Photobank - Fotolia

Backup heads to cloud as ransomware hits 76% and RTOs/RPOs fail

Veeam survey finds most can’t recover the data they want or do it in time, ransomware is now a ‘disaster’, use of the cloud is increasing, but the datacentre is still very important

In a disaster recovery scenario, most organisations can’t recover the data they want or do it quickly enough.

Meanwhile, ransomware attacks – now firmly among the list of potential “disasters” – have been suffered by 76% of organisations in the past 12 months, with successful entries by malware mostly down to users clicking links and compromised admin systems.

Those are some of the findings of the Veeam Data protection trends report 2022, which questioned more than 3,000 IT decision-makers, mostly in organisations of more than 1,000 employees and in 28 countries.

Top-level findings in the survey included that the average outage lasts 78 minutes and the estimated average cost is $1,467 per minute – or $88,000 per hour – with 40% of servers suffering one unexpected outage a year.

Failed RTOs and RPOs

A key finding was that recovery time objectives and recovery point objectives (RTOs and RPOs) are not being achieved. That is, there is an “availability gap” and a “protection gap”, according to the Veeam view of the survey results.

When asked whether their organisation can recover applications as quickly as service-level agreements (SLAs) demand and whether they can restore all data that SLAs specify, the answers were resoundingly that they couldn’t.

Nine out of 10 (90%) said they could not recover data as quickly as they wanted, and 89% said they couldn’t recover all they wanted.

Shift to the cloud

Backup is increasingly making use of the cloud, and by 2024, 79% of organisations expect to use the cloud in some form for backup purposes. That is a projected increase from 67% this year.

Meanwhile, disaster recovery (DR) is also expected to undergo a big shift to use of the cloud, according to the survey. While 34% managed DR using their own datacentres in 2022, the expectation of respondents was that 53% would be done via the cloud and a disaster-recovery-as-a-service (DRaaS) provider by 2024, although 28% of data would still be held on customers’ own sites.

How to recover from a disaster varied, with most (61%) saying they would restore to on-premise sites, while 39% would recover to the cloud. A significant portion in both cases (40% and 20% of all who responded to these questions) said reconfiguring networking would be manual.

And with servers, 29% expect to manually reconfigure them, while 45% will use pre-written scripts, and 25% have orchestrated workflows.

But the datacentre is not dead – that is the Veeam take on results that saw the proportion of virtual machines hosted in the cloud already close to half (47%), according to those questioned, with this expected to rise a little by 2024 (52%). But the datacentre will remain vital, with the remainder – split equally between physical and virtual servers – staying on-site.

Ransomware affects most

Ransomware attacks have been suffered by 76% of those questioned. Only a quarter (24%) had suffered no ransomware attack in the past 12 months, but 23% had been the victim of two, while 19% suffered three and 16% only one.

When asked about causes in more detail, malicious links were the most common means of entry (25%), followed by compromised credentials such as logins, passwords and remote desktop protocol (RDP) vulnerabilities (23%). One-fifth (20%) of ransomware attacks gained entry via an infected patch or software update, while 17% came from spam email and 12% from an insider threat.

When it comes to recovering data from a ransomware attack, an average of 64% of data was restored. More than one-third (36%) of respondents got more than 80% back, while 19% restored between 61% and 80%, 20% restored between 41% and 60%, and 18% recovered between 21% and 40%.

Containers a growing trend

Containers are a small but significant growth area as a means of running applications that is cloud-native and portable between locations. According to the Veeam survey, 56% of respondents use containers in production, and 35% plan to.

But the survey found an uneven set of responses to the question of who was responsible for container application data protection. Just under one-fifth (19%) said it is handled by the main backup team, while 21% said it is handled by those who manage Kubernetes. Meanwhile, 27% said backup was handed by the application owners and 28% by the team that manages storage for components used by Kubernetes.

Snapshots vital

According to Veeam, snapshots, taken throughout the working day, need to be used in conjunction with backups, usually run once a day usually. That is because, according to the survey results, there is not much difference between the importance of “high priority” data, of which 55% has a downtime tolerance of one hour, and “normal” data, of which 49% can stand the same delay.

But according to the survey, most respondents do that anyway. Nearly one in five (19%) protect high-priority applications constantly, while 13% do the same for “normal” applications. Both are protected every 15 minutes by 17% and every hour by 19%. About one-fifth (18% high priority, 20% normal) protect data no less frequently than every two hours. Those figures become 14% and 16% for between two and four hours. Every four to six hours is 7% and 8%, six to 12 is 3% and 12 to 24 hours is 2% and 4%.

Digital transformation speeds up

The survey also asked about digital transformation projects, and found the pandemic had tended to speed things up, often by accelerating already-planned modernisation. Most (73%) said they had speeded up digital transformation initiatives, while 18% said they were unaffected, and 9% said things had slowed.

That said, there are obstacles. The most commonly cited are lack of skills (54%), dependence on legacy systems (53%), focus on maintaining operations due to the pandemic (51%), lack of management buy-in (43%), lack of time (39%) and lack of money (35%). Only 8% said nothing stood in the way of their digital transformation initiatives.

Read more on backup and disaster recovery

  • Cloud-era disaster recovery planning: Assessing risk and business impact. In the first in a series on cloud-era disaster recovery, we provide a step-by-step guide to building firm foundations for the disaster recovery plan, with risk assessment and business impact analysis.
  • How the pandemic changed backup. The Covid-19 pandemic forced big changes in how people work – we look at impacts on backup, including increased reliance on the cloud, plus security and compliance vulnerabilities and ransomware.

Read more on Disaster recovery