Posted by “A lot of workloads have moved to cloud, which means there are different challenges associated with cloud migrations that have come to the fore, but data protection strategies for organisations have not changed,” says Sandeep Bhambure, MD – India and SAARC, Veeam Software.
Today, cloud has almost 50% share of the overall IT in the hybrid IT environment, according to a new study titled – BCDR Strategies Resilience Unleashed – Mastering BCDR Strategies in the Age of Ransomware, from Veeam and Think Teal’s research.
With the growing adoption of hybrid IT and cloud, today more and more workloads are being moved to multicloud. However, organisations are facing different challenges around cloud migrations and data in particular, with its manageability, protection and cybersecurity aspects. Given this scenario, CIOs and CISOs need to rely on good and effective data protection strategies and data backup plans as their first line of defence against cybersecurity incidents like ransomware attacks.
In this interview, Sandeep Bhambure, MD – India and SAARC, Veeam Software spoke to TechHerald on the significance of data protection strategies in organisations and how they can help CIOs and CISOs build a strong defence and harden the attack surface. He also explained how Veeam is addressing the challenges around data protection with “data freedom” and spreading awareness on protecting “cloud data” and more.
Edited excerpts.
Q1. Digital transformation brings various benefits to organisations but it also exposes them to the latest risks around cybersecurity and different kinds of attacks. So how do you see organisations or their CIOs in particular balance it out?
Sandeep Bhambure: Going back to pre-pandemic times, if we were to look a hybrid IT and the share of physical machines vis-a-vis virtual machines and the adoption of cloud. I would say that each component had almost more or less the same share. Physical would have a share in the range of 30 to 35% as part of the overall hybrid IT environment for any company. And virtual infrastructure’s share would be around the same 30 to 35% and then the cloud, in its earlier adoption phase would have a 25 to 30% share.
But post-pandemic there was an acceleration to cloud across the board and more and more workloads started going to cloud. We have a study which talks about the mix of how hybrid IT would look like in 2023 and beyond, where the cloud has almost 50% share of the overall IT in the hybrid IT environment. And the rest is almost equally divided between the physical and virtual environment. So that’s a big change. While a lot of workloads have moved to the cloud, different challenges associated with cloud migrations have come to the fore. But data protection strategies for organisations have not changed, neither the technology used for protecting cloud data changed. In fact, many organisations still do not protect cloud data, SaaS data, unstructured data or even have exposure to Kubernetes and containers. Though the production and IT environments have transformed, data protection strategies haven’t changed. This has led to a gap between availability and protection.
Almost 80% of organisations believe that there is a gap in availability and protection, from what business expects and what IT can deliver for them. So essentially to mitigate the risks associated with RPO (Recovery Point Objective ) and RTO (Recovery Time Objective ) gaps, organisations are now rethinking their data protection strategy, backup strategy and security strategy. Ransomware is top of the mind for many organisations and the challenge is how to contain it and make their IT more resilient. So these are the things that are really bearing on the minds of the IT fraternity.
Q2. How do you see the entire digital transformation as a concept or approach that also needs more emphasis on cybersecurity to mitigate risks?
Sandeep Bhambure: We expect customers to spend 7 to 10% more on security and data protection. So that budget has increased for customers, particularly in India, organisations are expected to spend more. From the standpoint of data protection or backup, this would be part of the overarching security umbrella that organisations are thinking of. It is not just about securing, but also protecting or the ability to recover is very important. Today ransomware attacks are really making customers get their CISO organisation and infrastructure organisation together with a joint strategy to tackle challenges like ransomware.
The report found that 85% of organisations have faced ransomware attacks. So security is paramount and organisations are spending a lot of money there. But there’s a need to prioritise defence, along with hardening the attack surface. On average 30 plus security software are implemented in any company, in enterprise IT. And yet there are certain vulnerabilities that are not covered by the security software and the bad actors can come in from anywhere. It means we have to have a very strong line of defence and as the world’s largest company in modern data protection and ransomware recovery, we believe a good data protection strategy can be the best line of defence. It provides companies with the ability to bounce back, to recover their data in the wake of a ransomware attack or any threats that can come to their data.
