Car insurance is a necessity that we take out but hope we will never have to rely on.
Data protection falls in the same category. Historically referring to backup and recovery, as the nature of the threats to our data and hence BC evolved in recent years, data protection strategies have come to also encompass data privacy and cybersecurity measures. The sudden and rapid increase in remote working in 2020 further changed and amplified the challenges around the protection of company data, with significant impact on this industry. With insights from industry experts, this article looks at how data protection across the board has evolved in the recent past and what it may look like in the future.
To start, let’s take a step back to the data protection industry throughout 2020, the year of lockdowns, zoom bombing and quarantinis.
Veniamin Simonov, director of product management, Nakivo, Inc. tells us why the market has grown during this time: “Given the challenges presented by the Covid-19 pandemic, overall demand for data protection solutions has increased. Most SMBs and enterprises now use a broader set of IT tools, in response to the issues they faced through 2020. The requirements to have data protected have been amplified by an ongoing trend of moving business apps to the cloud, and by the recent shift towards remote work.“
Besides growth, Alexander Ivanyuk, technology director, Acronis International GmbH, sees a change in the breadth of data protection solutions: “As a significant portion of the workforce started to operate remotely, data protection on the edge became critical and moved from simple backup to cyber protection.“
Summing up the challenges of this time perfectly is Eric Polet, product marketing manager, Spectra Logic Corporation: “In the last 12 months the data protection market has changed as the pandemic swept through the world. The percentage of people who work in home offices has increased and IT organisations have had to re-examine their data protection plans to fortify vs. an increase in ransomware attacks and other security breaches made possible due to the vulnerabilities created by the unanticipated move from onsite to virtual work.“
Paul Speciale, chief product officer, Scality SA, offers his insights into some of the drivers behind the growth in this industry: “Longer-term data retention and regional sovereignty are critical today: companies are retaining data for longer, for reasons often related to regulatory compliance but also due to the value and insights that historical data can provide. From a data protection perspective, we see customers demanding multi-year protection of standard backups of databases, applications, document repositories and more. This has driven further increases in demand for effective long-term scalable and cost-effective storage, and this has also boosted the adoption of scale-out object storage solutions.“
IT organisations have a double challenge on their hands: they need to ensure that all corporate data is secure from both a backup and a security breach point of view, no matter where it resides.
Nakivo’s Simonov comments: “Sometimes it’s a challenge to backup the computers of remote workers. There can also be situations when remote employees are relying on outdated software with known vulnerabilities while accessing corporate networks. To address these issues, organisations should review and improve their security policies, and reconsider their networking structure. They can also adjust the access rights of user groups and specific users.“
A remarkable 31% of companies are attacked by cybercriminals at least once a day, according to the Cyberthreats Report 2020 by Acronis.
Of these attacks, Ivanyuk says: “Ransomware is still the biggest threat organisations are facing in terms of data protection.” The study reports that more than 1,000 companies had their data leaked after ransomware attacks.
Scality’s Speciale agrees: “Ransomware is a rampant threat globally, across industries from government to healthcare. In response to this, we have seen the emergence of true ransomware solutions in the form of data immutability assurance capabilities from leading data protection and storage vendors.“
Immutability, where data or objects are not modified after they are created, is a critical tool in the fight of ransomware attacks.
The current working-from-home trend may remain after restrictions are eased or even lifted altogether, meaning that IT organisations must put in place long-term data protection strategies that will cover this new working approach.
According to Aron Brand, CTO, CTERA Networks, Ltd: “Becoming more distributed creates higher demand for data protection, particularly amidst our situation of massive ransomware and supply chain attacks like the SolarWinds one. These are causing a shift in attitude of network administrators towards data protection: local networks, traditionally considered a ‘trusted haven’ for storing data, with lax levels of internal isolations, are now proving to be dangerous places with local threats lurking and attempting to spread laterally, attempting to steal or encrypt your data.“
Spectra Logic’s Polet adds: “Many organisations are re-thinking their use of on-premise tape storage as a safeguard vs. ransomware because tape provides an air gap. Ransomware cannot infect tape media as it is out of the network stream.“
An ‘air gap,’ whether physical or virtual, is essential.
