News

Cloud Protection 'As-a-Service' Becomes Specialized

• By David Ramel
• 11/07/2022

Amid cybersecurity threats like the current ransomware deluge, organizations are increasingly delegating cloud protection services like backup and disaster recovery to specialists, a new report indicates. What's more, despite a massive cloud migration, some workloads are reversing direction, moving from the cloud back to on-premises datacenters.

Those are two key takeaways from the new Cloud Protection Trends Report 2023 published by data protection specialist Veeam Software, which contracted with independent researchers to recently survey 1,700 IT leaders from seven countries about their use of cloud services in both production and protection scenarios. The purpose of the study was to understand various perspectives on responsibilities and methodologies related to operating and protecting cloud-hosted workloads, along with considerations when using cloud-powered data protection.

As an added twist, the study focused on "as-a-service" offerings, including:

• IaaS -- Infrastructure as a Service
• PaaS -- Platform as a Service, including file shares and databases
• SaaS -- Software as a Service, focusing on Microsoft 365
• BaaS & DRaaS -- Backup as a Service and Disaster Recovery as a Service

Unsurprisingly, Veeam said the report indicated that organizations are increasingly recognizing the need to protect their SaaS environments, noting that nearly 90 percent of Microsoft 365 customers surveyed use supplemental measures instead of just relying on built-in recovery capabilities. The top reason cited for that was preparing for a rapid recovery from cyber and ransomware attacks, while regulatory compliance was the No. 2 business driver.

Digging further into the highlights, Veeam noted the trend toward putting cloud data protection into the hands of specialists. "With cybersecurity (including ransomware) continuing to be a critical concern, data protection strategies have evolved, and most organizations are delegating backup responsibilities to specialists, instead of requiring each workload (IaaS, SaaS, PaaS) owner to protect their own data," Veeam said. "The majority of backups of cloud workloads are now being done by the backup team and no longer require the specialized expertise or added burden of cloud administrators."

Of course, study after study has confirmed that cloud IT talent -- especially pertaining to security concerns -- is hard to come by these days in the midst of a crippling skills shortage. The Veeam report indicates that organizations are evolving their strategies amid this talent dearth. Typically, because it's difficult to find new hires, upskilling and outsourcing are seen as workforce strategies.

"This year's report showed a significant shift from last year as customers are increasingly interested in outsourcing their backups and gaining a 'turnkey' or 'white-glove' level of management service instead of the internal IT staff continuing to manage BaaS-delivered infrastructure," Veeam said. "This shift indicates that experience and trust in providers is increasing and could also point to challenges over the past year with the IT talent supply chain."

'Journey to the Cloud' Goes Both Ways
As noted, the report also finds that despite the oft-publicized migration of organizational IT to cloud computing platforms, some orgs see certain workloads coming back to earth as hybrid IT implementations (cloud/on-premises) result in fluid movement both to and from cloud hosts.

"For most organizations with a 'cloud first' strategy, new workloads that can run in a cloud will start there, with just less than 1/3 of cloud servers first launched in a cloud host, while 2/3 were migrated from the datacenter," Veeam noted. "That said, the 'journey to the cloud' is not one direction, as most organizations have brought workloads back from the cloud at some point."

What's more, Veeam said, "While new IT workloads are launching in the cloud at far faster rates than old workloads are being decommissioned in the datacenter, a surprising 88 percent brought workloads from the cloud back to their datacenter for one or more reasons, including development, cost/performance optimization and disaster recovery."

Other key highlights of the report as presented by Veeam include:

• Today, 98 percent of organizations utilize a cloud-hosted infrastructure as part of their data protection strategy. DRaaS is perceived as surpassing the tactical benefits of BaaS by providing expertise around Business Continuity and Disaster Recovery (BCDR) planning, implementation and testing. Expertise is recognized as a primary differentiator by subscribers choosing their BaaS/DRaaS provider, based on business acumen, technical IT recovery architects, and operational assistance in planning and documentation of BCDR strategies.
• Unfortunately, as is often the case for new cloud-hosted architectures, some PaaS administrators are incorrectly presuming that the native durability of cloud-hosted services relieves the need for backup: 34 percent of organizations do not yet back up their cloud-hosted file shares, and 15 percent do not back up their cloud- hosted databases.

"The growing adoption of cloud-powered tools and services, escalated by the massive shift to remote work and current hybrid work environments, put a spotlight on hybrid IT and data protection strategies across industries," said Veeam exec Danny Allan. "As cybersecurity threats continue to increase, organizations must look beyond traditional backup services and build a purposeful approach that best suits their business needs and cloud strategy. This survey shows that workloads continue to fluidly move from data centers to clouds and back again, as well as from one cloud to another -- creating even more complexity in data protection strategy. The results of this survey show that while modern IT enterprises have made significant strides in cloud and data protection, there is still work to be done."