What is a Minimum Viable Company (MVC) in the context of cyber recovery?

MVC is a recovery strategy that identifies and restores only the core business functions and systems absolutely necessary to keep operations running after a cyber attack. Rather than attempting full restoration, it focuses on getting critical systems like ERP, customer-facing websites, and essential integrations back online quickly while investigation continues.

How does Commvault support organizations implementing an MVC strategy?

Commvault provides both technology tools and consulting services to help organizations define their minimum viable requirements, test recovery scenarios, and execute MVC plans. They bring their partner network into the process and offer tools designed to make iterative testing practical, recognizing that organizations typically need multiple attempts to correctly identify their true minimum requirements.

What to do (at a minimum) to recover after a cyber attack

Name: What to do (at a minimum) to recover after a cyber attack
Uploaded: 2026-02-28T12:27:54-05:00
Duration: 2 min 33 s
Description: TL;DR Minimum Viable Company (MVC) strategy focuses on rapidly restoring only the core business functions needed to operate immediately after a cyber attack, rather than attempting full system recovery. Organizations should deploy specialized tiger tea...

Commvault

02/28/2026

0 (0%)

Report Like Favorite

TL;DR

Minimum Viable Company (MVC) strategy focuses on rapidly restoring only the core business functions needed to operate immediately after a cyber attack, rather than attempting full system recovery.
Organizations should deploy specialized tiger teams to execute MVC recovery while maintaining parallel incident investigation with full evidentiary integrity for long-term remediation.
Commvault provides both technology tools and consulting services through its partner network to help organizations define, test, and implement MVC recovery plans at enterprise or business unit levels.

Summary

Howard Holton, CTO of GigaOm, introduces the concept of Minimum Viable Company (MVC) as a cyber recovery strategy that prioritizes restoring core business functions immediately following a security incident. Rather than attempting full system restoration, the MVC approach identifies the essential subset of operations needed to keep the business running while incident investigation continues in parallel. Holton explains how organizations can define their critical systems—such as ERP platforms, customer-facing websites, and inventory management—and develop specialized tiger teams to execute rapid failover and recovery. The strategy emphasizes maintaining investigative and evidentiary integrity while simultaneously bringing minimum viable operations online. Commvault positions itself as both a technology provider and consulting partner in this process, offering tools that simplify testing and validation of MVC plans. The framework is flexible enough to apply at the enterprise level or to specific business units, with iterative testing recognized as essential to refining what truly constitutes minimum viability for each organization.

Chapters

0:00 - Defining Minimum Viable Company
0:51 - Parallel Investigation and Triage
1:20 - Tiger Team Recovery Execution
2:01 - Commvault Support and Testing

Key Quotes

0:10 "So what I like about MVC is minimum viable company is what are the minimum number of things that I need? ..."
1:20 "So you actually have a separate tiger team developed to get MVC back up."
2:20 "And I guarantee the first few times you do it, you're going to be wrong."

Categories:

Tags:

Show more Show less

TL;DR

Summary

Chapters

Key Quotes

Service Account Security in the Age of AI: From Legacy Accounts to Agentic Identities

Beyond the Alert – Building the Human Centric Agentic SOC

How Purpose Brands scales IT with Zendesk ITAM

Cultivating Trust as a Foundation for the Agentic Consumer in 2026

Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection