Podcast On-Premises vs. the Cloud: What's the Backup Strategy for you?
The increasing need for consistent backup, disaster-recovery and business-continuity strategies
By Insight Editor / 27 Jan 2023 / Topics: Data center Backup & recovery Cloud
By Insight Editor / 27 Jan 2023 / Topics: Data center Backup & recovery Cloud
A good backup strategy is essential to ensuring sustained success. According to James Scott, Canadian field CTO at Dell Technologies, consistency is just as critical — whether it’s in a disaster-recovery or business-continuity context or in response to a cyberattack. Talking to Peter Straight, the security practice leader at Insight Canada, Scott advises that businesses keep their backup strategy consistent, even sticking with a single cloud provider, as it will pay dividends from cost, time and management perspectives in the long run.
To experience this week’s episode, listen on the player above, watch the conversation below or scroll down to read a complete transcript. You can also subscribe to Insight TechTalk on iTunes, Spotify, Stitcher and Google Play.
Transcript of audio:
[PETER]
Hello everyone, I'm Peter Strait. I'd like to welcome James Scott. He is the Canadian field CTO with Dell Technologies. James, let me ask you a question. With customers moving to different hyperscalers in the cloud, how does their backup strategy need to change?
[JAMES]
Well, I think there's a few things. I think first is consistency. You mentioned different hyperscalers. I think that's key. Almost everyone I speak to starts off their cloud journey with a single vendor, say Azure. I do see more Azure than anything else in Canada, but then they have teams go off and start using other providers. They start to use a bit of AWS. They have some M & A activity and they acquire a company that's maybe using GCP or you know one of the hyperscalers comes out with an offering for their vertical and you don't want to ignore some business benefit et cetera, et cetera.
Like eventually you, I think the point you made on, on multiple hyperscalers is, is absolutely critical, but the point I want to make is that, even if you somehow manage to stick with a single cloud provider,
there is a need to drive more consistency I think in the backup process, consistency in the management, consistency in the recovery, in the applications and the service types. So, making sure that you have a consistent backup strategy that works for traditional applications, containers, even SaaS offerings. Everywhere you can drive consistency, in my opinion, is going to give you a benefit in terms of cost and and time and management and also security 'cause it's just a single platform to manage.
I think, the second point I'd make on top of consistency is make sure you're not assuming what is
and isn't your responsibility, as you look at all the different hyperscalers. I've heard a few times from customers, things like, "I don't need to worry about backup. That's automatic when I go to a public cloud,” but I think just the understanding that your data is always your responsibility, even when it comes to things like SaaS applications, you know, the retention time, the granularity of the backup, lots of things may not be sufficient for the business, and again, driving consistency in that model.
So, I think the, the change in strategy is not to try and have multiple different tools for the edge, for the data centre, for the cloud, and ideally one tool and one set of processes, so that you can actually do that recovery of that backup in the easiest and most simple way possible.
[PETER]
That's so interesting. With regard to security, how do these backup strategies protect against today's security threats?
[JAMES]
So, without going into specific features and products and what we're doing at Dell Technologies
that I, I think is, is so unique, I think there's something more fundamental when it comes to security side of things. And that's just don't assume that your backup strategy, your disaster recovery strategy, your business continuity strategy is enough to protect against today's threats, and I'm thinking specifically things like ransomware, because those attacks are all about moving slowly through your system.
We've probably all seen statistics around the dwell time of these attacks. It's measured typically in weeks, sometimes months, and those attackers, once they get into your system and they start looking to how do they compromise the data, how do they encrypt the data, they're not going to trigger their presence until they know that when they put that alert up, when they say, you know, "We're, we're demanding this amount of money," that you are going to seriously consider paying it. They, they know that if you can just go to the backup system and recover all the data, then all that effort, all of that slow migration through the network and trying to understand your backup strategy, was for nothing if you can just easily recover.
I think, the other point is you also have to think about what you are going to restore first, what order and where, and the reason why this is so important to think differently from traditional backup and disaster recovery is that, if you think about, the best example is in a DR scenario. In the event of a loss of power or an earthquake or some natural disaster, hopefully that secondary DR site is unimpacted.
It was the reason you chose it is it, it was geographically separate from the primary site, but in the event of a cyberattack that may not be the case. You don't know where the attacker was able to get access to.
