Organizations Strengthen Modern Data Protection for the Cloud to Reduce Security Risks

Veeam software, a specialist in modern data protectionreleased the findings of the company’s study 2023 Cloud Protection Trends Reportcovering four key “as a service” scenarios: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Backup and Disaster Recovery as a Service ( BaaS/DRaaS).

The survey revealed that enterprises recognize the growing need to protect their SaaS environments. For instance, nearly 90% of Microsoft® 365 customers surveyed use additional measures rather than relying solely on built-in recovery capabilities. Preparing for rapid recovery from cyberattacks and ransomware was the most cited reason for this backup, with regulatory compliance being the second most popular business driver.

Report Highlights:

While new IT workloads are being launched in the cloud at a much faster rate than older workloads are being retired in the data center, a startling 88% have brought workloads back from the cloud to their data center for one or more reasons, including development, cost/performance. optimization and disaster recovery.

With cybersecurity (including ransomware) continuing to be a top concern, data protection strategies have evolved and most organizations are delegating backup responsibilities to specialists, rather than requiring each workload owner (IaaS, SaaS, PaaS) protects its own data. The majority of backups of cloud workloads are now performed by the backup team and no longer require the specialized expertise or additional overhead of cloud administrators.

Today, 98% of businesses use cloud-hosted infrastructure as part of their data protection strategy. DRaaS is seen to go beyond the tactical advantages of BaaS by providing expertise in planning, implementing and testing business continuity and disaster recovery (BCDR). Expertise is recognized as a key differentiator by subscribers who choose their BaaS/DRaaS provider, based on business acumen, IT recovery technical architects, and operational assistance in planning and documenting BCDR strategies.

Unfortunately, as is often the case with new cloud-hosted architectures, some PaaS administrators mistakenly assume that the native durability of cloud-hosted services eliminates the need for backup:

34% of companies are not yet backing up their cloud-hosted file shares and 15% are not backing up their cloud-hosted databases.

“The growing adoption of cloud-based tools and services, accelerated by the massive shift to remote working and today’s hybrid work environments, has shed light on hybrid IT and data protection strategies across all sectors,” said Danny Allan, chief technical officer and senior vice president of product. strategy at Veeam.

“As cybersecurity threats continue to rise, organizations need to look beyond traditional backup services and craft a targeted approach that best meets their business needs and cloud strategy. This survey shows that workloads continue to move seamlessly from data centers to clouds and back, as well as from one cloud to another, creating even more complexity in the data protection strategy. The results of this survey show that while modern IT organizations have made significant progress in cloud and data protection, there is still work to be done. »

Findings from the Veeam Cloud Protection Trends Report 2023 include:

Software as a Service (SaaS):

90% of organizations realize they need to back up Microsoft 365. Report finds only 1 in 9 organizations (11%) are not protecting their Microsoft 365 data — a promising majority of 89% use third-party/BaaS backups or enhanced levels Microsoft 365 for legal hold, or both.

As data protection strategies have evolved and ransomware continues to be a major concern, most organizations are delegating backup responsibilities to backup specialists, instead of requiring each workload owner (IaaS, SaaS, PaaS) protects its own data. This fuels the progression of backup becoming a conventional component left to the traditional backup administrator versus the application team.

Infrastructure as a Service (IaaS): As organizations of all sizes now embrace hybrid cloud architectures, it’s not a one-way journey to the cloud that diminishes the importance of the modern data center.

30% of cloud-hosted workloads came from cloud-first strategies, where new workloads are booted into the clouds at a much faster rate than old workloads are retired in the data center.

98% of companies use cloud-hosted infrastructure as part of their data protection strategy, including cloud storage tiers, cloud infrastructure as a disaster recovery site, or use of BaaS/DRaaS providers .

88% of organizations have brought workloads back from the cloud to their data center for one or more reasons (development, cost/performance optimization or disaster recovery) – highlighting the need for 2023 data protection strategies to ensure protection consistency and the ability to migrate, as workloads move from data center to cloud, cloud to data center, or cloud to cloud.

The majority of backups of cloud workloads are now performed by the backup team and no longer require the specialized expertise or additional overhead of cloud administrators. However, while almost all acknowledged having long-term regulatory mandates, only half of organizations keep backups of their cloud data even for a year.

Platform as a Service (PaaS): While most organizations initially “lift and move” servers from the data center to IaaS, most agree that running fundamental IT scenarios, such as file shares or databases , as cloud-native services is the future of mature IT workloads:

76% run file services on servers hosted in the cloud and 56% run managed file shares from AWS or Microsoft Azure

78% run databases on servers hosted in the cloud and 65% run managed databases from AWS or Microsoft Azure

Backup and Disaster Recovery as a Service (BaaS/DRaaS): Almost all IaaS/SaaS environments also use cloud services as part of their data protection strategy in one form or another.

58% of companies use managed backup (BaaS) versus 42% who use cloud storage as part of their self-managed data protection solution. Of particular interest, almost half (48%) started with self-managed cloud storage but eventually moved to BaaS.

Almost all organization (98%) say they use cloud services as part of their data protection strategy, although this varies from cloud storage as a repository to full-fledged BaaS or DRaaS services.

BaaS is mainly wanted to gain operational and economic efficiency, as well as to ensure data survival in the face of disasters and ransomware attacks. It’s worth noting that BaaS is no longer considered the “band killer” early experts proposed, with organizations stating that nearly 50% of their data is always stored on tape throughout its lifecycle, regardless of their use of cloud-based data protection services.

DRaaS is seen as going beyond the tactical advantages of BaaS by providing expertise around BCDR planning, implementation and testing. Expertise is seen as a key differentiator by subscribers who choose their BaaS/DRaaS provider, based on business acumen, IT recovery technical architects, and operational assistance in planning and documenting BCDR strategies.

This year’s report showed a significant change from last year as customers are increasingly interested in outsourcing their backups and getting a “turnkey” level of management service. or “white glove” instead of in-house IT staff continuing to manage the infrastructure provided by BaaS. This change indicates that experience and trust in vendors are increasing and could also indicate challenges over the past year with the IT talent supply chain.

The Veeam Cloud Protection Trends 2023 report, from the annual Veeam Data Protection Trends report, is the result of a third-party research company that surveyed 1,700 unbiased IT managers from seven countries (US, UK, France, Germany , Japan, Australia, New Zealand) on their use of cloud services in production and protection scenarios to provide the largest single view into the trajectory of hybrid strategies across the modern IT enterprise in today’s digital-centric landscape. the cloud.

The large-scale market research was conducted to understand the different perspectives on responsibilities and methodologies related to operating and protecting cloud-hosted workloads, and considerations when using the cloud-based data protection.

Key words: ,