Data Retention

The Latest

18 March 2021: Veeam released a report which suggests that 58% of backups fail. After validating these claims, and from the direct experiences of our advisors who have been CIOs or infrastructure managers in previous years, IBRS accepts there is merit in Veeam’s claim.

The real question is, what to do about it, other than buying into Veeam’s sales pitch that its backups give greater reliability?

Why it’s Important

Sophisticated ransomware attacks are on the rise. So much so that IBRS issued a special alert on the increasing risks in late March 2021. Such ransomware attacks specifically target backup repositories. This means creating disconnected, or highly-protected backups is more important than ever. The only guarantee for recovery from ransomware is a combination of well-structured backups, coupled with a well-rehearsed cyber incident response plan. 

However, protecting the backups is only useful if those backups can be recovered. IBRS estimates around 10-12% of backups fail to fully recover, which is measuring a slightly different, but more important situation than touted by Veeam. Even so, this failure rate is still far too high, given heightened risk from financially-motivated ransomware attacks.

Who’s impacted

  • CIO
  • Risk Officers reporting to the board
  • CISCO
  • Infrastructure leads

What’s Next?

IBRS has identified the ‘better-practice’ from backup must include regular and unannounced, practice runs to recover critical systems from backups. These tests should be run to simulate as closely as possible to events that could lead to a recovery situation: critical system failures, malicious insider and ransomware. Just as organisations need to rehearse cyber incident responses, they also need to thoroughly test their recovery regime. 

Related IBRS Advisory

  1. Maintaining disaster recovery plans
  2. Ransomware: Don’t just defend, plan to recover
  3. Running IT-as-a-Service Part 59: Recovery from ransomware attacks
  4. Ransomware, to pay or not to pay?
  5. ICT disaster recovery plan challenges
  6. Testing your business continuity plan

The Latest

16 February 2021: Veeam continues to expand its footprint across the hyperscale Cloud vendors with the introduction of Veeam Backup for Google Cloud Platform. This follows its December 2020 announcement when Veeam announced the general availability of AWS v3 Backup and Azure v4 Backup. As a result, Veeam now provides backup and recover capabilities across - and just as importantly between - the three major hyperscale Cloud vendors. 

Why it’s Important

During a briefing with IBRS, Veeam detailed its strong growth in the Asia Pacific region. It also discussed its strategy for providing backup and recovery capabilities over the major hyperscale Cloud services: Azure, AWS and Google. The demand for Cloud backup and recovery is growing with greater recognition organisations adopting hybrid Cloud (the most likely future state for many organisations) demands more consistent and consolidated approaches to management - including backup and migration of data between Clouds. VMWare is seeing growth in its hybrid Cloud management capabilities as well, and the synergy between Veeam and VMWare productions is no coincidence.  

Who’s Impacted

  • Cloud architects
  • Business continuity teams

What’s Next?

Backing up Cloud resources appears to be a simple process. Taken on as service-by-service, this might be true. However, in reality the backup becomes increasingly challenging. As more and more applications are made up of a myriad of components, this leads to a rapidly evolving ecosystem of solutions. Hence, data recovery and restoration are also getting more complex. This is further exacerbated by the growing adoption of hybrid Cloud. 

Organisations need to explore backup and recovery based on not only current state Cloud architecture, but possible migration between Cloud services and where different integrated applications reside on different Cloud platforms.

Related IBRS Advisory