Half the battle of data protection is convincing workers of its importance. But, as Scality’s Speciale reflects, the effort of setting up an effective remote working strategy throughout the last 12 months has gone some way to countering an often lax attitude to data protection: “End users are now certainly more aware that their own attitudes and behavior’s need to change to ensure their own data is protected. Highlighting once again the increasing threat of ransomware, and the fact that major breaches are so highly publicized; it is clear that users understand the threats to their data. We see that in many companies: users are now mandated by corporate IT to become more responsible for best practices in security and to enable automated data protection strategies to protect themselves.”
As the workplace becomes more and more remote, “The demand for data protection covering workstations and cloud applications such as Microsoft 365 and Google Workspace, is going to increase,” according to Nakivo’s Simonov. “Besides, we can expect a growing need for security features and resiliency in different networking environments. Hardware-based backup appliances are likely to obtain more hybrid features, such as securely storing a second copy of the backup data in a public cloud.“
CTERA’s Brand agrees that distance is a key theme of 2020: “The workforce is becoming more distributed, a trend that has been accelerated by COVID. Companies are becoming much more comfortable and even see the benefits of physical distance between employees. To accommodate this social distancing, organisations now need a more flexible storage solution where employees and workloads can access data equally well wherever they are: in HQ, small remote branch office, at home or on VDI. This means an edge-to-cloud file services solution with edge nodes that overcomes latency and connectivity challenges.“
That is the current situation: so what about the future? From a threat protection standpoint, the Acronis Cyberthreats Report predicts that attacks on remote workers will continue to grow. Home offices, personal networks and devices are typically far less secure than office IT environment, and more challenging for organisations to monitor and protect. This presents a risk not only the remote workers’ data, but also their organisations’ data. Although cloud is praised as a secure method to store data, poor configurations in rushed preparations for remote work can result in unwanted data leaks.
There are exciting developments too, and one in particular enthuses Ivanyuk: “We will see the usage of AI and blockchain in more scenarios, but there is still more to be done especially in terms of adoption. AI can help greatly in data classification, smart data search, and data protection too of course.“
Scality’s Speciale foresees cloud services helping with data protection, adding: “We see the emergence of both hybrid-cloud and cloud-native, Kubernetes-based data protection solutions as an exciting new trend, with the potential to create entirely new categories of solutions that fit naturally into these new models of infrastructure.“
Hybrid architecture uptake is forecasted by CTERA’s Brand, who also thinks that Zero Trust, where strict access controls are maintained and it is assumed there are malicious actors within your internal network, will be vital in the coming years: “The combination of increased internal risks with a flatter, more geographically distributed corporate structure, will accelerate the change towards new, hybrid-cloud IT architectures redesigned for ‘Zero Trust’ from the ground up. In this hybrid architecture, edge caching devices remain, locally containing the small fraction of ‘hot’ data at each specific edge location. Edge locations are nearly stateless, minimising the threat of data theft, and allowing recovering extremely quickly from site failure without requiring lengthy data restore procedures.“
Nakivo’s Simonov points out a few positive trends within this highly-competitive industry: “Several vendors have started to offer packages that include adjacent IT solutions, for example monitoring, security, or networking, along their core data protection products. Other vendors have started providing low-cost cloud storage for backup data.” He continues: “The most important factor is high competition, which makes data protection more affordable for the end users, while adding extra value and expanding coverage on features and protected platforms.“
Changes in data protection technologies and strategies, especially those due to external factors such as the Covid-19 pandemic, will be more permanent than we may think. GDPR has already made its mark and the impending decision on the post-Brexit adequacy agreement between the UK and Europe following Brexit will further impact this industry.
2020 has brought a marked shift in mindsets among vendors and end users, as well as new challenges in terms of data protection for an unforeseen remote workforce. The business of protecting vs. data loss and data breaches continues to evolve and is likely to see a resurgence as a priority topic in boardrooms around the world. From human errors to increasingly sophisticated cyber threats, in the coming months and years organisations will need to ensure that their BC plans are solid and regularly tested and updated, ready to effectively take on any issues that will come their way.