The Asia Pacific region may soon experience more cyber incidents, warns Gil Vega, chief information security officer at Veeam, a backup, recovery and data management solutions provider. This is due to the increasing sophistication of ransomware and malware attacks, particularly within supply chains.
“As the number and severity of data breaches continue to increase, many large institutions have initiated rigorous security measures to protect themselves directly. As a result, hackers and cybercriminals are becoming more sophisticated and seeking new ways to gain access through more advanced mechanisms,” he explains.
He adds that the threat from supply chain compromises remains high as it is difficult for both vendors and their customers to protect their networks against well-resourced and pioneering actors with the ability to compromise widely used software products.
Assuming a perpetual state of compromise
Given the state of the cyber threat landscape, Vega encourages companies in Asia Pacific to shift from the “defending the perimeter” mindset to assuming a perpetual state of compromise.
“In the early days of cybersecurity, many practitioners believed that building higher walls, ramparts and ‘impenetrable’ perimeters was the best and most effective way to protect companies and their data,” he says.
See also: Keys to achieving human-centred automation testing
“What we learned during the arms race between attackers and defenders over time was that the incentive to innovate was favouring the attackers. Criminal gangs, nation states and fraudsters simply outworked us, and we had to learn the hard way.
“Now, experienced cyber warriors understand that almost any technology environment vulnerable to penetration is a result of automated tooling and sophisticated attack infrastructure, zero-day vulnerabilities or simply IT management mistakes that fail to address hygiene issues properly,” he continues.
That said, Anand Eswaran, Veeam’s chief executive officer, believes companies are slowly (and not quickly enough) starting to look at their data protection strategies in a more sophisticated way than before.
See also: Human element still important for effective mass communication
“[In this day and age], it’s not enough to back up your on-premise infrastructure or cloud footprint. You’ve got to look at it more granularly [and ask yourself questions like] ‘What is my hybrid architecture looking like?’, ‘What is my data protection strategy for that?’, ‘What are the applications I use?’, ‘Which of those are software as a service (SaaS) applications and which are custom-built homegrown apps?’,” shares Eswaran in a separate interview with DigitalEdge Singapore.
“So, looking at data protection strategy holistically – company-wide and across all different workloads – is super key to make sure that this goes in the right direction for every company,” he stresses.
Keys to a successful data protection strategy
While having the right technology and tools are important to a successful data protection strategy, they are just part of the solution. Instead, having an improved data management – which increases availability through automated and instant recovery – will help keep data platforms healthy without manual intervention, and reduce compliance risks.
“Managing data without a proper process reduces efficiency and can increase the time to recovery. Systems need automated processes to simplify management and recovery while reducing risk. Better data accessibility is the result of well-managed systems and defined data practice processes. A modern data protection strategy means having near-perfect availability and uninterrupted accessibility, driving data trust and integrity,” says Vega.
Furthermore, he asserts that having an effective disaster recovery plan is critical in ensuring business continuity. Such a plan should clearly define the steps to take during an unplanned event or disaster that disrupts resources and puts day-to-day operations at risk.
“One of the first steps in developing a disaster recovery plan is to conduct a review and analysis of the entire infrastructure and make note of all assets – from hardware and software to devices, applications and more. This list should capture version history, system location, how it is backed up and protected, and where any backup is stored,” shares Vega.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
“All these details are crucial so that when a disaster strikes, leaders have documentation of what the system looked like before a disaster strikes. Lastly, this plan should include both tactical steps to take as well as clear roles and responsibilities of teams in case of an event,” he adds.
Data backup and storage is also essential to a disaster recovery plan. Vega explains: “[This] can save organisations time and money when it comes to enacting a recovery protocol. If everything is backed up and available, it can be easier to get systems back online as before. A key data protection practice that can save any business time, money and stress is the ‘3-2-1- 1-0’ backup rule, a rule which Veeam is a huge advocate of.
“This rule recommends organisations to maintain at least three copies of data on at least two different types of storage media and to keep one copy of backup data at an off-site location. The off-site location becomes critical, especially in the event of a natural disaster such as an earthquake or other extreme weather event. In addition, one of the media should be stored offline and all recoverability solutions should have 0 errors.”
Veeam’s plan to achieve its ambitious goal
The escalation of cyber threats and the complexity of the hybrid cloud have pushed organisations to prioritise data replication and protection. This has helped Veeam to close its FY2021 with a record 27% y-o-y growth in its annual recurring revenue, which Eswaran hopes to grow further to reach a revenue goal of US$10 billion.
“I always like to have a hairy, audacious, big goal out there, which is what I talked about when I came into the company in December 2021. But in reality, we’ve got to start planning in milestones [to achieve our US$10 billion revenue goal],” he says.
He continues: “[Achieving a revenue of] US$2 billion is around the corner and things like enterprise, cross-selling on an installed base, more product innovations, repeated execution and many more layers of partnerships, will help us to significantly expand our market share and get to the US$4 billion milestone.
“Fifty-three per cent of our business is actually in the enterprise. We have a presence in almost all of the large enterprises, with 81% of the Fortune 500 and 70% of the Global 2000 using at least one Veeam product. Now the opportunity lies in our ability to cross-sell and upsell our entire solutions portfolio to our installed base of 450,000 customers.”
In terms of products, Veeam has consistently added new products over the last five years. This includes Kasten K10 by Veeam, which provides secure backup and recovery for Kubernetes data and applications while eliminating the complexity in deployment and operations for Kubernetes in the enterprise. Kubernetes is an open-source container orchestration platform that provides high availability and scalability of application services.
Eswaran adds: “We also have a long roadmap of products, each of which creates a new addressable market and more growth opportunities for us.”
Veeam will continue banking on partnerships to further drive growth too. “As a partner-first company, our focus has been working with our partners to help our customers get to the right data protection strategies. We have close to 40,000 transactional partners such as value-added resellers, more than 10,000 cloud service providers that offer our products as-a-service, and have deep partnerships with hardware companies like HP and Pure [Storage]. So we are doubling on that and exploring new partnerships,” shares Eswaran.
“[All in all, we are committed to helping] companies think through and enhance their broader data protection strategy so that they can better prevent and mitigate ransomware attacks.”