Better safe than sorry?

Is the data storage industry banging its head against a brick wall in its attempts to promote backup and data protection with initiatives such as the recent World Backup Day? Storage magazine gathered the thoughts of a selection of experts from across the sector

As governments around the world continue to issue warnings about the increased risk of cyber attacks in light of ongoing tensions and uncertainty, keeping data secure, recoverable and actionable remains a top business priority. In fact, Gartner predicts that 70 percent of chief executive officers are expected to mandate 'a culture of organisational resilience' by 2025 to protect against coincident threats from cyber crime and other unexpected events. To achieve this resilience, organisations are re-evaluating their protection strategies and increasingly are leveraging the cloud for its proven scale, security, and capabilities that help safeguard data and reduce cyber risk.

"The rise in cyber attacks fueled by the geopolitical landscape remains a top concern for tens of thousands of organisations," comments Ash Parikh, CMO, Druva. "As organisations navigate this challenging situation this World Backup Day, and every day, it is imperative their data, applications, and business remain resilient."

BACKUP ALONE IS NOT ENOUGH
But is having an annual World Backup Day actually making a difference, outside of being a cheerleading exercise for the industry itself? Adrian Moir, Technology Evangelist and Principal Engineer at Quest thinks that organisations need to have a wider scope: "Organisations need to focus on three different areas in relation to backup: proactiveness acquired through immutability and access control, shared cloud security responsibilities, and cost optimisation as data volumes skyrocket. Recovering data from a backup after a ransomware attack is the cure to the problem, but prevention will always be better than a cure. Data must be secured from both a data and an access point of view, which can be done through MFA, obfuscating data sets, encryption of data sets, immutable data, and more. With plenty of solution options out there, organisations should choose to provide the level of immutability and access control needed to proactively stop ransomware attacks before they happen."

Rashid Ali, Enterprise Solutions Manager at WALLIX says: "We are starting to see more businesses each year opting for the cloud as a way to replicate and secure their valuable data. In fact, more enterprises use the cloud for the purpose of backing up files and disaster recovery. And this is showing no signs of slowing down, with today's hybrid world only set to amplify this move. However, simply ensuring data backup is not enough, we need to see a greater focus on security. While cloud service providers have data protection embedded in their offerings, organisations are still accountable and we need to see a greater shift in focus on this. As more businesses embrace the cloud and we continue to move forward in an ever more hybrid world it is likely that cyber threats in the cloud will only grow. Organisations need to ensure they have peace of mind that their data is not only backed up, but that it is safe and secure. It is crucial that organisations step up their security practices and deploy a comprehensive zero trust model as we look forward, so that we ensure the security and integrity of cloud backups moving forward."

OUT OF SIGHT, OUT OF MIND?
So is a reliance on the cloud the best approach? Quest's Moir goes on: "Most businesses assume their data security is totally in the hands of their cloud providers, which can lead to unfortunate situations when data is not backed up. This is why organisations must follow the shared responsibility model, which discourages the 'out of sight, out of mind' attitude and reduces the risk of lost data. Unfortunately, those following the model struggle with backups, because data is stored in slow object Blob storage and the system is designed for the endpoint user-not the IT admin's backup experience. Going forward, we expect to see new approaches to API's that provide faster data restoration and give cloud customers more control and speed over their backups."

Brian Spanswick, CISO at Cohesity agrees that too narrow a focus on backup alone will not suffice: "Backup is a critical first step to data protection, but organisations must think strategically and strive for holistic cyber resilience, realising that backup is just one component of a much larger equation. Achieving true cyber resilience means developing a comprehensive strategy to safeguard digital assets, including integrated defensive and recovery measures that give organisations the very best chance of weathering the storm of a cyber-attack. Organisations should investigate a next-gen approach to data management that enables customers to adopt a 3-2-1 rule to data backups, ensure data is encrypted both at transit and at rest, enable multi-factor authentication, store data in an immutable file, and employ zero trust principles. Further, recent clean backups that can be quickly restored to a recent point in time delivers the business continuity required for organisations to not only prevent attacks, but continue to reduce the potential impact if breached."


