On World Backup Day, industry experts discuss the need for agility in your data backup strategy
It’s World Backup Day. Here comes the annual reminder – back up your data to avoid losing it and making yourself an April Fool. Yes, you’ve heard it before. But what is different this year is the scale of change and uncertainty we’ve had to adapt to in the face of a global health crisis, regulatory developments, and now war in Europe.
To help you navigate your way to a successful backup strategy we have asked industry experts to pinpoint the main challenges IT teams are facing, and to shed light on which approaches are winning.
We create and consume data on levels that were until recently unimaginable. Most of this data is unstructured and is exposed to different threats, from disk failure and human error, to any kind of malware. Backup technology vendors have adapted to this by exploiting the power of cloud computing to build scalable products and services which go far beyond what traditional backup solutions looked like. Today, backup vendors have morphed into cybersecurity organisations that provide customers with advanced capabilities such as real-time antimalware protection and on-demand antivirus scans.
Omdia analyst Roy Illsley says, “the backup market has, over the past few years, seen a shift from mostly backing up VMs, to being more diverse and able to support different types of workloads from SaaS to cloud-native. Backup today is more inclusive.”
It stands to reason. The data we produce is more varied and complex. So, backup firms have to accommodate a wider range of business needs. Fred Lherault, chief technology officer at Pure Storage expands, “with modern approaches and technology such as open source, containerisation, DevOps – what is backed up has changed. For example, in the old world, an application was made of a few servers and maybe one or two big databases. Today, apps are running in microservices, they’re containerised, so organisations can’t point to one server and say this is where the app lies: back up there. Now, organisations need to have a data protection solution which understands the application make up, containerisation, and Kubernetes. It must be able to back up not just the data but also the container orchestration configuration and images that were used to deploy it.”
But according to StorOne’s chief marketing officer George Crump, backup software itself has seen significant innovation as now “modern software solutions can transfer data at much finer levels of granularity thanks to block-level and change-block backups.” Crumps explains that “the increase in granularity means that IT can increase the frequency of protection events to reduce RPO. They also have improved the ability to retain data much longer, thanks to advancements in their metadata management. Finally, software vendors have significantly improved recovery speed thanks to in-place recovery features that instantiate virtual machines and applications on the backup storage target.”
The sudden increase in the number of people working from home, prompted by the pandemic, left organisations scrambling to keep control of their data without regular on-premise backups cyber security network. As we temporary abandoned offices, the lines between our personal and professional lives blurred, throwing up a range of demands on organisations, primarily for “IT to ensure that data on laptops is well protected,” says Crump. Because “most users don’t store all their data in the cloud, it also requires procedures to back up data in the cloud, either to an on-premises copy or another cloud,” Crump added. But along the challenges, working from home has also led to new tools, processes, and IT strategies.
According to Lherault, “the trend for remote work and bring-your-own-device has made organisations implement thorough remote desktop and SaaS strategies, which help them ensure people don’t have data on their laptop which isn’t being backed up.”
Of course, the cloud is the backbone of remote work as cloud applications and services quickly helped organisations support their remote workforces, regardless of their geographical locations. The challenge goes beyond the fact that teams are no longer onsite. But the tech stack to support remote working has shifted, too. Teams, often working asynchronously, are now collaborating through Slack, meeting on Zoom, sharing Google Docs, and so on, filling the gap for in-person communications. “The shift towards remote work has accelerated cloud adoption by several years,” according to Veniamin Simonov, director of product management at NAKIVO, “which, in turn, has contributed to the adoption of cloud-based solutions, including backup ones.”
Krista Macomber, senior analyst on data protection and multi-cloud data management at Evaluator Group, elaborates on how the trend towards cloud-based services has impacted backup technologies. “We see backup software being developed on container/microservices architectures, so that they are more suited for delivery in the cloud.” The flip side, according to Macomber, is that, “cloud resources also need to be protected, so we’re seeing an emphasis on protection for SaaS applications like Office 365, for example.” Clumio’s co-founder and chief executive officer, Poojan Kumar, lays out how cloud adoption has completely changed backup technologies in three areas. “First, cloud backup technologies are facing unprecedented scales. One example is Amazon S3. You need billions of object scale and PB of data scale. Secondly, cloud backup technologies are facing deployments across many regions while providing a single pane of glass. Simplicity has to transcend regional boundaries. Thirdly, cloud backup technologies have to be delivered as-a-service. Not a piece of software that needs to be managed by customers on an ongoing basis.”
But has the rising adoption of the cloud model affected the cost of backup? “Absolutely,” says Pure Storage’s Fred Lherault, because “there may now need to be multiple data protection solutions to support the disparate environments. Organisations need to balance this with repatriation costs as bringing data back on premise can be prohibitively expensive.”
StorOne’s George Crump insists, “cloud adoption does not decrease the cost of backup. The cloud model lowers the upfront cost of protecting data, but you end up paying significantly more for your data protection over time.” Experts have slightly diverged opinions on the question, but most of them point the finger at consumption models; for Clumio’s Kumar, “the cloud model requires everything including backup to be consumption oriented. Pay for what you consume: no less, no more. No fixed costs. No licenses. No software to manage. No software to run. Not having to manage a backup software also frees up valuable IT resources that can now be dedicated to efforts that are core to your business. In summary, as-a-service and consumption-oriented solutions are table stakes to deliver the backup at the right cost given the scale and the cost structure of the cloud.” Lherault agrees, stressing that “flexible consumption models can have a positive impact on costs as they enable organisations to pay for consumption based on how often backups are performed and how much data is stored. This avoids an up-front outlay for capacity which will go largely unused for years.”
While backing up to the cloud has advantages, “many organisations turn to more traditional tape backup instead,” according to Peter Donnelly, director of products at ATTO Technology, who highlights several advantages including “long-term costs, data privacy and security, process assurance and control and, in some instances, regulatory considerations.” Lherault agrees that on-premises backup offers undeniable advantages, “another positive element of on-prem backup is data sovereignty: it means organisations know exactly where their data is, which lowers compliance and regulatory risk.”
The fast climb of cloud adoption combined with a more distributed workforce, has had an impact on cybersecurity, which traditional backup vendors are turning towards. “The traditional approach to enterprise security showed its age during 2021”, according to Aron Brand, CTERA’s chief technology officer, “with cybercrime estimated to inflict damages of $6 trillion per year globally. As if one pandemic was not enough, it seems that another has emerged at the same time. This one is called Ransomware.” With their work force based outside the ‘castle walls’, suddenly companies are more vulnerable, and the new remote model seems to have “broadened the attack surface, making it quite challenging to maintain cybersecurity policies,” NAKIVO’s Simonov says.
Spectra Logic’s product marketing manager Eric Polet makes a similar point, noting that “the expansion of our datasphere and the increasing risk of cyberattacks have exposed new vulnerabilities within organisations, forcing many to rethink their data protection strategies.” He explains that “attaining as close as possible to fool-proof data protection in today’s times, requires a tactical upshift in approach that extends beyond purely focusing on data protection, but also a thorough consideration of the organisation’s ability to be ‘data resilient’. The latter refers to the ability of data to ‘spring back’ once compromised, achieved by smartly leveraging cloud, tape and/or disk, managed by data lifecycle management software.” Curtis Anderson, senior software architect at Panasas, expands on cyberattacks in HPC environments. “Historically, as long as their systems were separated from the corporate LAN and the internet, HPC users didn’t worry about security. This meant that they could avoid the accompanying overhead of security solutions and drive as much performance into their HPC installations as possible. However, this is no longer the case due to two key trends: first, with the expansion of HPC use cases into manufacturing, big data analytics, AI, and ML, organisations need to integrate their HPC appliances into the rest of their infrastructures. Second, hackers are looking for more data-rich targets. Government labs, manufacturers, and other HPC environments, are often of national importance. In fact, the US Department of Energy found evidence that in December 2020 hackers had breached the National Nuclear Security Administration.”
