3 data protection and governance predictions for 2023
How should backup teams prepare for a new year? Data protection pros can adjust to a changing IT landscape by keeping an eye on ransomware, data governance and compliance.
So many things happened in 2022 in the areas of data backup, recovery and governance! Many of my peers would describe these markets as somewhat mature. I would agree that they're not new and "shiny" like other markets, but it would be wrong to conclude that they are not extremely dynamic, lucrative for vendors and investors, and a source of fundamental technology for IT professionals.
These markets are also evolving to adjust to new IT infrastructure driven by digital transformation, new business and legal mandates, and the constant threat of data loss -- voluntary or not.
Below you'll find a look at what I believe 2023 has in store for us.
Recoverability and resilience will remain a key initiative
The ransomware epidemic is a flourishing business for cybercriminals who are full of ominous creativity and plots to extort more and more money from ill-prepared organizations. The cryptocurrency meltdowns of last year are unlikely to change the frequency or seriousness of attacks and ransom demands, in case you were wondering.
In 2022, TechTarget's Enterprise Strategy Group (ESG) conducted a ransomware preparedness study, "The Long Road Ahead to Ransomware Preparedness." Our study showed an ill-prepared market with only 15% of organizations making the cut as "leaders" in our model. The dimension in which everybody scored poorly was backup and recovery. Even leaders don't get more than a 40% score. This year we will take another look at ransomware preparedness and gauge how the market has evolved.
In 2023, I expect that we will see organizations not only continue to invest in the protection of their data assets, but very likely invest more than ever in this area of IT. I also expect to see data protection vendors continue to accelerate their partnerships with cyber vendors, and in some cases, engage in M&A activities to offer broader cyber-resilience features and options. I would also caution them to not over-pivot and declare themselves cybersecurity vendors. Don't worry: There's plenty to do around backup and recovery.
SaaS and cloud workloads are the next holy grail for backup vendors
ESG's 2022 study, "SaaS Data Protection: A Work in Progress," demonstrated that the adoption of SaaS workloads is going to continue and become even more pervasive. More importantly, it showed that the backup and recovery mechanisms in place to protect SaaS applications leave a lot to be desired. SaaS applications are mission-critical for most organizations.
One would logically expect to see the same level of protection in place as when the applications were in the data center. Wrong! Our data indicates that one-third of the respondents think that the SaaS vendor is responsible for their backup. Very wrong! That's what I call the SaaS data protection disconnect.
While SaaS vendors rightly and often communicate about their "shared responsibility model," it's clear to me that there may be some confusion in the market about the fact that, as an organization, you are always responsible for your data. There are no magic backup people in the cloud.
Beyond the protection of SaaS applications, our research will delve deeper into cloud data protection this year, so stay tuned.
This realization that backups are needed for cloud workloads is going to become more obvious in 2023, potentially amplified by my previous points on ransomware and by the market education work that some vendors will undertake -- to their great benefit, I might add. The battle lines for the next evolution of the market are going to be drawn more clearly this year: I expect vendors to literally race to add more features and more SaaS platforms to their lineup, along with more capabilities to protect hyperscale-based data, which also includes being great at protecting K8s environments.
The biggest hurdle: How many SaaS applications can you cover, and how quickly? It's a development investment dilemma. There are dozens of SaaS applications that are all mission-critical, but no standard APIs. As an end user, wouldn't you want to go with the vendors who cover most, if not all, of your SaaS workloads?
Data governance and compliance continue to accelerate data management transitions
In 2022, we also looked at the evolving strategic role of data governance and uncovered some key trends that confirm that compliance and data governance are going to be key for IT, moving forward. Organizations have a lot of data to manage, and it's doubling approximately every two years.
And this data is full of personally identifiable information (PII). In our upcoming 2023 study, "The Strategic and Evolving Role of Data Governance," we estimate on average that 35% of all data is PII spread across the infrastructure. So, as an organization, you've got a significant and -- frankly -- unavoidable data compliance/governance challenge.
The good news is that data governance has moved up the corporate ladder, so executives and the board of directors care -- or at least have budgets to help. The bad news is that there is not enough unified technology to deal with the data governance complexity. That's because managing data governance requires a lot of processes and technology, with cyber-risk being a serious consideration for best practices.
In 2023 I expect to see more spending happening in this area in which there are vendors coming from multiple horizons: data-focused/DevOps, cybersecurity and data protection/backup and recovery.
Backup and recovery vendors are particularly well positioned if they can execute on the marketing and sales sides: Data governance involves new personas. End-user organizations will also take a closer look at their development practices in order to build data privacy by design in their application development. Very much like with ransomware, vendors will be expanding their capabilities through partnerships and targeted M&A activities.