The IDC perspective, Data Security, Data Protection, and Data Privacy in the Age of Cloud, noted that “as organizations in Asia/Pacific become more data driven and adopt the cloud-first approach, the need for a robust security strategy that includes data security, data protection, and data privacy becomes critical.”
IDC believes that adhering to compliance requirements and implementing a uniform policy and interoperability in a complex hybrid environment are some of the challenges that organizations face in protecting their data in the cloud.
FutureCIO spoke to Charles Chow, director of sales engineering, Commvault, for his perspective on the evolving backup and recovery landscape in Asia.
Click on the PodChat player to hear the full discussion on data protection, backup and recovery.
Let's start off with how backup and recovery has changed, if any, looking from 2020 and 2021?
Charles Chow: The digital ecosystem is facing one of its biggest threats to cyber hygiene, where even the strongest defences can be breached. Data protection or backup has not changed drastically pre-COVID compared to today. The proliferation of cyberattacks and ransomware has prompted enterprises to take a second look at their overall data protection strategy, which of course includes backup.
There's also the evolving landscape of workloads in organisations today which has rapidly expanded and cuts across, say, traditional data centres, hyperscaler containers, SaaS base type workloads and endpoints.
This means that enterprises don't just have a single data source to protect, but multiple data sources. Many customers are thus realising that the approach to historically just protecting everything and anything isn't quite as applicable today as it was years ago.
Backup vendors are rebranding and calling themselves data management solution providers. This is because in today's context, managing data intelligently is often part of a larger strategy to protect your data. Essentially, you need to be very intimate with your data to know how it can be best protected.
You alluded to the different locations for which data is stored – how does this affect existing backup and recovery strategies?
Charles Chow: The proliferation of the cloud certainly means a new approach and strategy to backup is necessary. It’s not uncommon for enterprises today, including small and medium enterprises, to have workloads cutting across multiple platforms. No matter what the business need is, data management and protection need to be streamlined efficiently.
What's increasingly important to understand as well is this: the data residing on disparate platforms aren’t necessarily living in isolation but are very much interrelated and depend on each other. There’s thus a growing need to protect and manage all this in a very consistent manner.
But what we are noticing through our conversations with many of our customers is that they need to use multiple tools to protect this information, some of which aren’t necessarily built to do so – a classic square peg in a round hole kind of scenario.
How should CIOs and CISOs work to protect the end of the enterprise against these threats? And where do backup and recovery fit into this picture?
Charles Chow: It's crucial for companies to have strategic data protection and recovery plan if they want to be successful in today's business environment.
With the increasingly sophisticated cyberattacks and threats that are out in the market, it's very important that CIOs and CISOs have a mentality of when, rather than if, they do get attacked. It’s now a matter of if you do get attacked, how do you then recover from it?
What's the relationship between zero trust and backup and recovery?
Charles Chow: There’s a slight overlap between the two. Like the term suggests, zero trust essentially means there’s no trust in anything. How they overlap in some ways is in authentication and user access, for example.
We sometimes consult with our customers and advise them to potentially disconnect whatever they do from a data protection standpoint from whatever they do on a production basis. Essentially what we’re building is an air gaped environment where the protected data is complete.
What new technologies or practices can we expect, from across three areas: continuous data protection, SaaS-based, and of course, data tiering?
Charles Chow: I have three points of my own, which I feel is what will potentially be more prominent in 2022.
First and foremost, multi-cloud data management mobility. We touched on this a little earlier in our discussion as to how enterprises are consuming data across various platforms, and there is genuinely a need to federate the management of all these data sources today.
Next, the expansion of data tiering capabilities. Air gapping, in a very simplistic form, is about replicating data or backup data to a remote location. And we all know this is not a new concept in any way.
Lastly, SaaS-based services. As the service trends continue beyond being a fad, I think all of us can acknowledge that the utility model is the way forward, and we’re looking at the next thing in the data centre to consume as a service.
Who typically is responsible for data backup and recovery?
Charles Chow: Gone are those days where you have dedicated storage administrators who took over backup and recovery roles as storage and data were closely interrelated. In more recent times, I think the demarcation has lessened and there’s been a consolidation of roles. Storage administrators and backup administrators have merged into one role and are now in charge of systems as well.
Any demarcation tends to lie between the on-premises teams and cloud teams, between where the workload may or may not reside.
What would be your advice for CIOs and IT teams in terms of how they should approach backup and recovery in the connected era?
Charles Chow: As we all know, data protection and backups have been around since the beginning of time, and it's very much steeped in legacy. Enterprises are still apprehensive when it comes to changing or re-evaluating this data protection strategy because it’s very challenging to revamp.
Unfortunately, this narrative is not lost to cyber attackers, who have specifically capitalised on this lack mentality. They have even gone out on a limb to make public announcements that they are now specifically going after your backups, causing permanent data loss and no chances of recovery.
I truly urge that all enterprises look and re-evaluate their backup data management strategy moving forward, regardless of how painful it is. Because the workload and threat landscape has changed and is certainly not the same as it was four or five years ago. And this is indeed the perfect time to plan for the future.
