Worawut - stock.adobe.com
Car insurance is a necessity that we take out, but hope we will never have to rely on. Data protection falls into the same category.
Historically referring to data backup and recovery, as the nature of the threats to our data and hence business continuity evolved in recent years, data protection strategies have also come to encompass data privacy and cyber security measures.
The sudden and rapid increase in remote working in 2020 further changed and amplified the challenges around the protection of company data, with significant impact on this industry. With insights from industry experts, this article looks at how data protection across the board has evolved in the recent past and what it may look like in the future.
To start, let’s take a step back to the data protection industry throughout 2020, the year of lockdowns, Zoom bombing and quarantinis. Veniamin Simonov, director of product management at NAKIVO, explains why the market has grown during this time. “Given the challenges presented by the Covid-19 pandemic, overall demand for data protection solutions has increased,” he says.
“Most SMEs and enterprises now use a broader set of IT tools, in response to the issues they faced through 2020. The requirements to have data protected have been amplified by an ongoing trend of moving business apps to the cloud, and by the recent shift towards remote work.”
Besides growth, Alexander Ivanyuk, technology director at Acronis, sees a change in the breadth of data protection solutions. “As a significant portion of the workforce started to operate remotely, data protection on the edge became critical and moved from simple backup to cyber protection,” he says.
Summing up the challenges of this time perfectly is Eric Polet, product marketing manager at Spectra Logic, who says: “In the last 12 months, the data protection market has changed as the pandemic swept through the world. The percentage of people who work in home offices has increased and IT organisations have had to re-examine their data protection plans to fortify against an increase in ransomware attacks and other security breaches made possible due to the vulnerabilities created by the unanticipated move from on-site to virtual work.”
Paul Speciale, chief product officer at Scality, offers his insights into some of the drivers behind the growth in this industry. “Longer-term data retention and regional sovereignty are critical today,” he says. “Companies are retaining data for longer, for reasons often related to regulatory compliance, but also due to the value and insights that historical data can provide.
“From a data protection perspective, we see customers demanding multi-year protection of standard data backups of databases, applications, document repositories and more. This has driven further increases in demand for effective long-term scalable and cost-effective storage, and this has also boosted the adoption of scale-out object storage solutions.”
Today’s IT organisations have a double challenge on their hands – they need to ensure that all corporate data is secure from both a backup and a security breach point of view, no matter where it resides. NAKIVO’s Simonov says: “Sometimes it’s a challenge to back up the computers of remote workers. There can also be situations where remote employees are relying on outdated software with known vulnerabilities while accessing corporate networks.
“To address these issues, organisations should review and improve their security policies and reconsider their networking structure. They can also adjust the access rights of user groups and specific users.”
A remarkable 31% of global companies are attacked by cyber criminals at least once a day, according to Acronis’ Cyberthreats report 2020. Ivanyuk says of these attacks: “Ransomware is still the biggest threat organisations are facing in terms of data protection.” The study reports that more than 1,000 companies had their data leaked after ransomware attacks.
Scality’s Speciale adds: “Ransomware is a rampant threat globally, across industries from government to healthcare. In response to this, we have seen the emergence of true ransomware solutions in the form of data immutability assurance capabilities from leading data protection and storage vendors.”
Immutability, in which data or objects are not modified after they are created, is a critical tool in the fight against ransomware attacks.
The current working-from-home trend may remain after restrictions are eased or even lifted altogether, which means IT organisations must put in place long-term data protection strategies that will cover this new working approach. Aron Brand, CTO at CTERA, says: “Becoming more distributed creates higher demand for data protection, particularly amid our situation of massive ransomware and supply chain attacks, such as the SolarWinds one.
“These are causing a shift in the attitude of network administrators towards data protection: local networks, traditionally considered a ‘trusted haven’ for storing data, with lax levels of internal isolations, are now proving to be dangerous places, with local threats lurking and attempting to spread laterally, attempting to steal or encrypt your data.”
Spectra Logic’s Polet adds: “Many organisations are rethinking their use of on-premise tape storage as a safeguard against ransomware because tape provides an air gap. Ransomware cannot infect tape media because it is out of the network stream.” An air gap, whether physical or virtual, is essential, he adds.
