What is a Minimum Viable Company (MVC) in the context of cyber recovery?

MVC is a recovery strategy that identifies and restores only the core business functions and systems absolutely necessary to keep operations running after a cyber attack. Rather than attempting full restoration, it focuses on getting critical systems like ERP, customer-facing websites, and essential integrations back online quickly while investigation continues.

How does Commvault support organizations implementing an MVC strategy?

Commvault provides both technology tools and consulting services to help organizations define their minimum viable requirements, test recovery scenarios, and execute MVC plans. They bring their partner network into the process and offer tools designed to make iterative testing practical, recognizing that organizations typically need multiple attempts to correctly identify their true minimum requirements.

What to do (at a minimum) to recover after a cyber attack

Name: What to do (at a minimum) to recover after a cyber attack
Uploaded: 2026-02-28T12:27:54-05:00
Duration: 2 min 33 s
Description: TL;DR Minimum Viable Company (MVC) strategy focuses on rapidly restoring only the core business functions needed to operate immediately after a cyber attack, rather than attempting full system recovery. Organizations should deploy specialized tiger tea...

Commvault

02/28/2026

0 (0%)

Report Like Favorite

Transcript

So what I like about MVC is minimum viable company is what are the minimum number of things that I need? What are those very specific things to run the business? Right. I need my ERP to be up and running. What does that mean? Our website needs to be up and running. What does that mean? It needs to interact with our ERP so we can check constantly check inventory. What does that actually mean to us? Right. How do we reconcile lost transactions? How do we reconcile lost time? How do we manage the identity system that may have been compromised six months before the encryption occurred, before the security event was noticed? Right. And and thus those accounts may still exist. And then you start the investigation. At the same time you're trying to do some sort of triage. What's down? What's broken? How bad is this? Is this currently? Right. What do we think this is? The reason investigation is important is you're trying to figure out how long have they been in your environment. It's a critical piece of information to recovery. And immediately you start kicking off. What are we what is our fail over if any? And how do we get back up and running? So you actually have a separate tiger team developed to get MVC back up. Once that's up and running then that team moves right back over to incident response and you continue the incident response. All the investigative integrity is maintained. All the evidentiary integrity is maintained. All of that stuff can still continue and is part of the feedback loop that you use for the long-term repairs. While the business, the minimum viable business, however you define that, is up and running. And the neat part is it also doesn't have to be one thing. Right. You could have an MVC for the company, but you could also have an MVC for a particular piece of operations or a particular business unit. Commvault has staffed around this. They've staffed to help be your kind of consultant as they go through this and they're bringing their partner network along with them. Right. So you don't have to feel like you're all alone here. It's really critical that you have tools that make testing easy because you're effectively testing the theory of is this my minimum viable company? And I guarantee the first few times you do it, you're going to be wrong. There's a ton of configuration here. Is the juice worth the squeeze? And that's really kind of what Commvault has taken on.

TL;DR

Minimum Viable Company (MVC) strategy focuses on rapidly restoring only the core business functions needed to operate immediately after a cyber attack, rather than attempting full system recovery.
Organizations should deploy specialized tiger teams to execute MVC recovery while maintaining parallel incident investigation with full evidentiary integrity for long-term remediation.
Commvault provides both technology tools and consulting services through its partner network to help organizations define, test, and implement MVC recovery plans at enterprise or business unit levels.

Summary

Howard Holton, CTO of GigaOm, introduces the concept of Minimum Viable Company (MVC) as a cyber recovery strategy that prioritizes restoring core business functions immediately following a security incident. Rather than attempting full system restoration, the MVC approach identifies the essential subset of operations needed to keep the business running while incident investigation continues in parallel. Holton explains how organizations can define their critical systems—such as ERP platforms, customer-facing websites, and inventory management—and develop specialized tiger teams to execute rapid failover and recovery. The strategy emphasizes maintaining investigative and evidentiary integrity while simultaneously bringing minimum viable operations online. Commvault positions itself as both a technology provider and consulting partner in this process, offering tools that simplify testing and validation of MVC plans. The framework is flexible enough to apply at the enterprise level or to specific business units, with iterative testing recognized as essential to refining what truly constitutes minimum viability for each organization.

Chapters

0:00 - Defining Minimum Viable Company
0:51 - Parallel Investigation and Triage
1:20 - Tiger Team Recovery Execution
2:01 - Commvault Support and Testing

Key Quotes

0:10 "So what I like about MVC is minimum viable company is what are the minimum number of things that I need? ..."
1:20 "So you actually have a separate tiger team developed to get MVC back up."
2:20 "And I guarantee the first few times you do it, you're going to be wrong."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

06/23/2026

01:00 PM

06/23/2026

The AI-Powered VMware Alternative

https://www.truthinit.com/index.php/channel/2009/the-ai-powered-vmware-alternative/
06/24/2026

11:00 AM

06/24/2026

LATAM: Accelerating Insights on AI Through an Engaging Webinar Series

https://www.truthinit.com/index.php/channel/2012/accelerating-insights-on-ai-through-an-engaging-webinar-series/
06/25/2026

01:00 PM

06/25/2026

Generative AI Security: Preventing AI from Becoming a Data Breach Multiplier

https://www.truthinit.com/index.php/channel/1998/generative-ai-security-preventing-ai-from-becoming-a-data-breach-multiplier/
06/30/2026

01:00 PM

06/30/2026

Master Active Directory Certificate Services for Long-term Success

https://www.truthinit.com/index.php/channel/2018/master-active-directory-certificate-services-for-long-term-success/
07/01/2026

04:00 AM

07/01/2026

Integrating Security in AI: Automated Red Teaming Strategies for Private Models

https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
07/01/2026

04:00 AM

07/01/2026

Schutz von KI in Anwendungen, Agenten und APIs.

https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
07/01/2026

01:00 PM

07/01/2026

Stop Your AI from Controlling You: Strategies for Retaining Power

https://www.truthinit.com/index.php/channel/2021/stop-your-ai-from-controlling-you-strategies-for-retaining-power/
07/02/2026

10:00 AM

07/02/2026

When the cloud goes dark: Resilience lessons from hybrid threats

https://www.truthinit.com/index.php/channel/2011/resilience-insights-from-hybrid-threats-when-the-cloud-faces-challenges/
07/09/2026

01:00 PM

07/09/2026

Harnessing Agentic Trust for Enhanced Human Experiences

https://www.truthinit.com/index.php/channel/2026/harnessing-agentic-trust-for-enhanced-human-experiences/
07/14/2026

11:00 AM

07/14/2026

Discover the Latest Innovations in Netwrix 1Secure During This Technical Session

https://www.truthinit.com/index.php/channel/2014/discover-the-latest-innovations-in-netwrix-1secure-during-this-technical-session/
07/21/2026

04:00 AM

07/21/2026

Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
07/22/2026

06:30 AM

07/22/2026

Insights and Strategies for Effective Data Privacy and Protection Practices

https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection-practices/
07/29/2026

04:00 AM

07/29/2026

Real-Time Strategies for Safeguarding Against Prompt Injections

https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
09/30/2026

04:00 AM

09/30/2026

AI Command Center: Optimizing Visibility and Control in Your Operations

https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/