Q3. Based on the survey, organisations are emphasizing a lot on digital transformation and various initiatives but still lack focus on data protection and data recovery. Apart from overall cybersecurity, do you think CIOs and CISOs need to emphasize specific or data-related strategies?
Sandeep Bhambure: Yes 100%. As I said earlier, data protection is the best line of defence, when the probability of a ransomware attack is high. However, you can recover from ransomware or any attack only if your backups survive. For backups to survive, they need to be immutable, which means the ransomware attacker should not be able to take control of backups—either by deleting or encrypting the backup data. Most of the ransomware attacks actually are aimed at backup data — 93% of the ransomware attacks are aimed at backup data. Because if they take charge of backup information and you cannot recover it then they get the ransom money, that they are demanding.
Q4. In this entire gamut of things on one side there’s digital transformation other side there’s security, data protection, backup, business continuity and various key elements within enterprise IT. So what role Veeam is playing in terms of addressing these challenges for the CIOs and organisations?
Sandeep Bhambure: From a non-technical standpoint, basically we are helping CIOs with two things – one helping organisations to build confidence that they can handle or manage a cybersecurity situation in a much better way and two, we are able to deliver resiliency for their IT. In more technical terms, we are helping organisations with three things – data security, data recovery and data freedom. Data security and data recovery are very well understood but data freedom is what I want to highlight because in hybrid IT, the cloud has taken 50% share as I explained earlier and today multi-cloud is a reality. So customers are looking for the ability to move workloads from cloud A to cloud B, even in case of a cyberattack. Let’s say that if customers are storing their immutable backup on cloud A, they want the capability that lets them recover that data on cloud B or premise. So data freedom is one of the most challenging aspects that customers need help on and as the world’s number one player, we are helping customers in these three areas with data freedom being something very important in the current times.
Q5. As per the survey, 90% of businesses or companies have reported ransomware attacks and 1 out of 4 are ransomware-related cyberattacks. So how do you see the ransomware-related awareness among organisations in India and how Veeam is addressing this scenario?
Sandeep Bhambure: I think when it comes to data, there are risks in-built which are not addressed in hybrid IT. This is because many organisations could be in an existential crisis if they do not revamp their data protection strategies. If organisations have moved to the cloud be it AWS, Google, Azure or any cloud service provider, they need to protect the cloud data. And if they are doing it then there is an exposure to that data. Besides, SaaS (software as a service) applications are one of the fastest-growing domains within hybrid IT. M365 or Salesforce is a critical SaaS application with a huge customer base and are giant in itself. However, organisations so far have not really understood the importance of protecting SaaS data, which is extremely critical and important for survival. To validate this fact, Microsoft has announced the native backup of M365 recently. So principal companies or SaaS solution providers know its significance.
Veeam has been in this business for a long time with millions of users. Our job is to create that awareness so that organisations don’t expose their SaaS data because it can get simply deleted or attacked by ransomware. The third important thing is unstructured information like NAS data, file servers and file shares, which count for almost 80% of the digital universe. Companies failing to secure unstructured data could expose themselves because they don’t follow the same data protection policy as say, Oracle database, SQL server data or transactional data. Recently, there have been cases for instance, a big medical institution in Delhi, certain financial companies in Mumbai and some pharma companies elsewhere, had become ransomware targets.
When we look at the overall IT there are several gaps, which need to be bridged and we being the world’s number one player, it is our job to spread that awareness. We are creating that awareness through our channel ecosystem to help customers understand the need to protect not just the core, traditional transactional data, but also other data sets, including Kubernetes and containers.
Q6: Lastly, what would be your advice for CIOs and CISOs while they are rolling out digital transformation plans now for their organisations? What is that they should keep in mind when it comes to cybersecurity and data protection?
Sandeep Bhambure: My single most important advice to the IT fraternity would be to keep doing what you are doing with your security, but prepare for the worst. And what I mean by preparing for the worst is — build your last line of defence. I think there’s a need for the technology fraternity to prioritise data protection and backup strategy, ahead of any other thing that they could perhaps be doing. So when organisations are racing in the direction of transformation, they need to know that at least their back-end data is safeguarded. The last line of defence is the first action that organisations need to take today.
(Watch this entire conversation with Veeam’s Sandeep Bhambure on TechHerald YouTube channel)