"The shift to remote working completely transformed the way organisations protect and store their data. Today, there is a greater focus on protecting data no matter where it lives - on-prem, on the laptops of remote employees, in clouds and in SaaS applications. RTOs are increasingly shrinking in today's always-on world, with goals being set in hours-if not minutes." - Joe Noonan, Unitrends and Spanning

As we all know, the last couple of years have been unlike anything we've previously experienced in terms of working practices and managing data protection. Joe Noonan, Product Executive, Backup and Disaster Recovery for Unitrends and Spanning comments: "The shift to remote working completely transformed the way organisations protect and store their data. Today, there is a greater focus on protecting data no matter where it lives - on-prem, on the laptops of remote employees, in clouds and in SaaS applications. Recovery time objectives (RTOs) are increasingly shrinking in today's always-on world, with goals being set in hours-if not minutes. Cybercriminals have taken advantage of the remote and hybrid work environments to conduct increasingly sophisticated cyberattacks, and the data recovery process post-incident has become more complex due to new cyber insurance requirements. These new regulations include critical audits and tests that businesses must comply with in order to restore their data and receive a payout after an attack - which can slow down the recovery process."

With data protection becoming increasingly complex, more organisations are turning to vendors that provide what has been described as 'Unified BCDR', which includes backup and disaster recovery, AI-based automation and ransomware safeguards as well as disaster recovery as a service (DRaaS). As Noonan says: "Unified BCDR has become a necessity due to the growing amount of data organisations must protect and the increasing number of cyberattacks taking place against businesses of all sizes."

Automation too is increasingly seen as a vital component in modern data protection strategies. "Backing-up a large network can be a complex, time-consuming, repetitive, and mundane task, the approach must be to just keep calm and continue backing up or risk a major catastrophe such as losing business data through a cyberattack," says Chris Dyke, Sales Director UK & Ireland at Allied Telesis. "The answer is to auto-backup as part of an autonomous management framework. This will ensure that an incremental daily back-up of the firmware, configuration, and other files important to switch operation (such as scripts) are secured. They will always be instantly available if required to load onto a new network device or restore a current device. Auto-backup removes a time-consuming task from network admins and provides peace-of-mind with the knowledge that there is always a complete and up-to-date network back-up available."

TIME TO GET RID OF BACKUP?
Chris Addis, Vice President of Sales in the UK and EMEA at Nasuni has a very different perspective: "The vast majority of IT professionals we talk to want to get rid of backup and its associated headaches and challenges. Even in the age of cloud, cybersecurity threats associated with data such as ransomware are becoming more severe and frequent (one happening every 11 seconds), forcing businesses to think differently about their data infrastructure and give more consideration to disaster recovery plans. Traditional backup technology is evolving, but even cloud backup solutions have major flaws. The challenges don't end there. While centralised enterprise backup systems can ingest unstructured data from dozens or hundreds of sites, they typically utilise central media servers that dedupe and compress the data. When a single site goes down, that backup server can restore the data and access within a business day or so. But if an event impacts multiple locations, the central backup server can only manage a couple of location restores at a time, meaning that time to recover (RTO) can easily increase from a few hours to multiple days, even weeks."

Addis goes on: "That's why we've created a cost-efficient cloud replacement for traditional network attached storage and file server silos, consolidating file data in easily expandable cloud object storage. This way, enterprises can restore millions of lost files or folders in under a minute. Many of our customers across industries end up coming to us simply because they're fed up with their backup and the 'unglamorous' work that is required for it - by leveraging file data services they can eliminate the need for complex legacy file backup and disaster recovery infrastructure."

Candid Wuest, Acronis VP of Cyber Protection Research also feels that a holistic view is required: "Attackers don't discriminate when it comes to means or targets, so strong and reliable security is no longer an option, it's a necessity. As the entire world is increasingly at risk from different types of attacks, accelerating to universal all-in-one solutions is the only way to achieve truly complete cyber protection."

Jack Bailey, Director of Sales and Channel Enablement at iland agrees that simply deploying a backup product is no longer sufficient - attention needs to be paid to how resilient the whole protection process is: "With a ransomware event projected every 11 seconds in 2022 and the rise in the value of data, the need for secure, reliable backup will become even more critical for an organisation to leverage for mission critical restorations. As a result of this trend, Backup-as-a-Service (BaaS) growth is predicted to more than double in the next three years. Now more than ever, having an air-gapped/hardened backup target has become a must-have. Many ransomware varieties or malicious processes will attempt to delete or encrypt backup data. Ensuring your organisation's backups are protected from those threats is an absolute necessity."

Two years on from the start of the pandemic, business data continues to grow at an insane pace. As more and more data is needed to be stored and secure but available 24/7, this is having a dramatic effect on what organisations are demanding from their backup solutions.

ST