ESG Research: Cloud Data Protection Strategies at a Crossroads

Insights June 14, 2023

Is your business exposed to cyber-attacks? Have you addressed both on-premises and cloud data? Have you optimized your organization to recover quickly? Are you confident that you can recover all your data in the event of an attack? 

The reality is that it is a not a matter of if—but when—attackers will get to your data in one way or another. Backup data is particularly at risk, as it’s now a prime target for disruption. With expansive data sprawl and cloud expansion, there’s a lot to consider when it comes to protecting mission-critical applications and their associated data. What does that mean for you? It’s essential to build a robust data protection strategy with a mature and optimized recovery protocol. And making that strategy a well-rehearsed part of your operations is critical for continued success and resiliency. 

The Research

The Enterprise Strategy Group (ESG) by Tech Target completed a quantitative web-based survey of private- and public-sector organizations throughout the United States and Canada in March 2023. In the report, “Data Protection Cloud Strategies at a Crossroads,” the team shares important insights into the cloud data-protection climate. The big takeaway: Cyber events are currently the top reason for recovery. 

The authors address the impact of cyber threats both on-prem and in the cloud as well as with innovative technologies like Kubernetes. Some hard truths: Recovery strategies need work, especially in the cloud and across clouds. Most organizations are using a multi- and hybrid-cloud approach, often using multiple cloud service providers. That means data exists in a variety of locations and is managed disparately throughout the organization.  

“There is a problem with recoverability of data in the market.”    
— Christophe Bertrand, Practice Director, ESG

Data recovery events caused by cyber-attacks are growing.

Cybersecurity events are now the top cause of data loss. In the past, technology failures, cloud service provider outages, or human error were the leading reasons for recovery efforts. This year marks a clear shift according to multiple reports. Databarracks reports that in the UK, “2022 marks the first year cyber attacks overtake human error as the top cause of data loss.” It is more important than ever to optimize your entire organization for rapid and hybrid recovery. 

Organizations are unable to recover all data.

What degree of data recovery is acceptable for your organization? This is typically noted as your recovery point objective (RPO) and describes how much data you can bear to lose. Is it 50% data recovery? 75%? 80%? Surely, the more you can do to enhance your systems toward 100% recovery, the better off your organization will be.  

ESG found that only 1 in 10 organizations could recover all their data after an incident, whether on-prem or in the cloud. It unlikely that any executive would be satisfied with less than 100%. Work is needed here to optimize systems for recovery and rehearse to perfect the recoverability of all data. Practice makes perfect. It is vital that the first time that you perform a recovery is not during an attack. Non-disruptive recovery rehearsals, or exercises, are vital.  

Some recovery must be local.

With the increased threat of attacks, especially in the cloud, there’s a new trend of repatriating data to premises-based storage. There is also a need for on-premises recovery strategy. The numbers illustrate the shift: 44% of respondents will consider a public cloud-based data protection solution that integrates on-premises storage for local recovery. This practice ensures that you’ll always have a copy on-premises, ideally on air-gapped, immutable, or indelible storage also known as an isolated recovery environment. This provides a clean dependable copy of your data—and valuable peace of mind. 

Additional learnings.  

ESG uncovered additional learnings around the impact of cloud technologies for data protection, the as-a-service market in general, and gaps in Kubernetes backup and recovery. It’s clear that container adoption is widespread, and containers are used in production today, but there again is a need to better backup and setup recovery.


Take the Next Steps  

Recovery can be the last line of defense against the damage of a cyber attack. Implementing a strong backup and recovery strategy will provide the ability to quickly and efficiently recover to keep your business up and running. Put yourself in control of all your data and applications in the cloud, on-prem and at the edge, by architecting a unified and simplified strategy for application resiliency, data protection, compliance, and governance.  
Learn more about how you can improve data recovery

Sonya Duffin
Data Resiliency Expert
VOX Profile