not simply about restoring the minimum number of systems. It’s about restoring the minimum amount of trust required for the organization to operate safely, credibly, and sustainably.
Most organizations understand the importance of prioritizing recovery. They know which applications matter most, which systems support revenue, and which services customers depend on.
But destructive cyberattacks expose a harder problem. In a cyber incident, the question is not only what to restore first. It is what we can trust enough to restore from, restore onto, and operate? That distinction is at the heart of the Minimum Viable Company.
The Minimum Viable Company, or MVC, is sometimes misunderstood as a better Business Impact Analysis, a critical application list, or a prioritized disaster recovery plan. Those elements matter, but they are not enough. A true MVC defines the minimum trusted operating state an organization needs to continue functioning under extreme conditions.
That means identifying not only the systems required to operate, but also the people, processes, identity services, communications channels, recovery artifacts, third-party dependencies, governance structures, and decision workflows needed to bring the business back safely.
In other words, MVC is not simply about restoring the minimum number of systems. It is about restoring the minimum amount of trust required for the organization to operate safely, credibly, sustainably, and in accordance with regulatory and business obligations.
Traditional disaster recovery was built for a different failure model. Infrastructure outages, hardware failures, natural disasters, and accidental data loss are serious events, but they generally assume that the environment itself remains trustworthy. In those scenarios, the recovery objective is often straightforward: restore the last known-good copy, reconnect dependencies, and resume operations.
Cyber recovery is different. In a destructive cyberattack, the organization is not simply recovering from failure. It is recovering from a compromise.
The attacker may have spent weeks or months inside the environment before triggering impact. During that time, they may have compromised privileged accounts, altered configurations, established persistence mechanisms, manipulated identity infrastructure, or studied the organization’s recovery procedures.
Under those conditions, restoring critical systems quickly can be dangerous if the organization cannot validate the trustworthiness of the systems, accounts, policies, dependencies, and configurations being restored.
A fast recovery that reintroduces adversary access is not resilience. It is reinfection at speed. That is why the first question in modern cyber recovery should not be, “What do we restore first?” It should be, “What do we trust?”
A functioning organization is more than workloads and data. During a destructive cyberattack, business survival depends on a broader operating foundation. That foundation may include:
These resources are often just as critical as the applications themselves. Yet many organizations store them inside the same collaboration platforms, identity systems, and file repositories that may become unavailable or untrusted during a destructive attack.
The playbook exists, but nobody can access it. The insurance policy exists, but the policy number cannot be found. The system can be rebuilt, but the license key is trapped inside an unavailable repository. The regulatory notification template exists, but access depends on a federated identity that no longer works.
This is where many recovery plans fail in practice. Not because the organization lacked backups, but because it lacked a trusted way to coordinate, decide, authenticate, and operate when the primary environment was compromised.
The Minimum Viable Company is therefore as much about operational survivability as technical recovery.
To avoid confusion, it is useful to define what MVC is not. A Minimum Viable Company is not simply:
A Minimum Viable Company is a defined, tested, and trusted operating model for keeping the organization functioning under degraded conditions after a cyberattack. That operating model must answer practical questions:
These are not traditional backup questions. They are cyber resilience questions.
One of the most common recovery mistakes is attempting to restore broad operational capability before re-establishing a trusted foundation.
If identity cannot be trusted, then every downstream recovery action becomes questionable. Every administrator account, service account, group policy, federation relationship, privileged access workflow, and automation pipeline may become a potential path for adversary persistence. That is why mature cyber recovery strategies rebuild trust in layers.
First, the organization needs access to the resources required to respond and recover. This includes playbooks, contacts, credentials, configurations, contracts, and decision workflows that exist outside the blast radius of the attack.
Second, the organization needs a trusted operational enclave: an isolated environment where investigation, remediation, validation, recovery, and decision-making can occur with reduced dependency on compromised production systems.
Third, the organization needs to restore foundational identity and control services deliberately and in a validated manner.
Only then should it progressively reintroduce critical business services on top of that trusted foundation.
This sequence matters. It allows the organization to move from uncertainty to controlled recovery, rather than trying to rebuild the business on top of systems that may still be compromised.
The Digital Jump Bag helps address one of the most immediate problems in a destructive cyberattack: access to trusted operational artifacts.
During a major incident, organizations need rapid access to the information and resources required to coordinate response and begin recovery. But those resources must be available outside the compromised production environment.
A properly designed Digital Jump Bag can provide protected access to resources such as:
The Digital Jump Bag does not solve every trust problem. It solves a foundational access problem: ensuring the resources needed to coordinate, decide, and initiate recovery remain available when primary systems are unavailable or untrusted.
That capability is essential to MVC because an organization cannot recover with confidence if it cannot access the basic information required to lead the recovery.