You don't know what systems are compromised. There's probably going to need to be some time as you do some investigation, as you do some forensic analysis.
So, you can't suddenly just start restoring the data, because you may not have somewhere to restore that data to. So again, thinking about separately, and this is where you need to start thinking about maybe vaulting off a separate space, separate data, having somewhere you can restore to, some trusted location, so that quite frankly you can just prevent the business , from going out of business, and this security impact to backup strategies, I mean it's been critical to us as, as Dell technologies for a long time now. I mean, if I go back all the way to 2015, so what is that eight years ago now?
Because of the increase in sophistication and the frequency of all of these attacks, I think about the finance sector. What they did in the US was, was spin-off a not-for-profit organization that was designed to look into all of this and work out how does the financial institutions protect their information from all of these different attacks? And they created something called Sheltered Harbor, and as Dell Technologies, as you know, we weren't just the first solutions provider into that Sheltered Harbor initiative. We're also protecting 80% of the global banks through the Dell Technologies data protection suite, and that's what led to us creating products that were specifically designed to target that security angle, things like the power protect cyber recovery technology.
[PETER]
It's interesting you bring up the use case of ransomware and seeing, you know, less people are paying for that. As we see there’s definitely been reduction in people paying for that, because they're having these backups.
What do you see in the future here as you talked to organizations in, across the country? Where are they looking next in order to combat these threats?
[JAMES]
So, I, I think the, the big buzzword here and I think, to be honest it was a buzzword until fairly recently, is zero trust. I think this is about helping organizations move away from what we typically do today, which is trust and verify. So, we'd like to trust you, but first we're just going to verify who you are.
You can think about things like traditional VPN. Connections is maybe a great example to that. Moving to this idea of continuous verification to the idea of all devices, all entities have to be known. These devices have to be explicitly authorized and authenticated. So, there's no assumed trust. That's where the zero trust moniker comes in, but we also need to understand what they do in the system, why they're doing it. All of that needs to be documented and well understood, because we’re seeing the problems of attacks today. The idea here is, well when we're trying to look for known bad behavior, it's not working everywhere. So, the idea is stop looking for bad behavior. We've seen it's impossible to track all of these new threats, what these new attacks are doing.
So, in a zero trust model and moving forward, we're, we're only going to allow known good. So, we're not going to check for known bad. We're probably still going to do it, but it's not going to be the focus. Known bad is going to become blocked, because it's not known if that makes sense, not because we were, we were explicitly looking for it, and, once we know what a system should be doing, it's much easier for us to detect that shift from the current known-good situation. We can identify where these attackers have gone in and start trying to connect to different systems in different ways or traverse the network in an unexpected fashion.
I think the problem is, and where we've been in the past, is this sounds great, but it's incredibly difficult to do. It's incredibly hard and sometimes impractical to try and put that in place, because of the complexity of trying to identify every component in the system and how it's all interconnected.
The easiest way to think about things moving forward and broadly speaking that zero trust architecture is, is three things. We have to have a business model. We need to be able to identify, at a business level, the logic the system needs to put in place. So, think of things like, I want all the data collected in Canada to stay in our Canadian data centres. We just need to be able to describe the behavior of the system.
The second piece is that control plane. So, it's great that we've got that business logic, but we need to be able to put something in place that can implement that desired behavior, and that's where I think, moving forward, all of the integration between things like robust identity management systems and the infrastructure comes into play, and that's sort of the, the final layer in this piece. You need an infrastructure layer that understands all of that technology, so that you can only have trusted entities on the system, and today the burden of all of that falls on the customer, and this is absolutely about an architecture moving forward. It's not a product. You don't buy a zero trust product and all your problems are solved, but, for us, solving this is what we're focusing on moving forward, and I think a lot of that is built up through integration, through partnerships to solve that interconnect between all those different layers, and, quite frankly, just taking a lot of what we do today, things like our secure supply chain and integrating all the information we collect that we cryptographically sign at factory in terms of all the individual components and just bubbling that up through the layers to make, you know, zero trust possible today in a way that I don't think it's been in the past.
[PETER]
I love that you explained that zero trust is, is not a product and that's, that's very critical for our customers to understand. If you're interested in backup security posture as you move into 2023, please reach out to insight on these topics. We'd love to have this discussion with you. Thank you.