Veeam® Software, a provider of Modern Data Protection, today announced the findings of the company’s Cloud Protection Trends Report 2023, which covers four key “as a Service” scenarios: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), and Backup and Disaster Recovery as a Service (BaaS/DRaaS). According to the survey results, businesses are becoming more aware of the need to protect their SaaS environments. For example, nearly 90% of Microsoft® 365 customers polled use supplemental measures rather than relying solely on built-in recovery capabilities. The top reason for this backup was to prepare for a quick recovery from cyber and ransomware attacks, with regulatory compliance coming in second.
Highlights of the report:
While new IT workloads are launching in the cloud at far faster rates than old workloads are being decommissioned in the data center, a surprising 88% brought workloads from the cloud back to their data center for one or more reasons, including development, cost/performance optimization and disaster recovery.
With cybersecurity (including ransomware) continuing to be a critical concern, data protection strategies have evolved, and most organizations are delegating backup responsibilities to specialists, instead of requiring each workload (IaaS, SaaS, PaaS) owner to protect their own data. The majority of backups of cloud workloads are now being done by the backup team and no longer require the specialized expertise or added burden of cloud administrators.
Today, 98% of organizations utilize a cloud-hosted infrastructure as part of their data protection strategy. DRaaS is perceived as surpassing the tactical benefits of BaaS by providing expertise around Business Continuity and Disaster Recovery (BCDR) planning, implementation and testing. Expertise is recognized as a primary differentiator by subscribers choosing their BaaS/DRaaS provider, based on business acumen, technical IT recovery architects, and operational assistance in planning and documentation of BCDR strategies.
Unfortunately, as is often the case for new cloud-hosted architectures, some PaaS administrators are incorrectly presuming that the native durability of cloud-hosted services relieves the need for backup: 34% of organizations do not yet back up their cloud-hosted file shares, and 15% do not back up their cloud-hosted databases.
“The growing adoption of cloud-powered tools and services, escalated by the massive shift to remote work and current hybrid work environments, put a spotlight on hybrid IT and data protection strategies across industries,” said Danny Allan, CTO and Senior Vice President of Product Strategy at Veeam. “As cybersecurity threats continue to increase, organizations must look beyond traditional backup services and build a purposeful approach that best suits their business needs and cloud strategy. This survey shows that workloads continue to fluidly move from data centers to clouds and back again, as well as from one cloud to another — creating even more complexity in data protection strategy. The results of this survey show that while modern IT enterprises have made significant strides in cloud and data protection, there is still work to be done.”
The Veeam Cloud Protection Trends Report 2023 findings include:
Software as a Service (SaaS):
90% of organizations realize they need to back up Microsoft 365. The report revealed only 1 in 9 (11%) organizations do not protect their Microsoft 365 data — a promising majority of 89% use third-party backups/BaaS or enhanced tiers of Microsoft 365 for legal hold, or both.
As data protection strategies have evolved and ransomware continues to be a top concern, most organizations are delegating backup responsibilities to backup specialists, instead of requiring each workload (IaaS, SaaS, PaaS) owner to protect their own data. This fuels the progression of backup becoming a conventional component tasked to the traditional backup admin versus the application team.
Infrastructure as a Service (IaaS): While organizations of all sizes now embrace hybrid-cloud architectures, it is not a one-way journey to the cloud that reduces the importance of the modern data center.
30% of cloud-hosted workloads were from “cloud first” strategies, whereby new workloads are starting in clouds at far faster rates than old workloads are being decommissioned in the data center.
98% of organizations utilize a cloud-hosted infrastructure as part of their data protection strategy, including cloud-storage tiers, cloud-infrastructure as their disaster recovery site, or the use of BaaS/DRaaS providers.
88% of organizations brought workloads from the cloud back to their data center for one or more reasons (development, cost/performance optimization, or disaster recovery) — highlighting a need for 2023 data protection strategies to ensure consistent protection and the ability to migrate, as workloads move from data center to cloud, cloud to data center, or from one cloud to another cloud.
The majority of backups of cloud workloads are now being done by the backup team and no longer require the specialized expertise or added burden of cloud administrators. However, while nearly every organization acknowledged having long-term regulatory mandates, only half of organizations retain backups of their cloud data for even one year.
Platform as a Service (PaaS): While most organizations initially “lift and shift” servers from the data center to IaaS, most agree that running foundational IT scenarios, such as file shares or databases, as native cloud-services is the future for mature IT workloads:
76% run file services within cloud-hosted servers and 56% run managed file shares from AWS or Microsoft Azure
78% run databases within cloud-hosted servers and 65% run managed databases from AWS or Microsoft Azure
Backup and Disaster Recovery as a Service (BaaS/DRaaS): Nearly every IaaS/SaaS environment also utilizes cloud services as part of their data protection strategy in some form.
58% of organizations utilize managed backup (BaaS) compared to the 42% that utilize cloud storage as part of their self-managed data protection solution. Of special interest, nearly half (48%) started with self-managed cloud storage but eventually switched to BaaS.
Nearly every organization (98%) claims to use cloud services as part of their data protection strategy, though that varies from cloud storage as a repository to full-fledged BaaS or DRaaS services.
BaaS is predominantly sought for gaining operational and economic efficiencies, as well as assuring data survivability from disasters and ransomware attacks. It is notable that BaaS is no longer seen as the “tape killer” that early pundits offered, with organizations stating that nearly 50% of their data is still stored on tape during its lifecycle, regardless of their use of cloud-based data protection services.
DRaaS is perceived as surpassing the tactical benefits of BaaS by providing expertise around BCDR planning, implementation, and testing. Expertise is perceived as a primary differentiator by subscribers choosing their BaaS/DRaaS provider, based on business acumen, technical IT recovery architects, and operational assistance in planning and documentation of BCDR strategies.
Customers are increasingly interested in outsourcing backups and gaining a “turnkey” or “white-glove” level of management service instead of internal IT staff continuing to manage BaaS-delivered infrastructure, according to this year’s report. This shift indicates that experience and trust in providers are growing, and it may also point to challenges in the IT talent supply chain over the last year.
The Veeam Cloud Protection Trends Report 2023 is the result of a third-party research firm surveying 1,700 unbiased IT leaders from 7 countries (US, UK, France, Germany, Japan, Australia, New Zealand) on their use of cloud services in both production and protection scenarios in order to provide the largest single view into the trajectory of hybrid strategies across the modern IT enterprise in today’s cloud-first digit. The broad-based market research was carried out to gain a better understanding of the various perspectives on responsibilities and methodologies related to operating and protecting cloud-hosted workloads, as well as considerations when using cloud-powered data protection.
Download additional details from the Veeam Cloud Protection Trends Report 2023 at https://vee.am/CPT23.
