Welcome to VMblog's roundup of expert commentary on Backup Awareness Month! As technology continues to advance and data becomes an integral part of our personal and professional lives, the importance of safeguarding and backing up our valuable information cannot be overstated. This insightful collection brings together the wisdom and perspectives of industry experts, shedding light on the significance of data backups and offering invaluable advice on best practices.
In this roundup, we dive into the minds of renowned professionals who possess extensive knowledge and experience in data protection and backup strategies. They share their thoughts on the evolving landscape of data security, common misconceptions surrounding backups, and practical steps individuals and businesses can take to ensure their data remains safe and accessible. Whether you're a seasoned IT professional, a small business owner, or simply an individual seeking to safeguard your digital assets, this expert commentary roundup is here to provide valuable insights and actionable tips to enhance your backup practices.
So, let's dive into the world of backup awareness and unlock the expertise of these insightful commentators!
++
Tony Liau, VP, Product Marketing, Object First
In today's digital landscape, ransomware poses a significant threat to organizations' data security. As we observe Backup Awareness Month, it is crucial to emphasize the importance of proper backup and recovery strategies in defending against ransomware attacks.
At Object First, we recognize that effective cybersecurity requires more than traditional measures such as firewalls and antivirus software. It demands resilient steps to stay ahead of the ever-evolving ransomware landscape. This month serves as a reminder that investing in backup solutions with immutable storage is not just an option, but an absolute necessity.
Ransomware attacks can strike any business, exploiting vulnerabilities to hold valuable data hostage. To combat this menace effectively, we advocate for a layered approach. This includes proactive protection against incoming threats, swift detection and remediation of active threats, and reliable recoverable backups that act as the last line of defense. Immutable storage is the key to ensuring backups are fully recoverable, enabling quick restoration, minimal downtime, and uninterrupted operations, even in the face of an attack.
Backup Awareness Month prompts us to reassess our backup practices and ensure our data is recoverable. It encourages organizations to take proactive steps to mitigate the risk of data loss. Let us seize this opportunity to create a future where no one has to pay a data ransom ever again.
At Object First, we are committed to empowering organizations to protect their data effectively with secure, simple, and powerful backup storage for Veeam users that is ransomware-proof and immutable out-of-the-box.
++
Manikandan Thangaraj, vice president at ManageEngine
Ransomware gangs are like the Hydra, the multi-headed serpent from Greek mythology that grows two heads when one is removed—cut off one ransomware group and two more seem to pop up in its place. Even the best protection system that money can buy won't prevent attacks from these malicious marauders with 100% accuracy. The most common attack vectors for ransomware include a human element, either via error, privilege misuse, stolen credentials, or social engineering attacks, which can fly under the radar of security systems. The best defense to fight growing ransomware threats is a robust backup system. Modern ransomware attacks attempt to infect backup repositories as well, which makes it imperative that organizations invest in a disaster recovery solution that can provide immutable storage for backups.
++
Nagarajan Chandrasekaran, VP - Product Success, Vembu Technologies
Backup Awareness Month serves as an important reminder about how crucial it is to protect the data. It encourages organizations to prioritize strong backup plans. On this month, we think about the risks and vulnerabilities our digital world faces and work together to safeguard our valuable data. By being more aware, we can help people understand the importance of regular backups, data replication, and planning for disasters. At Vembu BDRSuite, we understand the need for reliable and user-friendly backup solutions that can scale according to our customers' requirements. We take pride in our commitment to innovation, making sure that BDRSuite helps businesses navigate the complex world of data protection with ease.
++
Pawel Staniec, Head of Poland Operations and R&D, Catalogic Software
Backup Awareness Month is a great opportunity to reflect and learn from the past to prepare for the future. It’s crystal clear that in our digital age, in a world dominated by data, it has never been more crucial to protect this valuable commodity. Helping our customers on a daily basis, we’re sure that traditional backup strategies and recovery plans, although foundational, may no longer suffice in the face of sophisticated cyber threats and complex hybrid infrastructures.
Following a standard backup practice, such as the 3-2-1 rule - having at least three copies of your data, stored on two different media, with one copy offsite - is a vital starting point. But it's just that, a starting point. I’d like to bring your attention to two important aspects needed to truly safeguard our data - we need to go beyond the basics and start looking into and for the data itself.
First, the complexity of modern data management calls for proactive data monitoring and the ability to spot threats such as ransomware in real-time. Simply put, it's not enough to back up data; we need to ensure that we're backing up healthy, uncompromised data. By catching and isolating threats before they can infect backup copies, we add another critical layer of defense.
