By Archana Venkatraman, Associate Research Director, Cloud Data Management, IDC Europe
Digital trust, resilience, and availability are the hallmarks of a digitally transformed enterprise. With data underpinning these hallmarks, it’s no surprise that data protection and governance are becoming much more strategic and a boardroom priority. In 2021, according to IDC’s multicloud research, data security and protection is cited as organizations’ second-highest priority when it comes to increasing spending — second only to remote and digital workspace investments.
Legacy data protection environments were never built for the petabyte-scale of data, the cloud-native world, or the new data sources and workloads. Without suitable optimization, they cannot meet modern requirements such as granular/fast recovery, compliance with tougher regulations such as GDPR, protection of data across edge to the cloud, or resilience against new threats from inside and outside the organization such as ransomware and accidental deletions.
For more than 44% of organizations IDC surveyed as part of its multicloud research, data protection (backup and recovery, replication, archiving, and business continuity) and security and compliance (encryption, access control, data loss prevention) were the top 2 data services challenges for their hybrid multicloud environments. Data integration and orchestration, as well as data mobility, were other often-cited challenges.
So, what factors are forcing data protection to evolve in the digital era?
- Cyber resilience against modern security threats is an imperative. The threat of cyberattacks is increasing as more endpoints proliferate due to the increase in remote working. Ransomware was cited as the top data protection concern in IDC’s multicloud research, and for 47% of organizations, preventing data loss or leakage was a top security priority. A study by VMware Carbon Black found that there was a 238% surge in attacks from February to April 2020 (source: VMware Carbon Black: Modern Bank Heists 3.0, 2020), with 27% of those targeting the heavily regulated industries such as healthcare and finance.
Organizations also need protection against internal threats such as accidental data deletion, bad actors, and datacenter accidents. Modern data protection includes features such as immutability and “air gaps” to mitigate cyber risks. Air gap protection uses snapshots, replication, and automation to back up data offsite, whereas immutability protects the form of read-only copies of data for recovery. Cyberattacks are becoming increasingly sophisticated, with attacks targeting backup copy first. This makes additional layers of security such as air gaps and immutability in data protection design a must. These features also help to support compliance and governance, as well as building digital trust for a brand.
- Hybrid, multicloud, and edge data protection. Cloud is mainstream and the adoption of edge computing is accelerating, making data fragmentation across the edge to the core to cloud a reality. IDC research shows that core datacenters are home to only 29% of total business data. Data protection platforms and strategies need to encompass data spread across distributed infrastructures and protect them through a “single pane of glass” to minimize risks, eliminate complexities, and keep costs down.
In addition, it’s more difficult to protect data in the cloud and in edge environments as this includes external networks and IT components that are beyond IT’s control.
- SaaS protection. Data in SaaS environments such as Microsoft 365, Google Workspace, Slack, and Salesforce is proliferating. Accelerated adoption of SaaS tops the list of planned IT strategy changes for organizations in the new normal. SaaS data protection is a primary concern as the SaaS solutions become the center of business productivity. Modern data protection can extend protection, recovery, and security to these new SaaS environments, for resilience and business continuity.
- Shared responsibility model. Cloud represents a paradigm shift when it comes to enterprise IT. While cloud has reset people’s expectations from IT, core data protection principles remain the same. Cloud providers offer logical and infrastructure-level security, and platform access controls, data protection, security, and compliance remain a user’s responsibility.
- Data mobility. Hybrid multicloud is becoming mainstream and organizations are emphasizing cross-cloud data mobility. For a third of organizations, data migration and data location optimization in hybrid environments are a key challenge. Modern data protection capabilities extend beyond the traditional roles of backup and recovery to include integrated features to move data cost effectively and at scale. They help bring much-needed flexibility and data control for organizations, and provide security and encryption of data and cost-effective storage tiers to move cold data (data not accessed frequently and kept in long-term storage for retention and archival purposes).
- Modern data protection experience. Overcoming the challenges of data fragmentation and cyberattacks is a key expectation from modern data protection architectures. But expectations don’t end there. Organizations want to elevate the value of data protection to broader business objectives such as resilience, governance, intelligence, and digital trust. An effective modernization solution should support both the current data protection workflows and processes and provide differentiated capabilities to change business outcomes, incentivizing a transition to any new platform. As a result, organizations want to leverage next-generation features such as automation, policy-driven capabilities, flexibility, intelligent anomaly detection, rolling backup, unified protection, and cloud-like pricing.
Data protection is paramount, but needs to be adapted for the digital economy with integration between storage, cloud, and backup ecosystems and end-to-end protection.