Veeam has published its 2020 Data Protection Trends report (registration required). It paints a less than flattering view of how well organisations are dealing with business continuity, disaster recovery and cyber-resilience. Part of the problem is ineffective processes, legacy technologies and poor planning. Respondents reported that 1 in 10 servers experienced unexpected downtime last year.
IDC claims that DX spending will be $7.4 trillion between 2020 and 2023. If data and applications cannot be adequately protected and restored on demand, it will have a significant impact on digital transformation (DX) plans. Those enterprises who are unable to complete their DX journey will be at a disadvantage compared to their competitors.
Danny Allan, CTO and SVP of Product Strategy at Veeam said: “Technology is constantly moving forward, continually changing, and transforming how we do business – especially in these current times as we’re all working in new ways. Due to DX, it’s important to always look at the ever-changing IT landscape to see where businesses stand on their solutions, challenges and goals.
“It’s great to see the global drive to embrace technology to deliver richer user experience, however the Achilles Heel still seems to be how to protect and manage data across the hybrid cloud. Data protection must move beyond outdated legacy solutions to a higher state of intelligence and be able to anticipate needs and meet evolving demands. Based on our data, unless business leaders recognise that – and act on it – real transformation just won’t happen.”
Some key points from the report
At 34 pages, there is a lot of information in this report, and it is broken into multiple categories. The responses to questions reveal:
- Almost three-quarters (73%) of organisations have an “availability gap” between how fast they can recover applications versus how fast they need to recover them.
- Over two-thirds (69%) have a “protection gap” between how frequently data is backed-up versus how much data they can afford to lose after an outage.
- The number one challenge that will impact organisations within the next 12 months is cyber threats (32%). Shortage of skills to implement technology (30%) and meeting changing customer needs (29%) were also cited as challenges in the next 12 months.
- The vast majority (95%) of organisations suffer unexpected outages. On average, an outage lasts 117 minutes (almost two hours).
- One in ten (10%) servers across organisations globally suffered at least one unexpected outage within the last 12 months.
- The majority (61%) currently have no readily available data off-site for Business Continuity (BC) and Disaster Recovery (DR).
- Over one-third (35%) are planning to add the capability for data-reuse to support forensics or other cybersecurity ‘quarantine’ scenarios in the next 12 months.
- On average, 14% of organisations’ data is not backed up.
The IT landscape is getting broader and more complex
To get a deeper understanding of the report, Enterprise Times talked to Dave Russell, Vice President, Enterprise Strategy at Veeam Software. Russell started by talking about the change in customers IT environments. It seems that people are moving to the cloud, but there is still no big-bang moment on the horizon.
Russell said: “In two years, people thought they would have fewer physical servers, about the same VMs but more cloud-hosted VMs than today. That’s not a surprise. The key takeaway, though, from our minds, is that as an organisation, we now have to make sure we’re protecting multiple different bodies. What that says is the landscape of what you have to make protected and available is broadening, not shrinking.”
That growth of the IT landscape means changing the way data is backed up. We asked Russell how organisations were evolving their backup strategies.
Russell said: “We’ve always promoted a concept we call 3-2-1. It means three copies of your data, at least two types of media and one copy geographically dispersed. We’ve expanded that now in the age of ransomware to be 3-2-1-1. Three copies of data, two or more pieces of media, one of which is offline and, ideally, you’ve got an immutable copy.”
Backup is worthless unless it can be restored
It has always been the case that a backup is useless unless it can be restored. But for many organisations, there is no restore testing. We asked Russell how companies were making sure that backups could be restored and how they were testing them.
Russell replied: “Backup verification or testing is a dying art that continues to wither away even further. It means that the amount of restorations, the frequency of restorations, the number of systems and or datasets tested are continuing to decline. Historically, somewhere between 3-5% of data was restored, but nobody knew which 3-5% and when it would be needed.
