Protecting data in whatever environment it is stored in is crucial for many businesses. That is why it is vital that they have increasingly sophisticated and ubiquitous protection systems. Not only for the data they have on premises, but also for the data they store in the different clouds with which they work. Above all, in a scenario in which attacks such as ransomware are becoming more frequent and damaging. About all this, and about the plans they have in the company for the future, we have spoken with Santiago Campuzano, Countru Manager of Veeam Spain and Portugal.
[MCPRO] Data Protection in hybrid cloud environments implies offering solutions on premises, but also in the public cloud, and Veeam, in fact, currently offers protection for AWS, Azure and Google Cloud, which are 3 of the main providers. What is the protection it offers in these environments and how does it work?
[Santiago Campuzano]: One of the aspects of the evolution of virtualization is the transformation that is taking place towards the hybrid cloud, an area in which hyperscalars are a fundamental element. In this regard, the vision that we have is that we are totally agnostic to the different cloud solutions or our own infrastructure that clients have. In this way, in the end we can offer a backup solution. Or as we call it, more than backup, modern data protection, because we really go one step further.
Our vision is that we are the last line of defense. Protection consists of being able to raise the environments practically in real time in the event of any type of incident. Whether on premise or in the cloud. Veeam, like virtually the entire data recovery industry, has the 3,2,1 philosophy. But we add an additional 1 and a zero to it.
In short, this philosophy consists of having 3 backup copies in different environments. One in the cloud, another immutable, and with zero they return to recovery. As ransomware attacks progress, becoming more frequent, data recovery is no longer just part of the information that the company has. This has to address a full recovery.
So, what we have to look for are solutions that allow the recovery of everything without any type of error, to recover the Business continuity of the organization as soon as possible. What we are doing is a proposition, whether in cloud environments or in hybrid or on-premise environments, which bases the solution on protecting the data thanks to its recovery in the shortest possible time, maintaining Business continuity by the customer.
[MCPRO] What role does the already classic backup that has evolved in Data Protection play in the hybrid cloud? And what has been the evolution of backup for Veeam?
[Santiago Campuzano] To protect cloud environments, and to protect virtualized environments, you have to be a native player with native solutions. This is the great advantage that Veeam has over the rest of the market. We were born in the virtualization area, practically directly in the cloud area, and the evolution has been very, very simple.
It is true that there are many environments that are still on premise that have a traditional backup environment, the classic one. But the reality is that companies now need one more point. It is not a question of recovering a part of an environment, it is a question of recovering the whole in case of an attack. I would tell you that the classic backup is not prepared for a business continuity solution, nor is it oriented as such. Because of the recovery time and the partial recovery capacity, rather than total, that it has.
We play with replica functions, and with backup functions according to the client’s interests. According to the user looking for the technological solution. What we are looking for is a solution that is quite disruptive with respect to the classic backup from the conceptual point of view, because in base technology it is radically different in terms of the environment.
[MCPRO] Businesses continue to suffer from ransomware attacks, what steps can they take to protect themselves, and what can Veeam do to help?
[Santiago Campuzano] Unfortunately, most of the attacks on the market right now are ransomware. In fact, they are ransomware that attacks the backup directly. We have carried out a study in which practically more than 70% of organizations have suffered some type of attack or are at risk of suffering some type of attack. Approximately 52% paid for it.
You have to look for immutable solutions for ransomware, and have exact control of when these attacks occur, because many times the ransomware attack occurs, but it is not when it causes the impact. It’s like COVID when it’s asymptomatic, until it starts and you’re symptomatic. But you were already contagious.
Ransomware works in a similar way. What it does is stay resident within the backup copies of the clients, and at a given moment it activates and blocks everything. But you do not know since when it is activated, so it is not a question of recovering until the day before. You have to find a copy that is really clean at a point in time where the attack has not been suffered to start recovering from that moment.
In Spain, more than 60% of organizations are not capable of recovering data. The data they lose, in many cases, is critical, and this directly affects business productivity. Even to the survival of some organizations. Hence, the number of payments made is very high in ransomware attacks.
The number of companies that do not pay and can recover the data is quite small, on the order of 19% or 20%. In other words, one in 5, according to a study carried out by Veeam at a European level, the Veeam Ransomware Report 2022. Which explains what is happening in EMEA, at a European level, but especially I think it is a trend that can be extrapolated to Spain.
