PodChats for FutureCIO: Securing and optimising hybrid cloud backups in Asia

Many of the concepts and practices for data protection in general, and backup/recovery (B/R) in particular, have not changed since they were developed in the client/server era.

The basic architecture of these products was designed for array-based data recovery before the concepts of virtualisation and containerization were introduced. Even today, backup/recovery is performed on a periodic, preset schedule that is still mostly limited to once per day.

These daily backups are supplemented with journals, snapshots, and other replicas (e.g., clones) in between backups to improve the recovery point objective (RPO) and the recovery time objective (RTO).

State of backups and recovery practices in Asia

Alistair Green, SVP for cloud engineering, Japan and Asia Pacific at Oracle, noted that a lot of companies have already looked to move both their backups and recovery solutions to the cloud from on-premise.

He also alluded to the increased preference to use the cloud as the primary location. "More and more organisations have realised that the once essential on-premise data centres have become too costly and inflexible," he added. "By choosing the cloud as their primary solution for both backup and recovery, businesses need not worry about constant maintenance like in an on-premise data centre."

The importance of securing and optimising hybrid cloud backups

A 2022 S&P Global multi-cloud survey showed that 97% of organizations use more than one cloud provider. According to the survey, the leading factors behind the multi-cloud approach are cost optimization, data residency, and business agility.

Pointing to the same survey, Green noted that on-premise data is expected to decline to 30-35%. "In a hybrid cloud backup environment, the most critical thing is to have a single security model that is across the entire enterprise to ensure consistency on both cloud and on-premise," said Green. "Otherwise, the attack surface and penetration vectors become different, making it hard to control what has been exposed."

The pandemic factor in a post-pandemic world

The pandemic has shifted enterprises in Asia to a hybrid mode. Coupled with a long history of technology and innovations of backup and recovery, should CIOs and heads of data infrastructure data protection be confident in their security systems?

Green claimed there is clear evidence that cyber-attacks on enterprises and individuals are on the rise, and we need to be careful to not become complacent and remain vigilant.

"To be fully confident in their security systems, CIOs should keep their data on the cloud instead of relying on manual security processes like patching, which can be managed by organisations that specialise in data security, and even in the event of data loss, that data loss is minimised," he added.

Advantages of hybrid cloud backups over others

According to Green, the core advantage of having a hybrid cloud backup is that it leverages a mix of cloud and on-premises resources to ensure data resilience and availability. He explained that the flexibility and agility of a hybrid cloud backup strategy allow businesses to modernise, opening the business model to new markets and products.

"Beyond a hybrid cloud strategy, more organisations have employed a multi-cloud one, where multiple cloud providers share the data workload, and the risk of losing data is spread across them," he added.

Considerations when choosing the ideal backup solution

IDC surveys show that over 77% of organisations are currently utilising either a multi-cloud or hybrid cloud setup, and this number is projected to increase to 84% within the next two years.

The analyst says hybrid cloud system implementation will act as the fundamental structure for organisations' workload strategies, allowing for a "best fit" approach where workloads are deployed in the most logical manner, whether in a cloud environment or on-premises.

Given the above scenario, Green opined that enterprises have two criteria to consider when choosing the ideal backup – how much time they can afford to be offline and how much data they can recover.

"Maintaining business continuity is important to all enterprises but each enterprise has its own risk appetite, with some being able to afford more downtime than others. We need to consider these elements to carefully assess the risk of each enterprise."

Alistair Green

Recommendations for CIOs

Asked what he recommends CIOs or heads of infrastructures consider for backup and recovery when it comes to modernising their approaches and framework in securing and optimising our backups and recovery, Green opined that selecting an optimal data backup solution involves creating a comprehensive backup procedure that responds effectively to potential failures while identifying the risks, needs, and environment of an organisation.

"No matter what an organisation chooses for its solutions, it needs to understand if the provider can patch and provide the best security posture. One way to assess is to check if the provider incorporates a zero-trust model to regulate access to systems, networks, and data without giving up control," he explained.

Generative AI's impact on backup and recovery practices

One of the early use cases of AI is around automating repetitive practices. Data backup fits into this category, especially these days when companies are paranoid that their data could be compromised at any given moment by hackers.

But more than that, AI can accelerate recovery – the ability to use an algorithm to make recovery faster and more accurate by understanding the relationships and dependencies of the data that is backed up, according to Mike Leone, a principal analyst at Enterprise Strategy Group.

Coming into 2024, with the growing interest in technologies like generative AI, should CIOs be distracted by these technologies when it comes to securing and optimising hybrid cloud backups?

Green acknowledges that the future of hybrid cloud backups lies in generative AI and its capabilities.

"Generative AI solutions can be found everywhere, and they can work within an enterprise as well. The use of AI and ML will only increase, and enterprises should leverage that to further enhance their data security against cyber-attacks."

Alistair Green

"We have yet to see the scale at which AI can transform the cloud and backup industry, but it will be exciting to see what develops," he concluded.

Click on the PodChat player and check out Green's assessment of where enterprises are today when it comes to securing and optimising hybrid cloud backups in Asia.

1. Where are we today regarding the state of backups and recovery practices and technologies (in Asia)?
2. Speaking of hybrid, why is it important to secure and optimize hybrid cloud backups and how would you describe the state of backup and recovery in APAC?
3. Is not technology and best practices sufficiently mature for enterprises to be comfortable that they are compliant as regards keeping DATA and systems protected?
4. Can you elaborate on some of the advantages of hybrid cloud backups versus only implementing local backups or cloud backups when it comes to disaster recovery?
5. A common observation we've noted is that technologies may be the same, but practices are different and sometimes dictated by the available expertise or choice made by the company. Can you describe critical factors for enterprises to consider in choosing the ideal data backup solution, and to move from local backups or cloud backups to hybrid cloud backups?
6. Given the options of hybrid cloud backups and the technologies behind, whether it is a combination of public/private cloud services or a mix of cloud service and on-prem infrastructure, what is your recommendation for CIOs?
7. Coming into 2024, there is growing interest in technologies like generative AI for example, should CIOs be distracted by these technologies as regards securing and optimising hybrid cloud backups?