Backup alone is not enough, according to Acronis CEO Serguei Beloussov. True data protection involves a combination of security, privacy and accessibility on top of backup.
Backup provider Acronis is evolving into a vendor of what it calls “cyber protection.”
Acronis CEO Serguei Beloussov said backup alone is not enough to provide true data protection. In order to be fully protected, organizations need to guarantee their data is recoverable, accessible, private, authentic and secure. Later this year, Acronis will be launching security products with its backup capabilities included, alongside capabilities that handle the other aspects of protection Beloussov mentioned.
Beloussov said due to the automation, low cost and low risk of getting caught, ransomware and other cyberattacks have become more rampant. Backup and security need to be converged because full protection from these bad actors must involve being able to prevent attacks, respond to them and recover from them in case they succeed. He also saw digital transformation as opening up new vectors for criminals to attack from.
We spoke with Beloussov about these new risks, how Acronis plans to address them, its IPO and acquisition plans, and one of his new customers – the World Series-winning Boston Red Sox.
What are the most important things for people to know about backup and data protection right now?
Serguei Beloussov: Backup is dead. There is no "just backup" anymore. Data protection is about safety, accessibility, privacy, authenticity and security. Backup is just the safety portion – ensuring nothing is lost.
It's important that data isn't just safe, but also accessible. And the process to access it has to be private, so you know who has access to the data. Next, you need to guarantee authenticity to know it's not modified. And then there's security, to prevent unauthorized access.
All of these things need to be done to get full protection, or cyber protection, as we call it. In my opinion, companies need to think about protection in a non-static way. You need to be able to prevent problems, respond to them and recover from them.
And so you need tools for recovery and forensics. If somebody somehow logged into your [Microsoft] Office 365, unless you have proper logs, proper information for you to analyze, you will not find out how they did it. And you cannot prevent it from happening again.
We're currently in a state where mobile devices are being broken into, we're losing privacy, we're losing our authenticity. It's happening with elections, it's happening with businesses, it's happening with NGOs. And so everybody has to think about how they protect their data, applications and systems.
Which kind of companies are most at risk right now from ransomware and cyberthreats?
Beloussov: Unfortunately, cyberattacks have become very automated and industrialized, as the cost of attack is very low. You don't need to spend too much money, you can attack many people at once and it could be managed by AI.
Unfortunately, cyberattacks have become very automated and industrialized… And you don't have to attack Citibank to make a disaster.
Serguei BeloussovCEO, Acronis
So everybody's at risk, but in my opinion, the people at most risk are small and medium businesses and consumers because they just don't have the money. They're not like enterprises, which are equipped to deal with it.
The issue is current law enforcement and government policy is very much focused on government agencies and large businesses, and not really focused as much on SMBs. But I think more than half of the US economy is SMBs. And of course, everybody is a consumer.
And you don't have to attack Citibank to make a disaster.
Another area which is making everything more vulnerable is digital transformation. In a lot of industries, you have to become more connected. But as soon as you get that smart TV or create an ecosystem, you will become vulnerable. You immediately have data applications and systems that, if you didn't think about protection, are open to attack. Everything is connected now.
Is data management becoming synonymous with data backup?
Beloussov: We believe data management is kind of an extra market. Data management is not about protection; it's about extracting value from data. It's very close to an organization's computing core, which is not where we're focused. We're focused outside of the core, at the organization's endpoints. And on the edge, the data is less valuable, typically.
That said, we have data management as part of our products, but it's focused on managing data which is outside of your core. There, the management problem is different. For example, we provide the ability to search for a file's location across multiple servers and desktops, virtual or physical. We can do this because we have a central place where we store it.
This is different from the enterprise search tools and data management you see from our perceived competitors because we are moving away from data protection and data management to cyber protection.
Will you launch any new products this year?
Serguei Beloussov
Beloussov: We are shipping three products in October through November. The first is [Acronis Cyber Infrastructure], which is cyber protection. It's a protected software-defined network designed specifically to be available as a secondary infrastructure to run your application systems and data when your primary is under attack or broken.
Then we're shipping Acronis [Cyber Protect], which covers vulnerability assessment, patch management, malware prevention, backup, remote management, authenticity management and privacy management in one package. It is a single agent, single policy, single UI, all integrated, for you to install on your PC or your server.
And then we're releasing Acronis Cyber Platform, an underlying platform on top of which we will build all of our products. And products can actually be built by third parties. We will open our platform to third parties so that they can support workloads that we don't.
Beloussov: It's very simple; they have data and applications, and we provide protection. For recovery, we set up file sync and share to send applications and files around, it's protected and you can always know where it is. And you can control the rights – you can have very fine-grained permissions and audit logs and so on.
Nowadays, data is very important for baseball. All sorts of data is being recorded – data about players' behavioral plans, about the stadium and, of course, about the game. This is important for training, playing, making decisions about changing players, buying new players and so on.
And it's important to have data about fans, because you need to know what fans like and don't like, where they do and don't engage. You can really fine-tune the way the stadium operates and the way the game is played so that fans are more engaged.
Are you pursuing an IPO?
Beloussov: Not right now, as we're still doing some major launches. In five years, it's highly likely. I mean, we can go public at any point. We have almost $250 million in revenue, we are around one thousand employees and we're making money. And we're growing.
So technically, it's totally doable, but it's not a strategy to go public – it's just a sort of side effect of having a successful company.
Are acquisitions on the table?
Beloussov: We are considering multiple companies, but nothing major. We're not going to change our strategies from cyber protection, cyberinfrastructure and a cyber platform.
The thing about cyber protection is what workloads do you protect. There's Salesforce, NetSuite and a bunch of other applications you can protect. And it's also about which data destinations. We have our own cyberinfrastructure, but we can also send data to Microsoft, Google, Amazon, Wasabi and a bunch of others. And there will be more.
We always have two to three companies with which we're talking to about acquisition, and we will definitely do at least three acquisitions this year. We're looking at $10- or $15-million companies – nothing major. We're not going to acquire Veritas.
Serguei Beloussov