Remote working strategy
Half the battle of data protection is convincing workers of its importance. But, as Scality’s Speciale reflects, the effort of setting up an effective remote working strategy over the last 12 months has gone some way to countering an often lax attitude to data protection. “End-users are now certainly more aware that their own attitudes and behaviours need to change to ensure their own data is protected,” he says.
“This highlights once again the increasing threat of ransomware, and the fact that major breaches are so highly publicised. It is clear that users understand the threats to their data. We see that in many companies, users are now mandated by corporate IT to become more responsible for best practices in security and to enable automated data protection strategies to protect themselves.”
As the workplace becomes more and more remote, says NAKIVO’s Simonov, “the demand for data protection covering workstations and cloud applications such as Microsoft 365 and Google Workspace is going to increase”. He adds: “Besides, we can expect a growing need for security features and resiliency in different networking environments. Hardware-based backup appliances are likely to obtain more hybrid features, such as securely storing a second copy of the backup data in a public cloud.”
CTERA’s Brand agrees that distance was a key theme of 2020. “The workforce is becoming more distributed, a trend that has been accelerated by Covid,” he says. “Companies are becoming much more comfortable and even see the benefits of physical distance between employees. To accommodate this social distancing, organisations now need a more flexible storage solution, where employees and workloads can access data equally well wherever they are: in HQ, in a small remote branch office, at home or on VDI. This means an edge-to-cloud file services solution with edge nodes that overcomes latency and connectivity challenges.”
So that is the current situation; so what about the future? From a threat protection standpoint, Acronis’ Cyberthreats report predicts that attacks on remote workers will continue to grow. Home offices, personal networks and devices are typically far less secure than the office IT environment, and more challenging for organisations to monitor and protect. This presents a risk not only to remote workers’ data, but also to their organisations’ data. Although cloud is praised as a secure method to store data, poor configurations in rushed preparations for remote work can result in data leaks.
But there are exciting developments too, and one in particular enthuses Ivanyuk. “We will see the usage of AI [artificial intelligence] and blockchain in more scenarios, but there is still more to be done, especially in terms of adoption,” he says. “AI can help greatly in data classification, smart data search, and data protection too, of course.”
Scality’s Speciale foresees cloud services helping with data protection, and adds: “We see the emergence of both hybrid-cloud and cloud-native, Kubernetes-based data protection solutions as an exciting new trend, with the potential to create entirely new categories of solutions that fit naturally into these new models of infrastructure.”
Hybrid architecture uptake is forecast by CTERA’s Brand, who also thinks that zero trust, in which strict access controls are maintained and it is assumed there are malicious actors within your internal network, will be vital in the coming years. “The combination of increased internal risks with a flatter, more geographically distributed corporate structure, will accelerate the change towards new, hybrid-cloud IT architectures redesigned for zero trust from the ground up,” he says.
“In this hybrid architecture, edge caching devices remain, locally containing the small fraction of ‘hot’ data at each specific edge location. Edge locations are nearly stateless, minimising the threat of data theft, and allowing recovering extremely quickly from site failure without requiring lengthy data restore procedures.”
NAKIVO’s Simonov points out a few positive trends within this highly competitive industry: “Several vendors have started to offer packages that include adjacent IT solutions, for example monitoring, security or networking, along with their core data protection products. Other vendors have started to provide low-cost cloud storage for backup data.”
He adds: “The most important factor is strong competition, which makes data protection more affordable for end-users, while adding extra value and expanding coverage on features and protected platforms.”
Changes in data protection technologies and strategies, especially those due to external factors such as the pandemic, will be more permanent than we may think. The General Data Protection Regulation has already made its mark and the impending decision on the post-Brexit adequacy agreement between the UK and Europe following Brexit will further affect this industry.
The year 2020 brought a marked shift in mindsets among vendors and end-users, as well as new challenges in data protection for an unforeseen remote workforce. The business of protecting against data loss and data breaches continues to evolve and is likely to see a resurgence as a priority topic in boardrooms around the world.
From human errors to increasingly sophisticated cyber threats, in the coming months and years, organisations will need to ensure their business continuity plans are solid and regularly tested and updated, ready to take on effectively any issues that will come their way.