BTEX 2023: Transforming Data Protection for the Modern Enterprise

Ten or 12 years ago, the traditional backup environment consisted of a backup server with backup software, a tape library, some offsite storage and a catalogue database. This traditional model changed in response to the evolution of modern infrastructure, especially after the appearance of converged and hyperconverged appliances. "The appliances reduced the entire infrastructure into a single clustered scale-out architecture. The newest appliances on the market do all the work like traditional backup software used to do, but with low management, built-in automation and artificial intelligence (AI)," said Panfer.

Countless benefits came with these appliances, said Panfer. "They are fast to deploy, easy to upgrade and very scalable. They allow you to add multiple nodes. There is built-in resiliency and load balancing. They are very easy to configure because they offer policy-based scheduling; you can have service level agreement (SLA) policies and divide your infrastructure based on what kind of data it is and how important it is. They are also secure when it comes down to their architecture."

Born in the cloud era, these appliances offer possibilities that a few years ago were unthinkable. "These backup appliances are built for connectivity and for moving the data into the cloud if required. Their restore capabilities provide seamless search capabilities across all backed-up data, regardless of where it is stored. Some of them also support replication to the cloud with disaster recovery (DR) capabilities," said Panfer, who added that: "Backup software is no longer just backup software. It is also a tool to migrate your data into the cloud."

Modern data protection can use SLA policies to simplify the backup process, said Panfer. "SLA policies aim to remove much of that complexity with a simple, policy-driven approach to backup scheduling, which gives the backup administrator a much more automated and cloud-like approach."

With an API-first approach, automation makes it possible for users to make their own data recoveries without waiting for the help of a specialized team, explained Panfer. "API-first means the ability to automate any data protection-related tasks completely. Automation is the key to offering self-service restores and other services to departments of your organization. This is very important for enterprise-class organizations, and it takes away lots of time from creating the tickets and assigning them to the backup team."

It's also possible to integrate backup data from different technologies into a single place for better control, added Panfer. "Backup applications can be integrated with Ansible playbooks and Chef recipes as well for easy deployments for large organizations. Your backup data is all in one place. So regardless of the technology that you're using in your production environment, you are able to do research, and you can identify the stale, duplicated or sensitive data because everything is sitting in that single environment."

Automation can make disaster recovery testing and implementation far easier tasks than they were in the past. It's worth exploring all the features available; for example, backup appliances offer more than backups, explained Panfer.

"Most backup solutions now offer instant recovery as a feature, recovering virtual machines (VMs) and databases to the appliance and making them available to end users. This means you're not relying on your production environment to make the recoveries. You are recovering on the backup appliance, which really unlocks the computing power of the appliances to be used other than backups, such as development and quality assurance (QA) testing.

"There were the days when you would have to recover a production environment and then build up the whole test environment, but this can be so fast and easy when you make the recovery of your production environment on the appliance itself without touching the production."

Stage recovery is another interesting feature to ensure that the latest version of the most critical virtual machines is always handy, said Panfer. "You can do stage recovery in an isolated environment. It's very useful for testing for recovery in ransomware situations. You can do the testing of your backups before you can build up the production server.

"Cloud instantiation automates the uploading of VMs periodically to the cloud and the conversion of those VMs to cloud instances. This ensures that the latest backed-up version of your most critical VMs is always present in the cloud, powered down, but ready to be powered up in the event of a disaster."

"When it comes to ransomware, the first rule is you don't pay, but you need to have secure backups before you can make that decision," stated Panfer.  

Immutable backups are a resource that can help secure your backups, she explained. "Immutable backups are backups that are once written and cannot be deleted or altered for the retention period of that backup. On-premise storage can be set immutable by increasing security using a secure operating system and storage. Storage of prices can be set for immutability, and cloud storage can be immutable using AWS S3 object log or immutable storage for Azure block storage with time-based retention policies.

"Backup appliances can also add an extra layer of protection from attack as they are separate, self-contained environments and many do not allow access to the underlying operating system, making them harder to attack," explained Panfer. "Many current backup products offer either virus scanning, ransomware detection or both, using data backup to detect anomalies. Backups can act as a second line of defence against these sorts of cyberattacks."

Where ransomware detection in backup software can really make a difference is in recovery, said Panfer. "Built-in anomaly detection in your backup solution can allow you to rapidly identify at a very granular level those files and directory structures that have been attacked by ransomware, determine what needs to be restored and help you get back up and running much quicker."