For all the above reasons, backup vendors are widening the reach of their products by including cybersecurity features, to complement the more traditional backup offerings, and to enable their customers to put their data in air-gapped, vendor-managed storage vaults. “The need to provide ransomware protection has made backup and security more aligned and in demand,” according to Roy Illsley, though he adds that “the rise of cloud and the multi-availability zone approach has led customers to a false sense of data security; they believe the cloud providers include this, but in reality, they do not.”
So, is there still a need for on-premises backup solutions in this era of cloud adoption? “Data backups remain a key component in a hardy data protection plan and are a necessity in our data-driven world” according to Spectra Logic’s Polet. He adds that “with ransomware on the rise, backups of operational data are even more important as they protect against data loss and provide organisations with the ability to restore a system quickly to a previous state. In the past, backup technologies always included hardware such as tape. With the adoption of cloud and the advancement of technology, today’s backup technologies can include any combination of cloud integration as well as hardware and software.” Going back to traditional on-prem backup, ATTO Technology’s Donnelly makes the point that “aside from being a cost-effective solution, tape’s primary advantage is its physical immutability; data on a tape drive is not physically connected to a network when at rest, providing an ‘air gap’ that keeps backup data untouched during, say, a ransomware attack.” This is also the opinion of Paul Speciale, chief marketing officer at Scality, who argues that “the key to swift and simple recovery is immutable backups. We all know how vital backups are, yet to face the threats facing modern businesses today, immutability is essential. By making data immutable, i.e. impervious to deletion or modification as with offline tape storage, it is therefore also protected from malicious encryption and safe in the event of a cyberattack.”
So where are backup technologies heading, and what does the future hold for backup vendors? “Edge is the next battle ground”, according to analyst Roy Illsley. If we look at the most recent technology innovations, the explosion of sensor-based technology and AI is leading a demand for data at the edge. As always, backup will need to go where data goes. And so, Illsley explains, “how to protect it and understand the data and the relevance of it to backup is the next challenge.” Evaluator Group’s Macomber predicts that “we’ll see an ongoing emphasis on protection for Kubernetes and container environments, as well as SaaS applications.” She adds that “data protection vendors will continue to invest in the sophistication of their AI/ML and vaulting/air gapping capabilities for ransomware resiliency.” According to CTERA’s Aron Brand, “the term backup is becoming obsolete, as dedicated backup solutions that are built on the principle of periodical backups and user-initiated, time-consuming restore sessions, are being phased out for next-generation protected storage solutions that offer ransomware detection and instant recovery capabilities.”
More innovation is expected in backup technologies and solutions. Clumio’s Kumar believes there is plenty of potential in cloud-based backup “with the cloud, we can finally deliver on services running on top of your backup data to solve more advanced use cases like global search, data classification, and even machine learning and analytics. We’ve only scratched the surface.” NAKIVO’s Simonov expands on the idea, adding that “better automation and AI-based technologies will assist in detecting and preventing threats.”
CTERA’s Aron Brand concludes: “to be honest, I don’t like the name World Backup Day. I prefer to think of this day as World Disaster Recovery Day. The truth is that most organisations are giving way too much weight to backup and giving too little thought to their recovery process. You need to have a plan for how you’re going to recover your data and systems in the event of a disaster.” Indeed, today is the day to prevent data loss. Or, rather, the day to remind ourselves to do it regularly! HYCU’s founder and chief exec Simon Taylor says, “this World Backup Day, we are reminded of the global reality that backup and recovery and data protection are even more important than ever. With recent events in the Ukraine and the escalation of cybersecurity and ransomware threats, backup and recovery has gained first-class citizen status. Both have quickly become not just another piece of the technology puzzle or check box on a compliance list; they have become an important last line of defence for businesses, employees, and families.”