Veeam Cloud Protection Trends Report 2023 reveals what is driving IT leaders to change their strategies, roles and practices around cloud workload production and protection.

Veeam Software, the leader in Modern Data Protection, announced the findings of the Cloud Protection Trends Report 2023, covering four key as-a-Service scenarios: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), Software-as-a-Service (SaaS), and Backup and Disaster Recovery-as-a-Service (BaaS/DRaaS). The survey found that businesses recognise the increasing need to protect their SaaS environments. For example, nearly 90 per cent of Microsoft® 365 customers surveyed are using additional measures rather than relying solely on built-in recovery capabilities. Preparing for rapid recovery from cyber and ransomware attacks was the most frequently cited reason for this data protection, while regulatory compliance was the second most important.

Highlights of the report:

While new IT workloads are being adopted in the cloud at a much faster rate than old workloads are being decommissioned in the data centre, a surprising 88 per cent of respondents brought their workloads from the cloud back to their data centre for one or more reasons, including: Development, Cost/Performance Optimisation or Disaster Recovery.

As cyber security (including ransomware) continues to be a major concern, data protection strategies have evolved. Most organisations are delegating responsibility for data protection to specialists, rather than requiring each workload owner (IaaS, SaaS, PaaS) to protect their own data. The majority of cloud workload backups are now performed by the backup team and no longer require the specialised expertise or additional burden of cloud administrators.

Today, 98 per cent of organisations use infrastructure running in the cloud as part of their data protection strategy. DRaaS is perceived to outperform the tactical benefits of BaaS because it provides expertise in business continuity and disaster recovery (BCDR) planning, implementation and testing. Expertise is recognised by customers as a key differentiator when selecting their BaaS/DRaaS provider, based on business acumen, technical IT recovery architects and operational support in planning and documenting BCDR strategies.

Unfortunately, as is often the case with new cloud architectures, some PaaS administrators mistakenly assume that the native longevity of cloud services obviates the need for backup: 34 per cent of organisations do not yet back up their data sets stored in the cloud, and 15 per cent do not back up their databases stored in the cloud either.

“The growing adoption of cloud-based tools and cloud services, amplified by the massive shift due to remote working and current hybrid work environments, is bringing hybrid IT and data protection strategies into focus across industries,” said Danny Allan, CTO and senior vice president of product strategy at Veeam: “As threats to IT security continue to grow, organisations need to move beyond traditional backup services and develop a targeted approach that best fits their business needs and cloud strategy. This survey shows that workloads continue to fluidly move from data centres to clouds and back again, as well as from one cloud to another, further increasing the complexity of the data protection strategy. The results of this survey show that while modern IT organisations have made significant strides in cloud and data protection, there is still work to be done.”

The findings of the Veeam Cloud Protection Trends Report 2023 include:

Software-as-a-Service (SaaS): 

90 per cent of businesses know they need to back up Microsoft 365. The report shows that only one in nine companies (11 per cent) do not protect their Microsoft 365 data – a promising majority of 89 per cent use third-party backups/BaaS or advanced tiers of Microsoft 365 for legal protection, or both.

As data protection strategies have evolved and ransomware remains a major concern, most organisations are delegating responsibility for data protection to backup specialists rather than requiring each workload owner (IaaS, SaaS, PaaS) to protect their own data. This contributes to data protection becoming a traditional component given to the traditional backup administrator rather than application developers.

Infrastructure-as-a-Service (IaaS):

While organisations of all sizes are now adopting hybrid cloud architectures, the journey to the cloud is not a one-way street that diminishes the importance of the modern data centre.

30 percent of workloads stored in the cloud come from cloud-first strategies, where new workloads are launched in the cloud much faster than old workloads can be retired in the data centre.

98 per cent of organisations use infrastructure running in the cloud as part of their data protection strategy, including cloud storage tiers, cloud infrastructure as a disaster recovery site or using BaaS/DRaaS providers.

88 per cent of organisations brought workloads from the cloud back to their data centre for one or more reasons (development, cost/performance optimisation or disaster recovery). This highlights the need for 2023 data protection strategies that ensure consistent protection and the ability to migrate when workloads are moved from a data centre to a cloud, from a cloud to a data centre or from one cloud to another.

The majority of cloud workload backups are now performed by the backup team and no longer require the specialised expertise of, or additional burden on, cloud administrators. However, while almost all companies said they have long-term legal requirements, only half of companies keep backups of their cloud data for as little as one year.

Platform-as-a-Service (PaaS):

While most companies are initially moving servers out of the data centre and into IaaS, most agree that the future for mature IT workloads is to run basic IT scenarios, such as file shares or databases, as native cloud services:

76 per cent run file services on servers running in the cloud and 56 per cent use managed file shares from AWS or Microsoft Azure.

78 percent run databases on servers running in the cloud and 65 percent run managed databases from AWS or Microsoft Azure.

Backup and Disaster Recovery-as-a-Service (BaaS/DRaaS):

Nearly every IaaS/SaaS environment also uses cloud services in some form as part of their data protection strategy.

58 percent of companies use managed backup (BaaS), while 42 percent use cloud storage as part of their self-managed data protection solution. Of particular interest is that almost half (48 percent) started with self-managed cloud storage but then switched to BaaS.

Nearly every company (98 per cent) says they use cloud services as part of their data protection strategy, varying from cloud storage as a repository to full-fledged BaaS or DRaaS services.

BaaS is primarily used to increase operational and economic efficiency, as well as to secure data from disasters and ransomware attacks. It’s worth noting that BaaS is no longer seen as the tape killer that earlier pundits touted. Organisations say that almost 50 per cent of their data is still stored on tape during its lifecycle, regardless of the use of cloud-based data protection services.

DRaaS is perceived to outperform the tactical benefits of BaaS by providing expertise in BCDR planning, implementation and testing. Customers choosing a BaaS/DRaaS provider see expertise as a key differentiator based on business acumen, technical IT recovery architectures and operational support for planning and documenting BCDR strategies.

This year’s report shows a significant shift from last year, as customers are increasingly interested in outsourcing their backups and obtaining a turnkey or so-called white-glove management service, rather than having their internal IT staff continue to manage the infrastructure provided by BaaS. This shift suggests that vendor experience and trust is increasing, and it may also point to the challenges of the past year in terms of skills shortages and the supply of young IT talent.

The Veeam Cloud Protection Trends Report 2023, which grew out of the annual Veeam Data Protection Trends Report, is the result of an external research institute surveying 1700 unbiased IT executives from seven countries (US, UK, France, Germany, Japan, Australia, New Zealand) on their use of cloud services in both production and protection scenarios to provide the single largest view into the evolution of hybrid strategies in modern IT organisations in the cloud landscape. The broad market survey was conducted to understand the different perspectives regarding the responsibilities and methodologies associated with operating and protecting workloads hosted in the cloud, as well as the considerations when using cloud-based data protection.

The full Veeam Cloud Protection Trends Report 2023 is available for download at https://vee.am/CPT23. For more information, please visit http://www.veeam.com/de.