Organisations today are finding it difficult to manage growing volumes of unstructured data. They are also worried if traditional backup can still keep their data safe, and if the cloud is the best place to store their back up.
Moving into 2025, where should CIOs and tech decision makers spend their budgets? Sharing his insights with iTNews Asia on what their back up priorities should be, the challenges they face and how to overcome them, is Dave Russell, Senior Vice President and Head of Strategy at Veeam Software.
iTNews Asia: Has the surge in unstructured data – social media, digital photos, audio and video that are much larger and difficult to analyse – created new data storage challenges for businesses, particularly in the areas of data management, analysis, security, compliance and integration with structured data? What advice can you give to businesses?
Unstructured data has definitely become a massive headache for organisations. Not just because of the volume at which it’s being produced, but because it’s often spread across multi-cloud and hybrid-cloud environments and sometimes even trapped in data silos. This is classic data sprawl, and along with the common issues—complexity and cost—we are seeing difficulties arise with “data equality”, which has implications for how companies store and manage data at an enterprise scale.
We have to ask what makes a piece of data business-critical or sensitive and from there, figure out the kind of data we need to secure and protect, and how we’re doing it (i.e. data security policies). To provide an analogy, curation is what separates a museum from a trash heap. Unfortunately, all types of unstructured data often flows into a data lake with no classification, leading companies to have little visibility of the true value of this data. Data that should be protected isn’t, and data that can be left alone with little consequence is treated with too much care.
This leads to an even bigger problem: in the event of disruption, including cyber attacks, without knowing what data needs to be prioritised it’s almost impossible to figure out what needs to be restored first and when. This affects recovery point/time objectives, and the integrity of the data that can be restored. Data powers businesses today, and when we lose data, businesses stop, and the world stops. This also has a knock-on effect on compliance and data retention policies for unstructured data.
The thing is, the volumes of data we’re generating are not getting any smaller; it’s just upwards from here on, especially with how the AI models that businesses are increasingly adopting are trained on petabytes of unstructured data. There needs to be an alignment across teams on what makes a piece of data business-critical, or crucial for compliance reasons, but this has proven difficult, given the volumes of data that are generated every day.
Beyond the rather straightforward (and easier said than done) solution of ensuring that there’s alignment across teams on handling policies for sensitive unstructured data, there’s a starting point that companies can and should also look into. Beginning with their backup and security solutions can ensure better access, control and visibility across the spectrum of data in their organisation.
Having that conversation about whether data needs to be in hot storage or classified as cold or archive-class, especially for older or secondary backups, will steady the balancing act between retention and performance.
iTNews Asia: What are the critical areas that your customers in APAC are spending on their data storage and back up in 2024? Have their back up strategies and priorities changed over the past 12 to 18 months?
This year, we launched our Ransomware Trends Report for 2024, which I co-authored, and our APJ respondents indicated that they’re expecting budget increases of 6.3 per cent for cyber prevention and detection technologies, and a 6.2 percent increase in budget for recovery technologies such as backup and business continuity/disaster recovery (BCDR).
From what we see, this is fuelled by the concurrent increase in the frequency and volume of ransomware attacks. Between our 2023 and 2024 report, we’ve seen very little improvement in victims recovering from a ransomware attack – one in three actually lose both their data and money, even if they pay the ransom.
More customers are planning for failure, and they’re not only getting their cyber resilience posture aligned with best practices prior to an attack, but also investing in an incident response solution for this reason.
While investing in prevention, backup and recovery is simply table stakes nowadays, we are also keeping a close eye on how policies in the region are going to affect strategy and the regulatory environment. In many emerging markets, governments are in the process of determining what the response to ransomware attacks should be, or what is appropriate to legislate.
The Indonesian government has just made backups mandatory after a high-profile ransomware attack on its data centre, for example, which sets the stage for greater interest in managed Backup-as-a-Service (BaaS).
We’re seeing this play out on the ground in real time. When I visited some of our APAC markets recently, what kept coming up as a common denominator was the incredible uptake for solutions like managed BaaS for Microsoft 365/SaaS offerings. But APAC markets also vary in their level of understanding and data resilience maturity.
For example, Australia and India are some of our most mature markets, and our customers there tend to opt for more comprehensive protection for their data on SaaS platforms.
Other emerging or isolated markets like Japan are just starting to embrace the shared responsibility model when using SaaS platforms and understand that their provider is only responsible for keeping the infrastructure online and not protecting the data.
iTNews Asia: Are more of your customers now moving towards governance, preventing risks and building greater resilience?
Absolutely. Our core purpose is to power Data Resilience to keep every business running.
We believe strongly in how it’s more than just about backup or cyber security. At some point, you can’t keep beating off the attackers with sticks and swords, you’re going to want to build a fort, a moat, and a central chain of command.
– Dave Russell, Senior Vice President and Head of Strategy, Veeam Software
Over the years, customers with us have moved past thinking the attack on the data center perimeter is the real threat. Instead, they plan for failure and breach, so that they’re not just putting up a great defense, but they’re also constantly prepared to withstand attacks and disruption.
