Ransomware blurs line between data backup, security

Ransomware is making its mark on the data backup market, with one vendor shedding its backup label for security. That transformation will be on display at Rubrik Forward 2023.

Data protection vendor Rubrik reintroduced itself as cybersecurity specialists at its user conference last year, arguing the future of data backups and disaster recovery lies in merging with security.

This year, the vendor will once again make ransomware and data security a focus of discussion as ransomware attacks increase against enterprise customers. Even Rubrik hasn't been immune to the fight; it suffered a data breach in March.

Like other data backup vendors, Rubrik unveiled features last year designed with cyberattacks in mind, such as machine learning and AI tools as well as SaaS backup capabilities for Microsoft 365.

These capabilities contribute the fight against ransomware, said Phil Goodwin, research vice president at IDC. Ransomware, a risk that traditionally falls under security's purview, remains top of mind for backup administrators.

"We see a trend among IT organizations. They are not really differentiating between data security and data protection," Goodwin said. "The label data protection is being applied on a more frequent basis to anomaly and intrusion protection."

How vendors respond to the dual needs of security and data protection will become a balancing act of building useful features that don't overpromise nor underdeliver.

As Rubrik attempts to redefine itself as a cybersecurity vendor, other backup vendors don't want to muddy the waters. Executives at Commvault, a rival to Rubrik, are adamant their new detection and cyber deception tools are still firmly in the realm of data backup.

Backup vendors will need to continue showing they can handle the challenges associated with being a security company as the backups under their control are targeted more. Western Digital, a storage vendor selling a backup SaaS, confirmed it was the victim of a ransomware attack that knocked out services for almost two weeks.

"No one company can address it all," Goodwin said. "It's a journey. [Rubrik is] one of the companies that has driven aggressively to address cyber protection and cyber security from a single platform."

Thin silicon line

Veeam, which will host its VeeamON 2023 conference just days following Rubrik Forward, joined Rubrik last year in positioning itself with greater cybersecurity features. Druva, too, added security features into its data backup platform in 2022.

All these vendors are looking to posture their products as hardened against ransomware, according to Christophe Bertrand, an analyst at TechTarget's Enterprise Strategy Group. Ransomware attacks remain a priority for IT teams and executives, dictating strategy and buying decisions, he said. Data backup is now a market where vendors can better differentiate themselves depending on what cybersecurity capabilities they offer.

"We're seeing this area of cyber response meets disaster recovery," Bertrand said. "A lot of the data protection vendors work on their security but also improve and enhance their ability to detect ransomware."

Backup capabilities often include immutable snapshots or air gaps, but vendors are now expanding their software to include traditional security tools. Customers expect backup software and services to include multifactor authentication to prevent unauthorized access and machine learning capabilities to detect changes in data copies that could contain ransomware payloads.

These are positive additions to data backup platforms but do not replace the comprehensive set of security features enterprise IT might need, said Jerome Wendt, an analyst and CEO at Data Center Intelligence Group. Backup companies might be better off going for a partnership than building in security features themselves.

"Everyone is getting a little more mature about it," Wendt said. "I'm still not convinced those who do it themselves will do it as well as those partnering with third parties."

The cloud hyperscalers, which include AWS, Microsoft Azure and Google Cloud Platform, have remained distant from the data backup and data protection market, said Steve McDowell, an analyst and founding partner of NAND Research.

Outside of some simple disaster recovery offerings, such as AWS Elastic Disaster Recovery, McDowell said the hyperscalers have little in their portfolios attempting to replicate the features of dedicated vendors.

"It surprises me the big guys [are] not rolling out the robust feature set," McDowell said. "That's a huge opportunity for those guys to grab and control their customers lives a little more."

SaaS data backup capabilities will remain popular for backup vendors, analysts agreed, because many users remain unaware of the shared responsibility model they enter into when choosing SaaS applications or platforms. In this model, the service provider is responsible for maintaining quality of service, and the customer is responsible for protecting the data it uses within that service from loss, corruption or attacks.

"The adoption lags the hype pretty significantly," Goodwin said. "[SaaS] will continue to be a growing market for a number of years."

Ghost in the air gap

Like other IT vendors, Rubrik will also likely include a generative AI narrative at this year's Rubrik Forward.

The hype and saturation of generative AI, particularly surrounding products such as OpenAI's ChatGPT, will come to the backup space as well. But analysts said enterprise buyers will remain skeptical.

I'm still not convinced those who do it themselves will do it as well as those partnering with third parties.
Jerome WendtCEO, analyst, Data Center Intelligence Group

"It's really hard to separate the hype from the reality," McDowell said. "There's a little bit of AI fatigue right now."

Rubrik, Commvault, Cohesity and other backup vendors already include machine learning in their products. Rubrik uses machine learning to find when user data has been compromised as well as find anomalies or encryptions in backups.

Cohesity is partnering with Microsoft Azure and OpenAI to add generative AI capabilities into data protection, such as generating readable after-action reports following a security incident or action.

AI washing will contribute to the confusion, Bertrand said. Vendors will not use consistent language in their marketing and will inflate AI functionality.

"I haven't seen anybody come out with a clean AI message and positioning," Bertrand said. "It's really more of an efficiency play in the end."

IT teams should still brace themselves for AI usage both for and against them, however. Goodwin expects more ransomware gangs to take advantage of the technology as well.

"If you don't think the bad guys are going to use it against us, you're dreaming," he said.

Tim McCarthy is a journalist from the Merrimack Valley of Massachusetts. He covers cloud and data storage news.

Next Steps

Ransomware top of mind for IT at Rubrik Forward

Dig Deeper on Data backup and recovery software