TL;DR – Summary at a glance
- Data loss is one of the biggest risks in online commerce and incurs high costs.
- Without clear RPO/RTO values and external backups, the risk of failure increases significantly.
- Many backups are useless if they are not tested regularly – at maxcluster, they are checked regularly.
- maxcluster provides a reliable backup basis that quickly restores shops to operational status even in the event of failures.
Why are backups so important for online shops?
If an online shop goes down or important data such as orders, customer data, or product information is lost, this has an immediate impact on sales, processes, and the shopping experience. Without a clear backup strategy, there is a risk of long downtimes, organizational disruptions, and, in the worst case, complete data loss, which threatens the existence of many companies.
The facts show how serious the situation is
| Risk | Impact |
|---|---|
| Data loss | 67.7% of companies have already been affected (source: Infrascale) |
| Risk of insolvency | 93% of companies suffering major data loss later file for insolvency (source: Infrascale) |
| Cost of unplanned downtime | 91% of companies lose more than €280,000 per hour (source: Techchannel) |
| Losses for small shops | Ø €1,410 per minute of downtime (source: Infrascale) |
In addition, the threat posed by ransomware is increasing: in 2023, almost 60% of all companies were affected (source: The Data Protection Forum). For online shops, this can mean permanent damage—especially if no up-to-date backups are available.
What backups can prevent
Reliable data backup protects your shop from the most common causes of data loss:
- Encryption attacks by malware
- Errors during updates or rollouts
- Failures or defects in server hardware
- Human error, such as accidental deletion
- Events such as fire, water, or storm damage in the data center
Backups ensure that systems can be quickly restored, data loss is kept to a minimum, and operations can continue without prolonged interruption.
What are the consequences of not having backups?
Data backups not only protect technical systems—they secure the entire business process. They help to
- reduce financial losses by shortening downtime,
- prevent permanent data loss,
- quickly restore affected systems, and
- maintain customer trust.
Backups are therefore not an optional extra, but a fundamental prerequisite for stability, availability, and long-term success in e-commerce.
Real incidents: When missing backups become a nightmare
Source: freepik
Several events in recent years clearly show how quickly missing or inadequate data backups can lead to long downtimes and even permanent data loss.
INWX system failure (2025) – Data backup incomplete
In September 2025, scheduled maintenance at German hosting provider INWX led to a massive failure of the storage system. Numerous websites and email accounts were offline for days.
Only a two-day-old backup was available – and INWX did not want to restore it until it was clear whether the current data could still be recovered.
Impact:
- Customers without their own backups had to expect the loss of web and email data.
- Depending on the service, recovery took several days to weeks.
Lesson learned:
Even planned maintenance can lead to serious outages. Having your own up-to-date backups is essential, even if the provider performs backups (Source: BornCity).
OVH data center fire (2021) – Data lost forever
In March 2021, a major fire completely destroyed the OVH SBG2 data center in Strasbourg. Within a few hours, all systems were rendered unusable. Many customers stored their backups in the same fire compartment as their production systems – and lost all their data as a result.
Impact:
- Shops without external backups were unable to resume operations, either partially or completely.
- Numerous companies suffered considerable economic damage as entire databases were lost. In some cases, the losses were estimated to be in the millions.
- Recovery was possible primarily for customers who had offsite backups – often within a few days.
Lesson learned:
Backups must never be located in the same fire compartment as the live system. Geographical separation is mandatory (Source: Datacenter Insider).
Nayana Hosting (2017) – Ransomware cripples 3,400 websites
In June 2017, a ransomware attack encrypted 153 Linux servers belonging to Korean hosting provider Nayana. More than 3,400 websites were immediately taken offline. Some of the existing backups were outdated or also infected – and therefore worthless.
Impact:
- Ransom payment: 397.6 BTC (~€930,000)
- Downtime lasting several weeks
- Significant economic damage for thousands of customers
Lesson learned:
Backups must be protected against ransomware – e.g., through immutable storage or physically separate offline copies (Source: BleepingComputer).
Code Spaces (2014) – A company wiped out in hours
In 2014, an attacker gained full AWS admin access to the company Code Spaces. Within a few hours, he deleted all live data and all backups, including machine configurations and offsite backups.
Impact:
- Complete loss of all customer data.
- No recovery possible.
- The company was forced to cease operations immediately.
Lesson learned:
Backups located in the same control area as the production system are not protection. External and offline backups are vital for survival. (Source: eSecurity Planet).
Planning the right backup strategy: What are the key factors?
Source: freepik
A good backup strategy determines how quickly your shop will be up and running again after a failure. To ensure that backups work reliably in an emergency, you need clear goals, fixed processes, and regular checks. The key question here is: How much data can you afford to lose—and how quickly do you need to be back online?