Access to recovery artifacts is only one part of the challenge. Organizations also need a safe place to investigate, validate, and rebuild. This is where clean-room recovery becomes critical.
A clean room provides an isolated environment where teams can examine data, validate recovery points, rebuild systems, test configurations, and coordinate recovery activity without relying on the compromised production environment.
This matters because cyber recovery is not just a restore operation. It is a trust validation process. Organizations need to know whether the data is clean, whether the restored systems are safe, whether identity has been re-established securely, and whether critical services can operate without recreating the conditions that caused the incident.
A clean environment gives teams the space to make those determinations before reconnecting recovered services to the broader business.
Identity is often the most important dependency in cyber recovery. If the organization cannot establish a trusted identity, it cannot safely restore anything else. Administrators cannot be trusted. Users cannot be authenticated. Service accounts cannot be validated. Access policies may be compromised. Federation relationships may provide a path for re-entry.
Identity systems such as Active Directory can also contain far more than user accounts. They may include group policies, administrative relationships, service dependencies, and configurations that affect large parts of the environment.
If those elements are restored without validation, the organization may unintentionally restore the attacker’s access along with the business service.
That is why trusted identity recovery is central to MVC. Organizations need a controlled way to recover identity services, validate administrative access, and rebuild confidence in the control plane before bringing critical business services back online.
Through Cohesity’s relationship with Semperis, customers can address this foundational identity resilience requirement as part of a broader cyber recovery strategy.
A true Minimum Viable Company capability requires more than traditional backup technology alone. Organizations that recover effectively from destructive cyberattacks bring together several capabilities:
Immutable recovery capabilities
Trusted identity recovery
Operational isolation
Out-of-band response coordination
Recovery workflow orchestration
Cross-functional governance
Pre-defined recovery decision models
Together, these capabilities help organizations move from theoretical recovery planning to operational recovery execution.
The technology is important, but technology alone does not determine recovery sequencing, executive decision points, ownership boundaries, trust validation criteria, or how security, IT, legal, communications, and business leadership collaborate under crisis conditions.
Those are operating model challenges. Building the workflows, escalation paths, decision structures, and cross-functional responsibilities required to recover safely is what turns recovery tooling into a true cyber resilience capability.
One of the most underestimated parts of MVC is coordination.
During a destructive attack, recovery is not the responsibility of a single team. Security Operations may identify indicators of compromise (IOCs). IT Operations may need to remediate or rebuild systems. Legal may need to assess notification obligations. Communications may need to engage customers, employees, partners, regulators, or the media. Executives may need to make tradeoff decisions under extreme time pressure.
Those activities must be coordinated even when normal systems are unavailable or untrusted.
That is why out-of-band response coordination is a critical part of the MVC operating model. Organizations need a way to coordinate decisions, actions, evidence, remediation, and validation outside the compromised production environment.
This is not just a tooling issue. It is a governance issue.
Who has the authority to declare systems trusted?
Who approves the restoration of customer-facing services?
Who validates that the identity has been recovered safely?
Who decides whether to operate in a degraded state?
Who determines when the organization can reconnect recovered systems?
A Minimum Viable Company must define those decision points before the crisis. Otherwise, the organization risks discovering during the incident that it can restore systems faster than it can make decisions.
This is where Cohesity’s broader approach to cyber resilience becomes important.
Cohesity helps organizations protect and recover data, but MVC requires a broader capability: identifying critical services and dependencies, protecting recovery assets, establishing trusted identity and control, recovering in isolated environments, and validating readiness through realistic exercises.
That includes platform capabilities such as immutable recovery, clean-room recovery, and orchestration, as well as ecosystem capabilities such as identity resilience through Semperis.
Cohesity also offers practitioner-led consulting to help organizations define the workflows, roles, responsibilities, decision points, and operating model required to recover from destructive cyberattacks. That distinction matters.
Many organizations have recovery technology. Fewer have a tested operating model for recovering to a trusted state under active compromise. A Minimum Viable Company bridges that gap. It connects technical recovery with business survivability.
Ultimately, MVC is not about restoring the minimum number of systems. It is about restoring the minimum trusted operating state required for the organization to continue serving customers, meet obligations, make decisions, and operate safely under degraded conditions.
That is a harder problem than traditional disaster recovery. It requires more than backups, more than prioritization, and more than a static recovery plan. It requires trusted recovery assets, validated identity, operational isolation, coordinated decision-making, cross-functional governance, and repeated testing.
The organizations that recover fastest from destructive cyberattacks are not simply the ones that can restore the most data. They are the ones who know what must come back first, what must be trusted before it returns, and how the business will operate as recovery unfolds.
That is the real purpose of the Minimum Viable Company. Not just to recover systems. To restore confidence in the organization’s ability to operate.
Written By
James Blake
VP, Global Cyber Resiliency Strategy
