Is storage the weak link in your cyber-resilience strategy?
While challenges exist in applying cyber resilience to storage platforms, vendors are starting to make it easier for organizations to add that needed layer of protection.
We provide market insights, research and advisory, and technical validations for tech buyers.
Published: 05 Sep 2025
With the knowledge that a large-scale cyberattack is more a case of "when" than "if," organizations require a comprehensive cyber-resiliency strategy. Since attacks such as ransomware are squarely targeting an organization's data, this brings the data -- and storage infrastructure -- into sharp focus.
This focus now seems to be translating into much higher interest levels. A great example is the buyer activity on the Informa TechTarget network. When we look at the storage and data protection segment over the last 180 days, the topic driving the most buyer activity overall is "cyber resilience." Moreover, activity here outstrips the number two topic -- "artificial intelligence" -- by more than two to one. Several additional security-related topics -- cloud security, ransomware, zero-trust, data security, continuity management and security frameworks -- dominate the rest of the top 10.
Buyers are beginning to move from talking about storage-level security measures to actively researching them, with a view to implementing a storage-specific technology strategy. In other words, the purchase intent seems to be increasing.
Cyber-resiliency adoption challenges
If this is indeed the case, it would be a very encouraging development. That is because, unfortunately, too many organizations only invest in a cyber-resiliency strategy after they've experienced the consequences of not having such measures in place.
In recent months I've spoken with multiple IT leaders who are happy to extoll the virtues and importance of implementing various storage-level resiliency technologies. What did all these organizations have in common? They have all previously been burned -- chiefly via ransomware attacks that saw them lose access to critical data and systems. Unsurprisingly, none of them want to relive the experience.
While it's human nature that we tend to resist making changes until it's necessary, there's a fine but definite line here between "necessary" and "too late." Accordingly, it's also useful to consider what specifically prevents organizations from making the necessary investments ahead of time.
Ultimately, it's a range of factors. Cost is certainly an issue. Such technologies rarely come for free, and IT leaders face real challenges in where to prioritize their security and other IT investments in a fast-moving threat landscape. A dearth of skills may be an issue for many.
Businesses also face organizational challenges: Are storage and infrastructure teams sufficiently joined with security teams to agree on and manage a storage-level cyber-resiliency strategy as part of the broader security effort? Or does one team simply assume that the other has it covered?
A further important factor is the nature of the platforms themselves. We are seeing a rapid evolution here that, ultimately, should help serve customers better.
Storage providers step up their resiliency efforts
Cyber-resiliency products have grown in popularity at the backup and recovery tier of data infrastructure over the last several years. Almost all data protection vendors have recast themselves as "cyber-resiliency" providers, and for good reason. The one thing standing between an attacker and their ransomware payment is a clean backup copy, so this is a key area for organizations from both a protection and preparedness perspective.
We're now seeing cyber-resiliency products extend out from the backup domain and into the primary storage tier.
However, we're now seeing cyber-resiliency products extend out from the backup domain and into the primary storage tier. Organizations often use primary storage systems for storing data snapshots, so having immutable copies here can add an extra layer of defense, improving recoverability and resiliency.
Perhaps more interestingly, multiple storage providers are applying advanced analytics and AI techniques within the primary storage tier to highlight unusual data access activity that might indicate an attack is underway. Such techniques potentially provide IT teams with an opportunity to respond before it's too late.
One notable example is Index Engines, which has the likes of Dell, IBM, Infinidat and Hitachi Vantara as OEMs of its core ransomware corruption detection technology, CyberSense. Index Engines has recently patented an AI process that automates the ingestion and behavioral analysis of ransomware variants. This, it says, enables continuous training of AI/ML models on real-world attack patterns, resulting in faster corruption detection, smarter recovery decisions and stronger data integrity.
Meanwhile, Pure Storage is also developing a partner-centric approach to cyber-resiliency. The company is assembling a comprehensive roster of partners that includes data protection providers such as Rubrik, Commvault and Veeam to form integrated platforms that complement its own data protection capabilities. Such integrations should help address a key barrier preventing broader cyber-resiliency adoption -- complexity.
Pure is also partnering with security analytics specialists including Cisco's Splunk, CrowdStrike, Elastic, Varonis and Superna, according to the vendor. Integrating its storage systems with monitoring and analytics tools can identify suspicious activity that could indicate ransomware activity or data theft, protecting critical applications.
NetApp continues to make investments in this space. It's also using AI as part of its Autonomous Ransomware Protection capability. Currently operating at the file level, it can identify a ransomware attack after only a small number of files are encrypted, from which point it can respond automatically to protect data and alert IT teams that a suspected attack is underway.
All organizations need to develop a comprehensive, layered security strategy that combines preventative measures with appropriate resiliency that enables them to recover when the worst happens. With critical enterprise data in the crosshairs of attackers, the storage environment can play a key role in that strategy, and IT leaders should assess the cyber-resilience strategies of storage providers as part of their purchase evaluations.
The good news for customers is that this is now a key focus area of innovation for providers. Storage doesn't have to be a weak link in your cyber resiliency strategy.
Simon Robinson is principal analyst covering infrastructure at Enterprise Strategy Group, now part of Omdia.
Enterprise Strategy Group is part of Omdia. Its analysts have business relationships with technology vendors.