Second, understanding our digital ecosystem and knowing where data gets created is a critical yet often overlooked aspect of data protection. With the proliferation of cloud platforms, mobile devices, remote workspaces, and IoT devices, data generation is no longer confined to traditional data centers. This expanding data landscape brings with it a complex web of storage locations and data types that businesses must navigate.
That's why backup awareness and data protection solution must evolve towards a holistic approach to data protection. A variety of challenges makes it increasingly important. We’re going to need a comprehensive solution, intertwining backup, recovery, and security, to provide a robust shield against data loss.
++
Rick Vanover, Senior Director of Product Strategy, Veeam Software
As June is Backup Awareness month, I liken success in today’s IT climate to a numerical contest. Is it a game of numbers and chance? Maybe not just yet. I have three pieces of advice for IT professionals around the world to share for Backup Awareness month:
- Follow the 3-2-1 Rule. Three different copies of data, on two different media and ensure one is off-site. This is the rule to live by and will help add resiliency to your data, allowing backup to prove its value to you when needed.
- Don’t be part of the 2%. In the Veeam 2023 Ransomware Trends report we found that only 2% of organizations do not have immutability in at least one tier of their backup solution. It is easier than ever to have immutable storage options for backup data.
- Have zero surprises when it comes to recovery. Let’s plan on knowing what you back up is recoverable. Test your backups but also test your recoveries, and it’s easier than ever to do this in an automated fashion today.
Backup’s work is never done. These rules by the numbers can bolster your resiliency and give your stakeholders the outcomes they expect.
++
Mark Klarzynski, Founder and CEO of PEAK:AIO
With over 25 years of experience in the backup industry, I have witnessed significant changes in technology and user requirements. Tape was once the dominant backup solution until around 2000 when the exponential growth of data posed challenges in meeting backup time windows. Backup to disk emerged as an apparent solution but transitioning from tape-based policies proved complex for clients with decades of backup implementations.
Interestingly, this backup dilemma played a crucial role in driving the development of Software Defined Storage (SDS). The team behind PEAK:AIO pioneered the first iSCSI Virtual Tape Library, a disk array that emulated tape libraries, enabling existing backup policies to function at disk speed seamlessly.
Today, the focus has shifted from backup time to recovery time, as businesses demand swift data recovery. The same team of SDS engineers who created the disk-based backup VTL are now developing flash-based solutions to achieve optimal recovery performance.
Tape still holds significance, alongside the increasing prominence of object storage. However, with the changing economics of flash storage and the abundance of features like deduplication, all flash arrays are emerging as primary backup repositories. PEAK:AIO has observed a 200% surge in inquiries for backup applications in 2023.
++
Glenn Gray, Director of Product Marketing at Auvik
Backing up network devices and configurations is a critical part of any disaster recovery and business continuity plan. Unfortunately, it often also tends to be a tedious, manual, and time-consuming process.
Auvik’s 2023 Network IT Management Report – a survey of 4,500 IT professionals – found that 21% of IT teams experience configuration changes on a daily basis, with another 33% claiming they are happening at least weekly. Despite the frequency in which configuration changes are being made, 42% of respondents said network documentation is only updated monthly, or less often.
With unknown and non-IT employees making frequent changes to the network’s configuration, and a serious lag time of when those changes are documented, the security risks and the time to recover the network in case of an unexpected outage increases exponentially.
To ensure that company data and configurations are being backed up consistently and accurately, and regardless of device location, it is important to utilize an automated backup system. These tools allow companies to work proactively instead of reactively, making the need for disaster recovery strategies obsolete and ensuring that data and configurations are always protected from unexpected outages.
++
Will Bass, Vice President of Cybersecurity Services at Flexential
Data runs the world. Information we have on our customers, products, competitors, and everything in between drives our business decisions. Many organizations don’t realize how critical this data is until it’s gone. It could be a ransomware attack, an infrastructure failure, a natural disaster, or another disaster that makes recovery difficult to impossible. Before disaster strikes, organizations should have a robust, tested data recovery strategy that includes multiple recovery methods, such as backups and disaster recovery as a service. By taking the time to plan and test before it is needed, an organization can not only recover its data but be ready to do it in minutes to hours instead of days to weeks.
