Cyber Security and Resilience Redefining Today’s 100+ Disk-Based Backup Target Models

This report, published on November 9, 2023, was written by Jerome M. Wendt, CEO and principal data protection analyst, Data Center Intelligence Group LLC (DCIG)

Cyber Security and Resilience Redefining Today’s 100+ Disk-Based Backup Target Models

Until quite recently organizations largely defined disk-based backup targets by three characteristics. How fast they backed up data, their data de-dupe ratios, and the data protection protocols they offered and/or supported. While these attributes still matter, organizations increasingly prioritize new cyber security and resilience features when acquiring disk-based backup targets.

Ransomware casts spotlight on backups
Ransomware, perhaps more so than any other factor, has cast a spotlight on organizational backup processes. Backups no longer represent a mundane task that organizations must complete. Now organizations need confirmation of successful backups, that ransomware does not compromise them, and that they can recover them quickly.

Further, these new requirements will ideally accompany the de-dupe, performance, and data protection protocol features already available on backup targets. The challenge becomes how to deliver both these established and new features in a manner that meets today’s organizational expectations.

Providers have certainly made advancements in delivering more cyber security and resilience features to satisfy these desires. However, no offering yet checks all the boxes for delivering every established and new feature that organizations may want.

This has resulted in a generation of disk-based backup products that offer a mixed bag of features. Almost all disk-based backup targets, regardless of the provider, will ensure fast, successful backups. However, organizations will then need to determine which features, established or new, they want to prioritize in their disk-based backup target.

Offerings from established providers will better support de-dupe and data protection protocols. Offerings from new providers tend to better meet new demands for fast restores at scale and resilience. Cyber security remains in a state of flux with providers at various stages of implementing different aspects of it.

Initial insights into disk-based backup targets
As DCIG researches and prepares to release one or more TOP 5 reports on disk-based backup targets in 2024, here are some initials insights it has into these offerings.

Over 100 disk-based backup target models
Organizations, and large enterprises especially, may only view disk-based backup targets as being primarily available from Dell, ExaGrid, HPE, Quantum, and Veritas. However, the new demands for cyber security and resilience have spawned a wave of innovation. Both emerging and established primary storage providers have refocused their storage solutions to optimize them for backup. Enterprise storage providers such as Huawei, NetApp, and Pure Storage now specifically optimize their solutions for backup. This has also prompted new entrants into this space to include Arcserve, InfiniDat, Infortrend, iXsystems, Nexsan, Nimbus Data, Racktop Systems, and Vast Data. Each of these has at least one model and, in some cases, over a dozen models. This total does not even include the growing number of software-defined storage providers who now play in this space.

Implementations of cyber security features vary widely
Almost every disk-based backup target provider says its product includes cyber security features. That largely holds true. However, each product’s cyber security features may not match the needs of your organizations. For instance, most if not all products now offer data immutability. However, on at least one product, a backup it hosts does not become immutable until an hour after the backup completes. Other providers permit administrators to log into the product’s management console and change or delete immutable backups. This represents only one example of how providers implement cyber security features differently on their respective solutions.

Cyber security ≠ resilience
Organizations may equate a backup target’s cyber security features with resilience. While overlap exists between cyber security and resilience, one does not automatically encompass the other. For instance, cyber security does not automatically equate to fast restores or a highly available backup target. If anything, a cyber secure disk-based backup target may even delay restores and recoveries. Rather, fast restores and highly available fall more under the classification of resilience. This becomes problematic if organizations view those 2 features as prerequisites in their environment. In cases like this, they may need to make a trade-off between cyber security and resilience when selecting a backup target.

Cyber security and resilience redefining today’s disk-based backup targets
As these 3 initial insights from DCIG’s research into today’s disk-based backup targets reveal, their features have evolved significantly. Notably, organizations no longer prioritize data deduplication ratios in the same way they once did.

While they still matter, cyber security and resilience now emerge as new priorities in disk-based backups. This has led to multiple new entrants into this space of both existing and new players looking for a foothold in this space. Further, some have experienced success since they better deliver on the new cyber security and resilience features that more organizations prioritize.