3dmentat - Fotolia

Scale Computing woos public sector with hardened backup

Scale Computing HC3 integrated Acronis SCS Cyber Backup 12.5 Hardened Edition to provide a strong ransomware defense offering for public sector customers.

Scale Computing gave its public sector customers a way to lock down and air gap their most sensitive data.

Last week, Scale Computing partnered with Acronis SCS and started offering Cyber Backup 12.5 Hardened Edition on Scale's HC3 platform. HC3 now has the same API-level integration with Acronis SCS's data protection as it does with regular Acronis backup. Hardened Edition is specifically aimed at air gapped systems with no internet connection, such as government weapons testing sites and public utility control centers. It is on the U.S. Department of Defense Information Network Approved Products List.

Scale Computing is a hyper-converged infrastructure (HCI) vendor along the same lines as Nutanix, Dell EMC VxRail, Hewlett Packard Enterprise SimpliVity, Cisco HyperFlex and Pivot3 Acuity. It has been sold Acronis backup through a partnership since 2011. In September 2019, the two entered an OEM deal in which Acronis backup integrated with Scale's HC3 platform, natively interfacing with its snapshot mechanisms. By extending this relationship to Acronis SCS, Scale can now address the needs of its public sector customers, which have seen greater data protection demand due to increased ransomware attacks. With customers such as Illinois-based Paris Community Hospital and Texas-based Harlingen Waterworks System, the public sector makes up one of Scale's top three verticals.

Acronis SCS is an independent American company separate from Acronis proper. It was incorporated in 2018 and officially launched in April 2019 specifically to develop and sell Acronis backup to the U.S. public sector. As such, it does not share data, code or other resources with Acronis, all of its employees are U.S. citizens and all of its products are validated by U.S. third-party agencies. Acronis Cyber Backup 12.5 Hardened Edition is its Department of Defense-approved backup product aimed at federal government agencies and utilities. Acronis SCS is led by CEO John Zanni.

Alan Conboy, office of the CTO at Scale Computing, said ransomware attacks against public sector entities are rising. With more employees working remotely due to COVID-19, cyberattacks have increased due to newly exposed vulnerabilities. Conboy said the public sector is open to attack for many reasons, most of them centered around budgetary constraints. He suggested hospitals and utilities don't always have the funds to use the latest in data protection technology, nor can they pay enough to attract top-level IT talent.

Christophe Bertrand, senior analyst at Enterprise Strategy Group (ESG), said the Scale-Acronis SCS partnership is timely. There's no question that ransomware attacks have increased, and this lets Scale Computing deliver data protection to organizations with strict requirements on the IT products they can deploy. He added that the combination of Scale's HCI and Acronis SCS's hardened backup is well-suited for decentralized organizations with little IT presence or expertise at each individual site.

"It's an effective combination," Bertrand said of the HC3 platform and Acronis SCS backup. "I think it will create interesting competition in this space."

VPN vs. VDI

Conboy said HCI adoption increased alongside the surge in remote work. He said it's mostly owed to increased demand for virtual desktop infrastructure (VDI), which is one of the main use cases for HCI. Many organizations turned to VDI to securely support a large-scale, at-home workforce. Because this method turns on-premises desktops into browser sessions, the endpoint device accessing it -- along with any vulnerabilities it may have -- do not matter.

Another method for supporting remote users is to give them all company laptops and have them log in through a VPN. Conboy said this method extends a pristine corporate network into vulnerable home networks. He noted that ransomware has started targeting VPN providers and home networks because criminals could potentially use those to gain access to corporate networks.

"That is exactly the wrong way to do it. You don't want to push your network out; you want to pull your end users in," Conboy said.

Mark Bowker, senior analyst at ESG, agreed, with caveats. He said VDI is the way to go, but it would've been difficult for companies that haven't laid any VDI groundwork to suddenly deploy it at scale at the start of mandated lockdown. Even companies that were invested in VDI mostly only did so at a small scale, either to support a handful of remote workers or to provide local DR. Before COVID-19, there was no reason for organizations to believe their remote workforce would grow, so most of them didn't have the capacity in place for large-scale VDI.

"The problem was a lot of executives before COVID were reluctant about remote work even though they had the technology for it. Nobody prepared for this on a global scale," Bowker said.

After lockdown, companies went into what Bowker called, "reaction mode." This meant companies used what they had on hand, and in most cases, that was VPN. Bowker's research found that in the immediate aftermath of mandated lockdown, 54% of respondents said they first had to log in through a VPN to work remotely. Only 20% said they worked through VDI.

Bowker said VPN doesn't scale well and opens up attack surfaces for bad actors, but the technology is established and has been around for more than two decades. He wasn't surprised that most companies turned to it for remote work. However, he said the shift to VDI is already happening. Five months into lockdown, companies are realizing the limits of VPN and investing in VDI and desktop-as-a-service offerings such as Amazon WorkSpaces.

"VDI technology works, but it just never had executive support. VPN was initially sufficient for their volume of remote workers, so they didn't touch it," Bowker said.

Dig Deeper on Data backup security