APAC buyer’s guide to backup and recovery software

Key capabilities

Ransomware protection: With backup systems being the last line of defence when production systems get compromised, and the catch-all repository that maintains secure copies of critical applications and data, more suppliers are increasingly baking threat detection and threat hunting capabilities into backup and recovery software, says Gartner senior director analyst Chandra Mukhyala.

Rubrik, for one, has developed threat-hunting capabilities that scan backups for traces of ransomware. The capabilities integrate with Palo Alto Networks’ Cortex security orchestration, automation and response (Soar) platform to help security teams recover from attacks faster and reduce the chance of reinfection.

Veritas also offers ransomware protection capabilities through NetBackup 10, which provides automatic malware scanning during backups and prior to restores to ensure infection-free recovery of data.

Lucas Salter, general manager for data protection solutions at Dell Asia-Pacific and Japan, notes that when a cyber attack occurs, there are generally a lot of unknowns. Intelligence in an isolated recovery environment, he says, will ensure that an organisation can identify what has happened, what data is impacted and where their last known good copy of data is.

“In a sophisticated cyber attack – and let’s be realistic, they are only going to get more sophisticated – the ability to ensure you have the last known good copy of data quickly can be the difference between an organisation’s business viability and their ability to serve their customers,” he adds.

Further, with the increase in cyber threats attacking backup data to render an organisation’s ability to recover useless, the integrity of data becomes paramount.

“Therefore, immutability of the backup data and the infrastructure it resides on has become increasingly important today,” says Salter. “This is particularly important when leveraging the opportunities available in public cloud, as you are not always in control of the infrastructure you are using, but you are always responsible for your data.”

Isolation: Backup data should be isolated from the production network, says Salter, adding that the data should be stored offline in an isolated data vault, or in an isolated recovery environment.

“Tape is not recommended as it does not allow fast recovery – and with integrity – in the event of a cyber attack,” he adds. “Isolation means proper isolation, where the data plane and management plane are separate. The data is pulled into the vault, not pushed from production, and automation is leveraged to reduce the human interaction.”

Public clouds have also become a destination of choice for backups. A Dell-ESG study found that many organisations are favouring emergent best practices, such as restoring from air-gapped and isolated protection storage or restoring from an immutable or gold copy of data.

“This means that IT leaders will be looking for these capabilities in their current and future backup solutions which must be hybrid to support on-premise, cloud-only, or a combination of deployment topologies,” says Salter.

SaaS workloads: The growing use of SaaS applications such as Microsoft 365 and Salesforce is driving the need to protect data sitting in those clouds. SaaS data has the same challenges that on-premise data has always faced: accidental or malicious deletions, data corruption, and ransomware.

While there are several point products designed just for protecting SaaS applications, backup applications that protect both on-premise applications and SaaS applications are preferred. The most common SaaS applications protected by backup and recovery software are Microsoft 365, Salesforce and Google Workspace.

Emerging backup and recovery software suppliers such as Veeam have been strong in protecting SaaS workloads, while others such as Veritas had been slow to offer comprehensive ransomware protection, SaaS and cloud native backups until recently.

In 2021, Veritas acquired HubStor, which specialises in protecting SaaS applications, paving the way for improvements in its cloud and ransomware protection capabilities.

Hyperscale cloud applications: Protecting on-premise applications that now sit in public cloud infrastructure is relatively straightforward. But dealing with containerised applications will require specific capabilities, such as protecting orchestrated Kubernetes clusters and the ability to adjust backup policies for containers.

To address that need, Veeam acquired Kasten, a purpose-built product for protecting stateful containers, in 2020, opening new market opportunities for the rapidly growing supplier.

Gartner notes that Veeam has been a popular choice for protecting virtualised environments because of its offering’s ease of use and its simple licensing relative to other products in the market.

“The addition of support for physical workloads, including NAS [network attached storage], and continued integration with external storage systems, public cloud, containers and SaaS, increased Veeam’s total addressable market, enabling it to capture share from vendors with more complex products,” it says.

Veritas has also been eyeing Kubernetes workloads through NetBackup 10, which provides multicloud cross-platform recovery, allowing users to recover the data they want to any Kubernetes distribution.

NetBackup 10 also provides content-aware, granular flexibility that delivers rapid restoration of clean data and expands support for immutable storage, from Amazon S3 to Microsoft Azure Blob Storage.

Backup as a service: With a focus on business growth and agility, IT teams are moving away from deploying and managing infrastructure to providing as-a-service offerings. “Backup and recovery delivered as a service offers unified management seamlessly, eliminates complexity and creates cost efficiency with a pay-as-you-consume model,” says HPE’s Yang.

In backup as a service, offered by backup software suppliers or through a managed service provider, IT teams do not have to install and manage backup applications and backup storage. Instead, they can focus on ensuring that the right policies exist for applications to be protected, as well as the length and frequency of the protection, says Mukhyala.

HPE’s GreenLake and Zerto, for example, provide continuous and secure data protection, enabling automatic backups without complexity, and enabling data to be recovered within minutes. “Zerto and HPE Backup and Recovery Service also offer data immutability – another key aspect of ransomware protection – which prevents any malware encryption and modification or deletion of backup data,” says Yang.

Data reuse: Backup data can be used for other things besides data protection. As backups mirror the state of production environments, they can be used not only for threat detection, but also for application testing and development, analytics, information governance and regulatory compliance.

Mukhyala notes that the key capability required to enable data reuse is to live mount a snapshot of backup data as opposed to accessing production data, thereby avoiding any performance impact to production data.

Challenges in backup and recovery

Andy Ng, vice-president and managing director for Asia South and Pacific region at Veritas Technologies, says many cloud and SaaS providers today offer in-built data protection as an add-on, and many data protection companies specialise in protecting specific environments or workloads.

These different tools, he says, “significantly complicate the process of restoring data in the wake of an attack, as administrators grapple with multiple tools and platforms, making it harder to enforce consistent and comprehensive backup policies”.

There is also the challenge of protecting next-generation workloads, such as big data applications that require faster storage and highly scalable architectures to support the massive amounts of unstructured data and performance required to analyse all that data.

“Traditional, single point data protection solutions simply can’t scale, creating performance bottlenecks and slowing down the adoption of emerging workloads,” said Ng.

“Organisations should consider incorporating flexible, scale-out data protection deployment solutions to quickly support new advancements in big data, open source and hyperconverged architectures and eliminate the need to forecast capacity needs and provision in anticipation of future growth.”