++
Martin Zugec, Technical Solutions Director at Bitdefender
Backup Awareness Month is a reminder about the importance of backing up data and responding faster as ransomware and other attacks continue to evolve globally. Backups were historically not designed to address or protect against malicious intent, such as cyberattacks or intentional data deletion. Rather, backups were created as a means to recover from accidental data loss, hardware failures, and other unforeseen events.
Professional ransomware groups go to great lengths to prevent their victims from restoring encrypted data. We are seeing an increase of attacks targeting shadow volume copies or infecting backups at later stages of the campaign. Infected backup can result in IT administrators inadvertently restoring adversary access to previously attacked systems.
Newer technology models such as Extended Detection and Response (XDR) helps detect complex attacks early by correlating threat events and behaviors across multiple environments to help shut down adversaries before they can encrypt data for ransom and/or exfiltrate data for extortion. It comes down to layered security, minimizing the attack surface, and using automated controls to block most security events.
Identity access management (IAM) will continue to play an equally critical role. Just one hijacked user account can compromise all backups, no matter where they are located. The classic 3-2-1 rule of having three copies of data on two different media, with one copy off-site for disaster recovery should be followed, but it is no substitute for a solid cyber defense.
++
Rob Price, Director, Field Security Office at Snow Software
Market uncertainty, pandemics and cybercrime don’t change the fundamentals – data is the lifeblood of every organization and needs to be protected as such. Companies need to adhere to the law, govern data accordingly and have a recovery plan in place. Backups represent the last line of defense for everything from fat fingers to state-sponsored attacks. The key, as ever, is to treat information assets according to their importance to your business and manage risk accordingly.
++
Todd Moore, VP of Encryption Products at Thales
Backup Awareness Month highlights why data protection is essential in today’s threat landscape and the importance of having extra copies of data in the instance of an incident or attack. The volume of ransomware and cyberattacks are on the rise, our 2023 Data Threat Report found 48% of IT professionals reported an increase in ransomware attacks in the past 12 months. Data, personal information, finances, and infrastructure are more susceptible to attacks than ever. Despite bad actors' increasingly sophisticated techniques, cybersecurity experts agree that most attacks are preventable, in fact 55% of organizations that experienced a breach in the past year shared the primary cause was misconfiguration or human error.
The key to prevention is maintaining good cyber hygiene. There are several practices to follow that can support a strong security posture and can help to proactively secure valuable data before an incident, lessening any impact and allowing for better control should an attack occur. Organizations should prioritize evaluating their tools, review their devices' privacy settings to allow permissions only for the data you want shared and ensure your systems are up to date and regularly tested. Control access by implementing multi-factor authentication which can help verify users and systems adequately. Backing up data is one of the most effective methods of protecting against ransomware and double extortion attacks, allowing your organization to restore data, and continue operating unscathed amid an incident.
Above all else, encrypt your sensitive data. Encryption allows your organization to protect your data regardless of where it’s located. Should a breach occur, encrypted data is of little value to hackers.
++
Mandy Andress, CISO, Elastic
As organizations increasingly migrate their environments to microservices, containers, and applications across on-premise, SaaS services, multi-cloud and hybrid environments, they must also grapple with how to effectively secure their data across a breadth of sources and locations in real-time. An outage in one area that results in any loss of data—which could occur during a ransomware attack, for example—can have significant adverse impacts on an organization due to today’s interdependent global processes.
This Backup Security Month, technology leaders should remember to take a holistic approach to understanding their critical data—they must be aware of the dependencies across data sources for business processes, as well as the combination of methods needed to restore that data when necessary. Having deeper visibility into security events and threats while embedding meaningful data protection and backup approaches into an organization's infrastructure and culture is crucial to ensuring their environments remain secure.
++
Dave Russell, Vice President of Enterprise Strategy, Veeam Software
Sadly, it is almost impossible to have a data center conversation in 2023 without ransomware and cyber resiliency becoming mentioned, and for good reason, as the frequency and impact of successful cyber-attacks has increased year over year.
In Veeam’s recent “Ransomware Trends Report for 2023” a collection of 1,200 Chief Information Security Officers (CISOs), SecOps/SecPros, IT Operations, and Backup Admins were surveyed. The respondents were global, and industry-agnostic (not just Veeam customers). The top two most frequently cited cyber incident response elements were backups. Specifically, have good, clean (non-infected) backups, and verifying the recoverability of recent backups. It used to be that we did backups for the occasional data corruption, or accidental deletion of data, but now good backups are a vital component of a cyber-resiliency strategy.
##