The vision of backup is different, and the vision of modern data protection is different depending on the new types of ransomware attacks. Also, organizationally this is a conflict. Actually, modern data protection solutions did not depend on security teams. Now they are on the edge, they are the last line of defense. ANDThere are the recovery processes, but they are right at a point where the security people lose control and the systems people take over. We are at the critical information exchange point to be able to recover a system to be able to achieve that Business continuity that we mentioned previously.
[MCPRO]What is the future, in your opinion, of Data Protection in the cloud?
[Santiago Campuzano] Well, I think you have to follow certain axioms. The “3,2,1,1,0” is critical, and there goes our vision. We offer SaaS services through our partners. We have a program called VCSP (Veeam Cloud Service Provider), with which partners define the service they want to give to customers. Hyperscalars have ready-made solutions. Some of them managed. There are companies looking for solutions mounted on a superscalar, which to a certain extent even goes against, we could say, a certain sense. Because looking to make the backup in the same place where you have the original information does not seem very sensible.
We believe that there has to be a multicloud environment, and that on-premise environments are still critical. We see that there are many companies that have data centers, or servers, on premise and that a good solution is to cover part of the cloud and complement it with on premise. In other words, go to the hybrid cloud. But I would approximate it to where the digital transformation is going. It is critical to understand that there are many solutions that are going to stay on premise, and that there are others that are going to go to the cloud then.
The key is how to approach hybrid cloud, not just cloud. Here you have to be agnostic. You have to have multicloud solutions, and you have to have cloud and on-premise solutions to cross-protect in both areas. Companies have to be aware that SaaS solutions also have some limitations, even if they believe that they are buying a whole, very large service. That is, they do not protect your data in perpetuity. They do not have permanent data protection, and complementary solutions from specialists are needed that allow data backup to be made in a longer period than indicated, which in many cases is 30 or 60 days.
So it depends on what kind of cloud solution you want to go for, the solution has to be fully customizable for the type of customer. There is a fact that for us is very relevant. In 2022, it is estimated that 52% of workloads are still in the data center and only 48% are in the cloud. Hence, most of the core production environments are still many of them on premise. In that 52% believe that we are talking about core environments.
Furthermore, what solutions are not migrated to the cloud? Precisely the most core because they are the center of the business. In many cases, they are inherited, more traditional applications that are not easy to migrate to the cloud. I could tell you that a very, very important factor is that 39% of IaaS and SaaS solutions have to be complemented with specific modern data protection solutions beyond the native solutions that can provide a scalar IP or that can provide a SaaS or any type of solution.
[MCPRO] What are Veeam’s plans for the short and medium term future?
[Santiago Campuzano] There are two fundamental points. The first is a transition to the more enterprise part. We already have many corporate accounts. Veeam comes from a very relevant experience in the medium account. And we want to transfer that relevant experience to large accounts. It allows us to have the greatest penetration in the market without any doubt.
Right now we are market leaders. We have a lot of experience and we know best what is going on from the experiences our clients are facing. The solutions that we now have within the company are fully Enterprise ready. It is essential for us to have solutions that help the security part. We have the experience that tells us about it and the vision of the market.
These are the two fundamental points from the point of view of company strategy right now. If we talk about technological strategy, I would obviously tell you to address ransomware, cloud hybridization and the transformation of companies.
There are many organizations that are transitioning to the cloud and require new technologies to efficiently protect their backup environments. All the part of SaaS that we mentioned is also essential. And there is another important point for us: the development of new applications, especially in the kubernetes environment. Veeam bought two years ago a technology from a company called Kasten and that it is a subsidiary of Veeamwhich is a market leader in backup on kubernetes and provides solutions to these environments.
These are the fundamental points for Veeam in the future. Also, obviously, complementing the security part, which we consider to be critical due to the situation we are in. I think that right now no one can feel safe, totally independent of the environment they are in, whether it is because they are in a cloud solution or at home with very advanced proactive security solutions.
The world is partially in a cyber war, and so you have a lot of hits. And there will be more. The tendency is that there are even countries that are very aggressive in this line. With which there are great solutions and systems could be affected by attacks sooner or later and backup solutions are critical to complement that proactive security that has historically been had.
