A briefing with Veeam CTO Danny Allan revealed the data protection biz’s thinking on SaaS app backup, large language models, and whether we have reached peak ransomware. Hint: we have not.
Version 12 of Veeam’s Backup and Recovery product was introduced in February and included direct-to-object-storage backup, better immutability, cyber resiliency, hybrid cloud protection and a ransomware warranty with a SWAT recovery team.
SaaS app backup has been enlivened recently by HYCU announcing a facility for suppliers to write the needed connectors themselves – using HYCU’s API. Canadian storage firm Asigra then introduced an SDK to enable developers to write SaaS app connectors to the company’ backup software. How does Veeam view the world of SaaS app backup and these generic framework approaches?
Veeam provides protection for significant SaaS apps already – such as Microsoft 365, Teams and Salesforce. Allan told us: “We are the largest provider of backup for Microsoft 365, with over 15 million paying users. We have a free version as well. We have been doing SaaS backup in multiple ways and multiple models. And we expect that to continue.”
And the framework approach? “We have not introduced a framework per se, mostly because we believe that there is value in having specific capabilities around the SaaS service. If you do the generic framework, you end up with generic data protection and generic data recovery, and you’re dependent on the partner to write to it.”
He said: “We want to be the very best in data protection for the SaaS services. We continue to evaluate the market scenarios that will expand.”
But Veeam is not against generic data protection approaches. Allan said: “You can do generic data protection with Veeam. In fact, we just announced – and showed at VeeamON back in May – data protection for object storage. With any of these vendors, you can dump it into object storage, and then you can take a capture of the object storage. So while the general approach is valid, we think there’s value in having specific value capabilities that we build in support for those [SaaS] services.
“I would say for all of the SaaS services, we have a data protection capability – if they can dump the data to the storage … we have a generic way to protect any SaaS service if you’re talking about simply the raw data itself.”
Allan also thinks vendor-led initiatives often struggle “because they require buy-in from everyone in the industry and typically the successful frameworks are industry frameworks not vendor frameworks.”
Regarding Veeam itself being supplied as-a-service, Allan said cloud service providers do this. “We have a very rich ecosystem of providers who are offering services. In fact, we do a significant amount of business through our cloud service providers. So any customer who wants backup – you name it, Microsoft 365, Salesforce databases, all of the vSphere, Hyper V etc. – we have service providers who are offering that as a service. And it’s been a very successful approach for us to date.”
We switched topic and discussed large language models, which are taking off in the data analytics and management markets. How is Veeam approaching this?
Allan said: “All companies these days are looking at large language models and machine learning techniques. We’re doing the same thing.” He continued, “One of the things that we have been doing is around our support cases, for example, feeding in all of the support cases and the knowledge bases and using large language models on it. Large language models are very effective for that.”
This sounds promising, as a well-trained LLM could respond quickly and well to support call issues.
“We have greater concern in other areas … for example, tremendous concern around using large language models for code development. Simply because even if you look in publicly available information, the generation of code sometimes is not on licenses. That could result in intellectual property challenges in the future.”
However, he said: “We’re aggressively looking at ways to adopt LLMs in other areas.” Watch this space.
The third discussion topic was ransomware, where every data protection vendor has a strategy, immutable protection has become table stakes, and vendors are commonly issuing ransomware-focused reports. Have we reached peak ransomware?
Allan thinks not. He said: “Ransomware has the benefit of eliminating the middleman.” Previously in the malware world there was an ecosystem – a long money trail between the people who discovered vulnerabilities and the bad actors who profited at the end of a malware event.
“Now the malicious or threat actor simply compromises you and asks you for money. And you give it to them direct. It’s a very efficient profit model … so I don’t expect it to decrease and expect the prevalence of it to continue.”
Veeam’s own research indicated more than 85 percent of the 4,000 organizations surveyed had been attacked by ransomware, with the average organization being hit more than twice.
Allan said: “The challenge is that organizations are vulnerable. They’re not doing the right things to protect themselves. And it’s a very efficient way to make money.”
Is there anything the industry or nation states can do to reduce its effects and prevalence?
“If you look at cyber insurance, generally, what you’ll see is premiums have gone up and coverage has gone down. My belief is that will force organizations into following best practices because they need protection from ransomware. … This is shining a spotlight on best practices more than anything else. And if we can just get organizations following best practices we’ll be so much better off.”
“I always tell customers, focus on the first line of defense, which is user education. For example, phishing attacks, having users know what the best practices are. Most organizations hopefully are doing that, educating their users, and not on a one-time basis, but on an ongoing basis.”
You also need to focus on the last line of defense. “Bruce Schneier had a great statement. He said: ‘You cannot deflect, you cannot defend, you cannot protect, you can only respond, you can only recover.’ So your last line of defense, of course, is recovery.”
And that absolutely needs immutable backups. Veeam’s own ransomware report showed that 93 percent of ransomware attacks the backups, and 75 percent of the time the attack was successful. “That tells you it needs to be made immutable. That’s best practice.”
Allan expects data protection and data security to converge. “Data protection being the backup, data security being things like data loss prevention, monitoring and exfiltration. I expect to see more of a convergence both at a technology level and also a business level. Because those two things intersect. It’s not only having the last line of defense, it’s also making sure that they’re not able to steal the data from you.”
Our takeaway here is that ransomware is likely to get worse.
Learn more about Veeam’s approach to ransomware protection here.