Spin, Damn Spin and Statistics in Cloud Backup

It’s not news grabbing ransomware attacks that will get your data, it’s the mundane risks.

Backup was in the spotlight again last week with news from IBM, Veeam and Kasten. The latter two companies teaming up to solve the complexity of data protection for hybrid clouds. Veeam established in virtual machine protection, Kasten focused on Kubernetes workloads.

Not to be outdone, IBM announced enhancements to Spectrum Protect to support its corporate strategy of helping enterprise customers transition workloads to cloud. Notable announcements included backup for AWS EC2 instances and extended use of Object storage and tape, burnishing its security credentials. Improved integration with Kubernetes Labels will make it easier for developers to protect application data and systems, in groups.

Anonymous Spin

Unfortunately, both announcements were filled with references to malware and cyber crime in general. This, rather than the new features, is the focus of the blog. It got us wondering what triggers backup, or more accurately, recovery incidents? We looked at data in Predatar over a five-year period from 2014 (roughly the period when ransomware became part of the general IT psyche), to 2019.

Some observations.

Firstly, every organisation did at least one restore in any calendar year, ranging from dozens to thousands of restores. As a percentage, average recovery ranged from 2.5% to 4% of total data backed up. If a company backed up 100TB of data, in any calendar year it would recover between 2.5TB and 4TB. It has a 1 in 25 chance of needing to recover a known data set, regardless of whether it is the victim of a ransomware attack.

It’s not the extreme tail-risks that’ll get you (or your data at least), but boring, often routine, malfunctions and errors.

Media Spin

Newsrooms and media barons don’t attract audiences or sell newspapers with the mundane. For every news grabbing homicide in the USA, twenty-five people die quietly from heart problems. The data protection barons seem intent on copying this narrative by insisting every press release is laced with images of corporate calamity at the hands of cyber criminals.

Secondly, what’s important is not so much your ability to avoid all incidents but your ability to handle them well. There has been a tendency, as the technologists we are, to rely too much on automation and product features. We try to design and architect out of existence every conceivable failure. This is admirable but it’s impossible to avoid random but inevitable events. It’s more important to stay alert. Mortality figures again offer up an example…

Take it for a Spin

Did you know in some European countries, more pedestrian-crossing users (“zebra” for our American friends) die than jaywalkers? The health and safety interventions designed to protect us can have unintended consequences. Foot walkers switch off when using a zebra crossing; jaywalkers stay alert.

The secret to staying “backup alert” is to test and test regularly.

If there is a must-have feature on your data protection shopping list, it’s the ability to regularly and systematically perform recovery testing. This won’t make your data immune from threats or catastrophic events, but it will make your system more robust.