#32 - From The Trenches - Backups, Ransomware & Service that Answer (William Oppenheimer)

In this episode of From the Trenches on the BMK Vision Podcast, Josh Peterson sits down with William Oppenheimer, CEO of Enveloc, Inc., for a grounded conversation about a truth MSP owners only learn the hard way: backups are not a “set it and forget it” task—they’re a leadership discipline.

This is not a debate about which platform has the biggest logo or the loudest marketing. It’s about what actually protects a client when the moment arrives: whether the data is encrypted end-to-end, whether the restore path is realistic under pressure, whether the reporting is transparent enough to prevent silent failure, and whether a human picks up the phone when the business is on fire.

If you’re an MSP owner who wants fewer surprises, cleaner restores, and a service model that can withstand ransomware, turnover, and growth, this episode will resonate.

What makes backup and recovery a leadership decision—not an IT checkbox?

Short answer: because backup is where operational truth shows up. You’re either building a business that can absorb disruption, or you’re building a business that looks stable until the day it isn’t.

William’s story begins in 1995 with a simple misconception—“doesn’t the computer back itself up?”—and it ends with a modern takeaway: the tools have evolved, but the failure mode hasn’t. Most disasters still come from quiet drift: a path changes, an app relocates data, a policy isn’t updated, or a report gets ignored long enough that “we think we’re safe” becomes “we were never safe.”

In other words, backup is not just technology. It’s governance: clarity on what matters, proof it’s protected, and a plan to restore it.

• Backups fail most often through inattention, not lack of tooling
• Restore readiness is the real deliverable—not “backup completed” logs
• Service discipline (reporting + response) is part of the protection model

The MSP problem this episode solves

Many MSPs deliver “backup” as a line item, but operate it like background noise. That works—until it doesn’t. And when it breaks, the cost is never just technical. It’s reputational, contractual, emotional, and financial.

This episode addresses three common MSP challenges:

• Assuming backups are healthy because “nothing has screamed lately”
• Living with limited visibility into what’s actually protected (and what quietly isn’t)
• Treating restores as rare events instead of the defining moment of the service

William reframes the target: the goal is not to run backups—it’s to reduce uncertainty. The best backup posture is the one that makes the next incident boring.

Backup compliance vs. restore readiness

Backup compliance is: “a job ran.”

Restore readiness is: “a business can operate again.”

The difference is huge—and it’s where mature MSPs separate from reactive ones. Restore readiness demands evidence: predictable reporting, exceptions that surface early, retention that protects against delayed discovery, and periodic test restores that validate the entire path (not just a file count).

William lays out a practical cadence: daily, color-coded reporting for MSPs to scan quickly, and a deeper annual (or industry-driven) review to confirm you’re capturing what the client would actually need during a real recovery. It’s not about heroics. It’s about reducing the number of “unknown unknowns” in your client environments.

Ransomware changes what “safe backup” really means

Ransomware doesn’t just target production systems—it targets the confidence layer. If the attacker can reach what you rely on to restore, then your “backup strategy” is often just a delayed failure.

This episode highlights a strategic principle MSPs should internalize: resilience requires separation. That may be physical, logical, procedural, or a combination—but the intent is the same. If malware can enumerate, encrypt, or destroy the recovery path, your only remaining strategy is negotiation.

William’s discussion of keeping certain backup media effectively invisible to the operating system points to a broader leadership takeaway: “offsite” and “cloud” are not synonyms for “protected.” The question is whether the restore source is reachable in the same blast radius as the incident.

Support is part of the backup product

MSPs often evaluate vendors on features and price—until the restore window arrives. Then the only KPI that matters is speed-to-competence: can you reach a skilled human immediately, and do they have the urgency and clarity to guide a real recovery?

William competes with larger providers by leaning into an old business advantage that still works: responsiveness. The “2 a.m. human” isn’t a nice-to-have. For the MSP, it’s risk transfer. It’s the difference between a solvable incident and a long weekend that scars a client relationship.

The lesson for MSP owners is uncomfortable but useful: a vendor’s support model becomes your support model the moment you resell them.

A channel model that aligns with MSP economics

William also gives a candid look at what it takes to earn a place in an MSP stack when “we already have a backup provider” is the default answer. His approach is patient and realistic: be the second favorite vendor, build trust over time, and win the account when the incumbent fails to meet the moment.

That maps cleanly to an MSP’s own world. Most MSPs don’t lose clients because of a single outage—they lose them because of accumulated disappointment. Backup vendors are no different. The relationship is won or lost in the gap between promise and restore reality.

Episode highlights

• Why “the computer backs itself up” is still the core misconception MSPs fight
• Daily, exception-based reporting that prevents silent backup failure
• How to think about test restores as operational governance, not a technical chore
• Ransomware resilience and the value of separating the restore source from the incident
• Why the quality of human support is often the true differentiator
• A practical view of MSP channel programs: referral vs. resale economics
• How AI tools (like ChatGPT) are accelerating development and problem-solving

About the guest: William Oppenheimer

William Oppenheimer is the CEO of Enveloc, Inc., a backup and restoration software company focused on encrypted protection, practical restore paths, and responsive human support. With decades in data protection, William brings a rare blend of technical depth and operator clarity—anchored in the idea that good backup is ultimately measured by how quickly a business can return to normal.

Connect with William Oppenheimer on LinkedIn →

Frequently asked questions

What should MSPs prioritize most in a backup solution?
Prioritize restore readiness: end-to-end encryption, clear reporting with exceptions, retention discipline, and a restore path you can execute under pressure.

How often should MSPs perform test restores?
At least annually for most environments, and more frequently for regulated or high-change client systems. The goal is to validate the entire restore process—not just confirm backups exist.

Why do backups fail even when “jobs are successful”?
Because what’s being backed up can drift over time (paths change, apps relocate data, policies aren’t updated). Without visibility and review, “successful” can still mean “missing what matters.”

How does ransomware change backup strategy for MSPs?
It forces separation. If malware can reach the restore source, it can destroy the recovery plan. MSPs should ensure the restore path is outside the incident’s blast radius.

Is vendor support really that important for backup?
Yes. Your vendor’s support becomes your client experience during a restore. Immediate access to competent humans is often the difference between a contained incident and a relationship-breaking outage.

What reporting should an MSP expect from backups?
Daily, client-by-client reporting that shows what ran, what protected data changed materially, and which exceptions require action—ideally in a format that makes problems obvious at a glance.

Related resources from Bering McKinley

• How ConnectWise consultants execute your disaster recovery plan
• Navigating compliance challenges with MSPs

Want to continue the conversation?

If you’re an MSP owner who wants to reduce uncertainty, strengthen restore readiness, and build an operating system that supports disciplined execution, explore the Vision operating system or apply to be a guest on the podcast.

👉 Apply to be on the BMK Vision Podcast
👉 Learn more about Vision