“What’s changed that threat vector is ransomware. Worst case scenario, cyberthreat changes your restoration pool of 3-5% to potentially 100%. Some organisations are finding themselves exercising their backup recovery systems in an ad hoc manner, more like a disaster recovery scenario. That’s where they see more failures.”
Is replication in the cloud rather than backup the solution?
Cloud allows organisations to grab large amounts of space to replicate their environments. Then can create snapshots of data and even entire systems. But how many are taking advantage of this?
According to Russell, Veeam asked customers what they considered a high priority, mission-critical or business-critical application. It also asked them about what they considered normal data. The goal was to see how they structured their levels of protection and how often they protected that data.
Russell said: “The range was less than once every 24 hours to every 12 to 24 hours, and up through continuously. Critical data was being saved continuously, but as the data and applications moved down through the levels, the frequency dropped to every 15 minutes. There is still this notion of differentiating workload priority, layering different kinds of solutions. You’re doing a backup, you’re using either Veeam software replication or array-based replication, you’re making some copies on-site, you’re sending data to a public provider, public cloud, and you possibly doing several of those things all at once.”
ET was interested in how many enumerated their entire environment. System backups often fail due to a missing file that is stored on a remote system.
Russell believes that organisations are getting better at that. They are beginning to realise that backing up the database is not the same as backing up the CRM system, for example. However, there is still a lot to do. “I would certainly not say we’ve turned the corner on appreciating the difference between backing up data or an application versus making sure that full business continuity of a business process is enabled.”
Russell went on to say that Veeam launched its Availability Orchestrator to solve this problem. In addition to enumerating the environment, he noted that Veeam offers a testing service to measure restore against customer service level agreements expressed in recovery point objectives and recovery time objectives. It allows IT departments to prove to internal and external authorities that business activity can meet its requirements or not.
What about remote workers?
Veeam carried out the survey before the global lockdown took place. As organisations are discovering, employees are keeping a lot of data on local machines that are not being backed up. In many cases, they are not even properly protected. It creates a variety of risks from a data breach to unrecoverable data loss. ET asked Russell how companies are planning for a future where data and applications are no longer containable.
Russell said: “There’s one theory that this will accelerate the move to either Software as a Service or Infrastructure as a Service. People will want to change where the data resides. That doesn’t improve everything. Data still flowing across the wire so you have to worry about encryption and VPN and things of that nature. But it does stop the Word document or the spreadsheet residing on literally hundreds of individual laptops that are geographically dispersed.
“The other theory is the importance of how endpoint backup or laptop backup has become increasingly more important. From a Veeam perspective, we point to our no-charge tool for download. We tell customers ‘there’s important data on your laptop, we really recommend that you protect it.’ From a corporate perspective, we’re going to see organisations conclude, maybe we need to move more substantially towards the cloud.”
Enterprise Times: What does this mean
In many ways, there are no real surprises in this survey. Backup and restore are still problematic. IT departments lack the time to test and evaluate their backups, even if they wanted to. Unique copies of data are still sitting, unprotected, on end-user devices. Throw in increased cyber threats against workers who are work from home, and the situation gets worse. It is worth remembering that this survey took place before everyone became a remote worker. All those broken and failed processes have provided a rich hunting ground for cybercriminals.
But that doesn’t mean everything is doom and gloom. Organisations are steadily moving to the cloud. It might not be as fast as some vendors would like, but it is happening. With that comes other opportunities for disaster recovery and business continuity. What is holding this back is a lack of skills. It is something that will always be an inhibitor for some organisations, but that is where vendors need to deliver better solutions.
System outages cause customer problems. In retail, customers who cannot check out or where the store goes down will shop elsewhere. Customers who cannot get to an application in the cloud that they rely on will look for another SaaS provider. Resiliency is more than staying up, it includes disaster recovery and business continuity.
Veeam sees the need for better data protection as key to digital transformation. From the results of this survey, customers still have a long way to go on that journey.