VeeamON 2022: Backup and security union emerges as top trend

This week's VeeamON featured a combination of in-person attendees and online viewers. Another mix stood out at the show: the merging of backup and security technology.

Veeam's user conference drew about 1,500 people to Las Vegas and 45,000 virtual registrations. While Veeam CTO Danny Allan said that the vendor has already scheduled VeeamON 2023, it also plans to continue hosting hybrid events that users can access long after the physical event is over.

At this year's show, Veeam noted backup and security improvements in forthcoming releases, including more immutable options in Backup & Replication v12 and monitoring and reporting in Backup for Microsoft 365 v7.

In this Q&A, Allan and Rick Vanover, senior director of product strategy at Veeam, discuss backup and security trends they're seeing, specifically regarding ransomware attacks and protection, as well as where they think the company is headed.

One of the themes at VeeamON was the blending of backup and security, which seems to be an overall trend now. How can you pull off that mix effectively as a company and how can users do the same?

Danny Allan

Danny Allan: I would argue that cyberthreats -- and specifically ransomware -- is probably the biggest threat facing customers today.

So we have a responsibility at Veeam to do three things in helping them with ransomware protection. The first is to build security capabilities into our product -- immutability, multifactor authentication and delegation of access. Second is we have responsibility to monitor the environment for anomalies. We're using Veeam One [monitoring and reporting tool] to do that. And then the third is, in the instance of a successful cyberevent, we have the responsibility to help them with their recovery, or orchestrated recovery.

That doesn't mean that Veeam is becoming a security company. It simply means that we're giving the foundational elements to our customers to ensure that their data is protected. And we are part of the larger picture.

Rick Vanover

Rick Vanover: It is a natural adjacency. Backup is very adjacent to security. Some of the stakeholders on the security team are important to connect with the backup professionals.

Veeam has the ability to integrate and alert and communicate with their established processes.

I have to be really clear on where we are -- we hold the backup data, we can detect behavior on the capture, we can ensure clean behavior on the recovery. And we can look inside the backup data with some of the APIs that we have.

How has advice for ransomware backup and recovery best practices changed?

Vanover: The most impactful thing I have done is talk to Veeam tech support. I pivot my advice based exclusively off what I'm seeing from that group, and I think that's really important.

Cyberthreats -- and specifically ransomware -- is probably the biggest threat facing customers today.

The advice is changing less, which I think is very good, because I do believe I'm getting the word out. But every now and then I'll hear some weird things.

What are some other backup and security trends or next big things to watch out for regarding ransomware? And how can users proactively protect against them?

Vanover: The big one is the extortion or exfiltration of data. I say encrypt your data in the cloud or someone else will. That goes for backup data, that goes for sensitive production data as well. If everything's encrypted, the exfiltration risk goes down. That's something to explore and see if there are opportunities to encrypt more to help ensure the confidentiality of that data, the integrity of that data and the availability of that data.

There is a risk with encrypting everything and that usually means it takes away some of the storage efficiencies.

What are some of the biggest takeaways with the ransomware research report Veeam released this week?

Vanover: One takeaway is that people are the biggest part of the ransomware situation -- [across] the spectrum. Meaning a phish email -- that starts with somebody falling into the trap. And to that end, everybody's on the cybersecurity team -- everybody that has access to any type of technology.

If I'm a backup administrator, am I implementing everything to the latest advice? Do I have one or more immutable copies? Do I have a plan in place? Do I have an ability to know that everything I have has been backed up?

Veeam CEO Anand Eswaran has noted that he is interested in potential acquisitions. Are there areas where Veeam could go outside the company versus developing technology in-house?

Allan: Anand has mentioned he wants to be a $10 billion company. And if you look at the data protection market, it'd be hard to be a $10 billion company if you were only doing data protection. We have a healthy bank balance and we're willing to spend it. The board of directors has given us very clear instruction to continue to increase the addressable market and offer new solutions. So that would include strategic acquisitions as part of that journey.

What are potential adjacent or different markets that you might expand into?

Allan: I can't be specific on this, but if you look at the things that are in our adjacent markets, clearly security is a big component that plays next to us. Performance is a component. Cost management, if we can move things across different environments, being able to analyze the cost associated with them.

We're not saying that we're going to buy in these spaces, but there are adjacent markets that would help inform our data protection on how to be more efficiently leveraged within a business.

Where would you like to see Veeam go next?

Vanover: There's a need for more cloud products and more SaaS-type services. I occasionally get a few oddball requests for a couple of enterprise apps or heritage operating systems, but I don't know if the juice would be worth the squeeze to make these types of products.

I see a pretty strong opportunity in the public cloud, software as a service and broadening the platform there for sure.

Editor's note: These interviews were edited for length and clarity.