Pandemic changes data protection strategy

COVID-19 has caused companies to innovate more boldly in technology. Many interesting things have happened in the data protection segment. Satya Nadella, CEO of Microsoft, did not hide his admiration for IT teams, who made steps to adapt to the new working conditions in a flash. – Two years of digital transformation happened in two months, Nadella said.

IT staff are to be commended, but the excessive haste has also led to much chaos. Perhaps the biggest beneficiaries of this confusion are cybercriminals, who have learned to exploit both employee errors and infrastructure or software vulnerabilities to near perfection. Not only have the attackers reached for more sophisticated methods, but they have also created affiliate programs, which allow novice hackers to join the attacks. IT departments have found themselves on the defensive, and data protection has become extremely difficult due to its unprecedented dispersal.

Backup as your last line of defense

While it has long been said that backup is the last resort, its role in the COVID-19 era has added significance. But do businesses share this opinion, and will they be prepared to spend money on modern backup and disaster recovery tools?

In the first months of the pandemic, companies invested primarily in laptops, VPN services, tablets, and sometimes printers for teleworkers. When it became clear that two household members were working remotely and children took online classes or watched cartoons on Netflix, network bandwidth had to be taken care of. Data protection issues were left behind somewhere in the background. However, when remote working went into full swing, and the home became both an office and the sole center for entertainment, security experts witnessed the negative effects of this move, which included massive cyber-attacks.

At the same time, they started to pay more attention to protecting data on home computers. Many companies have managed to revise their backup and disaster recovery strategy. Others will have to do so soon because the home office is not a passing trend. All the indications are that hybrid working will be with us for longer. According to analysts at McKinsey, more than 20 percent of employees can work from home as effectively as in the office. If employers agree to a hybrid working model, four times as many people could be working from home as in 2019.

Local backups

From a business continuity point of view, an organization with a highly distributed workforce may even be more resilient to a cyber-attack than one where most staff work in an office. As long as applications are available in the data center or the cloud, you can continue working. But with this working model, previously unknown problems also arise, such as low bandwidth, which prevents backups.

Not all backup systems supported remote devices spread across hundreds or thousands of homes. As a result, IT departments often asked home users to back up local data on removable media in the first weeks of the pandemic. Of course, these were ad hoc measures that did not work long-term. However, backup system vendors have been quick to do their homework, introducing solutions over the past year to help support remote workers.

Protection for SaaS

The mass migration of workers from offices to homes has led conservative companies to adopt technological innovations. Organizations are testing innovative applications and services more boldly than before the pandemic; thus, new sources of data security are emerging. On the one hand, this is an opportunity for vendors, as a completely new market segment is being created. On the other hand, it is a challenge – backup systems must react appropriately and support new services and products when launched on the market. Security for SaaS applications (Salesforce, Microsoft 365, Google Workspace) and container environments – Kubernetes and OpenShift – are becoming important. Everything points to a key trend in the backup market this year. Although users assume that cloud-based applications automatically back up their data, this is not the case. Therefore, SaaS backup providers, in addition to promoting their products, should educate service users by informing them about lurking threats and obligations related to data protection in a public cloud environment.

Battle against ransomware gangs

The pandemic has brought a wave of cyber-attacks, and businesses have been particularly hit by ransomware. While this is not a new phenomenon, it has gained momentum in the last two years. According to a Bitdefender report, the number of attacks carried out via ransomware increased by 485 percent in 2020. COVID-related phishing campaigns and attacks on the pharmaceutical and healthcare sectors have contributed significantly to this growth.

Ransomware gangs have introduced new manipulation techniques, such as threatening to make acquired data public if the victim does not pay the ransom. Businesses that have let attackers invade their networks pay through the nose to have their files decrypted. According to Anomali, 58 percent of affected entrepreneurs have paid for ransoms of between 100,000 USD and 1 million USD, with 7 percent even paying more than 1 million USD. The boom in ransomware has brought tape and devices using WORM technology (Write-Once-Read-Many) back into favor. Backup system vendors are not idle, having developed ways to detect ransomware, immutable snapshots, or a “clean copy” recovery technique. However, while it is highly likely that the pandemic will soon be over, ransomware will remain with us for longer. The gangs make too much money from this practice to give it up. There are some parallels to be drawn here with the drug trade.

Data centralization and backup

Nowadays, data is created, processed, and stored in many different places and for many different needs. In this situation, the only system that can centralize the data flow process is a backup system. Data protection solutions are no longer just an add-on but a key element in modern data centers, guaranteeing the resilience of businesses against threats and human and system errors. Analysts also point to the trend of backing up data directly to the public cloud and tiering it.

Backup as a Service (BaaS) has gained popularity during the pandemic, with many vendors introducing this service into their portfolios. Its recipients are usually small entities that do not have their own IT departments. Services such as Amazon S3 and Azure Blob Storage and their archiving counterparts Glacier and Azure Archive Blob can help reduce storage costs in some cases. Storware, as yet, has no intention of introducing such an option. It is worth bearing in mind that a large group of companies and institutions are reluctant to use such services as BaaS. Their aversion is most often due to a lack of trust in external service providers. In addition, the cost of online backup increases with the amount of data transferred, and it may turn out that cloud backup is simply not worth it in the end.

Reducing technological debt

Technological debt is something that almost every company faces. Most entrepreneurs consciously or unconsciously neglect to update the development of their IT systems in terms of technology, performance, and security. In the backup and DR solution segment, technological debt has become a keyword. Companies will not be competitive if they rely on outdated tools to protect their data – today’s most valuable asset. This applies to both the backup and DR systems manufacturers and the organizations that use these products.

Frequent changes caused by the maturation of technologies and the migration of environments are shaping new standards in the data processing and security market. Versatility and agility in responding to changes in this area cannot be underestimated. These are real challenges that must be faced. Containers, for example, require a separate backup strategy, while Microsoft 365 changes its Graph API from time to time.

Paweł Mączka Photo

text written by:

Pawel Maczka, CTO at Storware