RPO and RTO: The basis of any planning
Before you start thinking about storage locations or tools, two key figures should be defined:
| Term | Meaning | Example at maxcluster |
|---|---|---|
| RPO (Recovery Point Objective) | Maximum tolerable data loss | Daily backups → up to 1 day of data loss |
| RTO (Recovery Time Objective) | Time required to restore operations | Usually within a few hours |
These values determine how often backups must be performed and which procedures are suitable.
Offsite backups: Essential for real protection
Backups are only effective if they are physically separated from the live system.
The Hessian data protection authority expressly recommends external storage, as this is the only way to protect against attacks, encryption, fire, or other damage in the data center.
Backup tests: The most common weak point
According to The Data Protection Forum, more than 58% of restores fail – often because backups are damaged or have never been tested (source: The Data Protection Forum). This makes missing or insufficient testing one of the biggest weaknesses in many backup concepts.
Recommendation in practice:
- Perform a complete test restore at least once per quarter.
- Check backup logs regularly every day.
At maxcluster, we go well beyond this:
We check at least every other day whether the entire backup chain can be fully restored. This ensures that backups are not only available, but also actually work in an emergency.
What a solid backup strategy entails
A robust backup plan should include at least the following:
- Clearly defined RPO and RTO values
- At least daily backups
- At least one external copy
- Regular restore tests
- Encrypted and protected backups
- Documented responsibilities
You can find a detailed overview in the blog article “IT Security: Backups of Web Applications (Part 3)”.
Backups at maxcluster: How we back up your data
Source: freepik
Data is at the heart of every online shop. Orders, customer data, and product information must be available at all times—even in the event of a technical error, security incident, or outage. That's why maxcluster relies on a backup concept designed for security, reliability, and clear transparency. Many processes run fully automated in the background so you can focus on your business.
Security
Backups are stored on a dedicated, isolated backup infrastructure at maxcluster and are encrypted by default. Access is strictly regulated and reserved exclusively for authorized employees. For an even higher level of security, additional protection mechanisms such as MFA, encrypted database backups, and—from February 1, 2026—immutable backups are used.
| Topic | maxcluster | Other providers |
|---|---|---|
| Encryption: Data should be encrypted both in transit and at rest | AES-256 in Galois/Counter Mode (GCM) combined with HMAC-SHA256 for data authentication | Usually not guaranteed and must be requested explicitly |
| Access control: Only authorized personnel should have access to backup data (e.g. role-based access control) | From 01/02/2026 | Typically not available at smaller hosting providers with fewer than 100 employees; must be requested explicitly |
| Authentication: Ideally multi-factor authentication for administrative access | From 01/02/2026 | Typically not available at smaller hosting providers with fewer than 100 employees; must be requested explicitly |
| Immutable backups: Cannot be deleted or manipulated by malware or attackers | From 01/02/2026 | Usually only available from specialized providers; not offered by most hosting companies |
What this means
These security mechanisms ensure that backups remain unchanged even in the event of attacks, operating errors, or ransomware. This means that data backup at maxcluster achieves a significantly higher level of protection than with traditional hosting providers.
Automation & Reliability
One of the most common causes of failed restores is damaged or incomplete backups. To prevent this, maxcluster relies on clearly defined backup windows, automated monitoring, automatic error correction, and regular integrity checks.
All backups are performed outside of peak load times. Failed backups are automatically restarted, and each backup is checked for consistency. In addition, we test every 48 hours to ensure that the entire backup chain—consisting of daily and differential backups—is fully recoverable.
| Topic | maxcluster | Other providers |
|---|---|---|
| Automation: Backups should be performed regularly and automatically (e.g. daily or hourly) | 24h | Daily backups are available at most hosting providers |
| Scheduling: Consistent backup time windows (e.g. outside peak traffic periods) | Yes | Yes |
| Monitoring: Monitoring of all backup processes with notifications in case of errors or failures | Yes, in case of missing or failed backups | Reality: Often unclear or limited to an email notification to the customer; no direct remediation by the provider |
| Wiederherstellungstests: Regelmäßige Tests, obRestore testing: Regular tests to ensure data can be restored correctly, including integrity checks for databases and search engine datasich Daten korrekt wiederherstellen lassen. Integritätsprüfung von Daten, Datenbanken und Such-Engine Daten | Integrity checks of DBMS backups every 48 hours; full backup chain verification due to differential backups | Offered by Veeam, Acronis, Commvault (not based in Germany) |
What this means
With maxcluster, backups are not only created, but also continuously checked. This ensures that they actually work in an emergency – a crucial difference to backups that merely “exist.”
Fast and flexible recovery
When a failure or error occurs, the speed and precision with which a shop can be restored is crucial. maxcluster offers several restore options that can be flexibly adapted to the situation at hand: from individual files to complete file systems to databases and search engine data.
