Data protection becoming top investment priority for companies: Veeam CTO

In today's digital era, data backup and protection are vital for businesses to safeguard their valuable information from loss or damage from various threats, such as cyber-attacks, hardware failure, natural disasters, and more. In an interview, Danny Allan, global chief technology officer (CTO) of Veeam Software, a US-based data backup and recovery firm, discusses the various aspects of a backup strategy, what CIO/CTOs should keep in mind when it comes to data protection, the company’s plans for the India market, and more. Edited excerpts:
 
Data backup and recovery have always been part of companies’ tech investment. What should CIO/CTOs keep in mind today when it comes to protecting their data?
 
Historically, businesses relied on data backup and recovery because they were worried about hardware failure, like server or disks failure, resulting in the entire IT infrastructure to go down.

In recent years — and more so since the pandemic when remote work became the norm — protection from various cyber-attacks like malware, phishing, ransomware etc. became more important than ever. And, with the increasing frequency and sophistication of cybersecurity threats, data privacy has also become an equally critical aspect of any backup strategy, which refers to the proper collection, storage, usage and safeguarding of personal and sensitive information and is a key concern for organisations. CIO/CTOs need to be well-versed in the nuances of both data privacy and protection.

Also, cyber resilience — an organisation's ability to prevent, withstand and recover from cybersecurity incidents — needs to be a priority. That includes, implementing a clear data backup policy, data encryption and regular testing of backups to ensure firms can recover data in case of data loss or corruption.

Additionally, CIOs must comply with data privacy regulations such as General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) to protect personal identifiable information (PII) data adequately. We’re also excited about the recently approved draft Data Protection Bill, and are looking into its various nuances of data privacy and its digital applications.

Today, more companies are relying on cloud. What according to you should companies, especially those in the regulated sectors do to protect their data in the cloud?

There’s certainly a huge increase in the adoption of cloud services among the enterprise including banking and other regulated industries. And while cloud drives efficiency, it also comes with security challenges. Today, many businesses are running local clouds or regional clouds within the country. A big trend is that with remote work becoming the norm, companies are now relying on cloud data backup tools to protect their data from internal and external threats. Enterprises need a security architecture that is extensible and at the edge, closer to the users, and closer to the apps. This provides an environment that promotes collaboration and provides flexibility to the workforce to be able to use any device and access their data and apps from any location securely.

Amid, recessionary fears, with many companies tightening their technology budget, do you see businesses following a similar approach in their data security and protection budgets?
 
While overall IT budgets have tightened, in data protection and cyber security, the budgets have increased in recent months. That’s mostly driven by the increase of ransomware and other security threats. Given the current threat landscape, companies have realised that a proper data protection strategy is now a business imperative. In fact, it has become the highest investment priority for many organisations today. With the acquisition of Kasten, a provider of Kubernetes backup and disaster recovery, we're now establishing expertise around Kubernetes, which offers greater resiliency and protection in cloud environments at minimal costs to cater to businesses across size and sectors.
 
What kind of alignment or gap do you see between security and backup teams?
 
Well, the interesting thing is that the security teams are more optimistic. Last year in December we did a survey of 1,200 organisations that were hit by ransomware, where we found the security teams were more optimistic than the backup teams. And that's perhaps because the backup teams are closer to the data and they realise the risk they're facing. 

The alignment that we see between the two is when they combine their datasets. It is important for both teams to gain complete visibility into their sensitive data through security dashboards that showcase everything in order to incorporate cybersecurity risk management into practice. This can help them identify security threats and vulnerabilities, track the effectiveness of security controls and make informed decisions about cybersecurity investments.
 
What growth potential do you see in India for Veeam and going ahead, what are your plans for this market?

India is one of the key growth markets for Veeam globally, because the country is accelerating in terms of digital technology adoption. We have been investing in the country, in its people and technology and the country plays an important role in our overall growth in the APJ region. In the last one year, we’ve seen massive growth in bookings and net new customer addition in India. We have over 700 partners in India like HPE, Cisco, Lenovo and also cloud service providers (CSPs), GSIs and ISVs. Moreover, we are a 100% channel company and the approach works well for us in India. Already brands such as Mahindra Group, Hero MotoCorp, Future Generali, Kunal Structure, Havmor and 63 Moons etc. are deploying our solutions.

In the next 12-18 months, we are focusing on industry vertical-led orientation and expanding our leadership team to ensure strong relevance for the APJ market. We would look at further expanding our market share in verticals such as Banking, financial services and insurance (BFSI), manufacturing, automotive, IT/ITeS industry, pharmaceuticals, and public sector undertakings (PSUs). We would step up our efforts within these key markets and deliver solutions to help customers on their modern data protection journey. Further we will continue to drive strong growth and build a long-term strategy for our customers, channel partners, employees, and organisations with which we’re collaborating.