Data resilience can’t really be separated from data and corporate governance; it is the key to ensuring that when disruptions go beyond governance or risks mitigation measures, data is still available, and businesses keep running.
iTNews Asia: Would you agree – traditional backup can no longer keep pace with the evolving threat landscape, and data backup and cyber security are becoming increasingly intertwined?
Cyber security must now be an integral part of any data storage planning.
The rise of cloud has well and truly ushered in the next revolution of data storage and backup, and unfortunately, along with that, IT complexity and more severe ransomware threats as well. In this light, traditional backup is becoming obsolete. They’re unable to guarantee full protection and data resilience as they don’t account for isolated, immutable backups that can’t be altered or encrypted by malware.
In other words, there’s no safeguard for redundancy here, which is at the heart of the 3-2-1-1-0 Golden Backup Rule. Modern data protection operates by ensuring redundancy, which explains the greater adoption of cloud storage or hybrid solutions. Again, our latest Ransomware Trends report, cloud storage is gaining popularity as a replication stage, with 54 percent doing so, and 85 percent of respondents use cloud storage that can be made immutable.
What’s also changed over time is whose responsibility it is when data loss incidents happen. It’s not just an IT problem. Modern data protection already demands collaboration between the CIO and CISO to cover all the bases of data backup and cybersecurity.
Data resilience has now become a boardroom discussion.
The consequences of getting data resilience wrong is that the business comes to a standstill, and in some high-profile attacks, the public has called for the CEO’s resignation, with the board not far behind in the chain of responsibility.
To tackle the evolving threat landscape, effective backup and protection solutions and strategies need to also bridge the divide between infrastructure and operations and security. In some ways, backup is one of the best security tools, because to tackle today’s modern ransomware threats, companies need to plan for breach and recovery instead.
iTNews Asia: Is the cloud the best place to store data and applications? Why? Are on-premise investments still significant, and in what context would that be?
The answer in this case is “it depends” because the best place to store data is going to be what’s right for each business’ needs. Companies, such as those with remote workforces or a decentralised structure, would not have the capacity to manage hardware or operating systems. The cloud offers scalability and the flexibility they need to adjust their storage capacity based on demand.
It’s not without its challenges. For example, we can’t ignore that cloud can be more costly than on-prem solutions, and because they’re managed by cloud providers, that over-reliance on a single provider can happen and lead to vendor lock-in. We sometimes have customers come to us wanting to switch providers or replicate setups to enhance data availability, but they’re stymied by incompatible APIs or data formats between cloud providers.
The good news, however, is that this blow to data resilience can be avoided. With careful planning and by prioritising data mobility when selecting vendors, organisations can unlock the freedom of moving their data anywhere, anytime.
That said, it’s safe to say however that on-prem isn’t going to go away, especially when we factor the importance of data sovereignty and regulatory compliance, which differs across geographies and industries. To meet specific requirements for data retention, management, retrieval and so on, on-prem can offer greater control and security, and custom hardware configurations and networks to minimise latency.
iTNews Asia: How has the growing implementation of AI reshaped the industry and changed how businesses (or will) perceive and use their storage?
While the use of AI to create more sophisticated phishing campaigns has been discussed at length, the next new AI attack vector could go beyond conventional ransomware to “poison the well”, where malicious actors spike the source of data and datasets instead. With businesses highly reliant on their data, making decisions based on it, and now accelerating that with AI, feeding businesses false or manipulated data could have disastrous effects. Businesses could make potentially dangerous decisions under the impression that the data doesn’t lie – only not to know it has been compromised.
In addition, the growing implementation of AI also relies on and creates huge volumes of data, which I touched on in my very first response. In some ways AI is both the cause and cure, because in the face of growing data volumes and attacks coming on all ends, AI gives us the ability to access new levels of data intelligence to fight these new threats.
We need to put AI in the hands of the IT administrators so they’re not on the backfoot with AI powered threats. This means enabling a smarter, more intuitive, and real-time monitoring experience.
Since AI excels at pattern recognition, it can identify anomalies in backup data, and quickly classify, correlate and locate data; it can also automatically diagnose and execute recovery plans in the event of an incident.
I personally think that one of the most popular features of AI-powered backup in the future will no doubt be automated routine backup tasks, because it frees up IT teams to focus on other strategic initiatives that enhance the organisation’s security posture. And AI-backed continuous learning and improvements are nice perks to have as well because they continue to optimise the backup process for data resilience by learning and integrating historical data.
iTNews Asia: Where do you see the future of back up?
I’ve just touched on AI, but to cover that base, I’ll say again that backup solutions of the future are going to integrate AI at all levels to accelerate threat detection, incident response and data backup and recovery, while also becoming more affordable and accessible to all organisations. In addition, backup-as-a-service for software-as-a-service platforms (BaaS for SaaS) is alsogoing to become critically needed in organisations.
Unfortunately, we’re in a disruption-prone world, and even putting aside the looming threat of more powerful ransomware and AI threats, we face the risk of environmental disasters like extreme weather, floods, fires, snowstorms, earthquakes.
As climate-related disruptions bring more uncertainty, they are going to test businesses’ risk appetites and need for data resilience and could fuel greater investment in virtualisation and cloud setups.