From February 1, 2026, offsite backups at a second location will also be available – a central component for emergency and recovery concepts in the event of fire, power failures, or major infrastructure problems in the data center.
| Topic | maxcluster | Other providers |
|---|---|---|
| Recovery speed: Fast recovery times (RTO) or processes (RPO). Efficient processes and technology to restore data quickly | Ja | Partially available |
| Recovery flexibility: Self-service options for restoring data to speed up the process | Yes (restores only to the original cluster) | Usually limited to full filesystem restores |
| Granularity: Ability to restore individual files, entire systems, or databases | Yes | Usually not available |
| Snapshots: Support for point-in-time snapshots of the data set | No | Yes, usually available |
What this means
Restores are targeted and do not cause unnecessary downtime. Instead of having to reset entire systems, only the affected areas can be restored—a clear advantage over providers that only offer complete file system restores.
Storage locations & redundancy
Backups are only reliable if they are stored separately from the live system. maxcluster operates a dedicated backup infrastructure for this purpose and will supplement it with offsite backups at a second location from February 1, 2026. This provides additional layers of protection that also take effect in the event of major infrastructure or data center problems.
| Topic | maxcluster | Other providers |
|---|---|---|
| Offsite backups: Storing data at a separate physical location (e.g. cloud or a second data center) | From 01/02/2026 | Usually not available |
What this means
Even in the event of fire, water damage, or a complete failure of the primary data center, your data remains protected and recoverable.
Storage & Compliance
Backups are stored for 14 days by default at maxcluster. Longer retention periods can be defined flexibly – from the end of Q1/2026 directly in the Managed Center. Until then, we will set up individual retention policies on request via our service. GDPR-compliant deletion and complete audit logs for all backup and restore processes are already available today.
| Topic | maxcluster | Other providers |
|---|---|---|
| Retention policies: Definition of how long different types of data are retained | Yes, default 14 days | Yes |
| Deletion concepts: Ability to delete outdated or no longer required backups in a GDPR-compliant manner | Yes | Yes |
| Audit logs: Logging of all backup and restore activities for traceability | Yes | Usually not available |
What this means
This allows internal documentation requirements and external inspections and audits to be fulfilled completely and transparently.
Integration & technical depth
The backup processes at maxcluster are designed to fully cover the specific requirements of modern e-commerce systems. This includes consistent backups of databases (MySQL/MariaDB via Percona XtraBackup or mariabackup) as well as search technologies such as Elasticsearch and OpenSearch. In the Managed Center, you also get detailed insights into backup status, times, and storage consumption.
| Topic | maxcluster | Other providers |
|---|---|---|
| Database backups: Dedicated support for MySQL and MariaDB | Yes, via xtrabackup or mariabackup | Usually not available |
| Search engine backups: Dedicated support for Elasticsearch and OpenSearch | Yes | Usually not available |
What this means
This means that not only files are backed up, but the entire shop stack—including all central components that are crucial for the performance and functionality of an online shop. The advantage: this complete backup significantly reduces recovery time in the event of an emergency.
Transparency & Reports
Transparency is a key requirement for reliable backup processes. maxcluster provides complete logs, notifications, and clear dashboards so that all backup and restore processes can be tracked at any time.
| Topic | maxcluster | Other providers |
|---|---|---|
| Notifications: Alerts for failed or faulty backups | Yes | Usually not available |
| Reporting: Clear reports on backup status, storage usage, number of backups, etc. | Yes | Usually not available |
| Dashboards: Graphical interface for management and overview | Yes | Yes |
What this means
Administrators maintain an overview of all backup processes at all times—without manual checks or uncertainties.
More than just a backup
At maxcluster, data backup is not an optional feature, but a central component of the entire platform architecture. Automated processes, strong encryption, regular integrity checks, granular restore options, and—starting February 1, 2026—offsite and immutable backups ensure that your shop remains reliably protected even under demanding conditions.
You can find more details in our article: “maxcluster Backups and Failure Protection.”
Conclusion
Backups are one of the most important building blocks for protecting online shops from data loss, downtime, and costly disruptions. Real-world examples clearly show that missing or insufficient backups not only jeopardize sales, but can also destabilize entire business models in the event of an emergency.
To ensure that shops remain operational even under high load, in the event of errors or attacks, a backup strategy is needed that is regularly reviewed, contains clear RPO/RTO specifications, and covers multiple storage locations. This is exactly where maxcluster comes in: with automated and encrypted backups, regular integrity checks, flexible restore options, and advanced security mechanisms such as MFA, immutable and offsite backups.
Reliable data backup is therefore not an optional extra, but a central component for availability, stability, and long-term success in e-commerce.
