Data protection encompasses a wide range of areas, including data security, backup and disaster recovery, secure data storage, and ensuring business continuity and resilience, while also complying with data privacy regulations. Moreover, data protection platforms are designed to proactively oversee and monitor data, ensuring it is readily available for advanced analytical processes, artificial intelligence, and machine learning applications.
When it comes to hybrid clouds, data protection includes both security products and cloud management solutions, as well as strategies for implementing these measures across both domains.
[Get our editors’ PDF hybrid cloud data protection buyer’s guide now!]
In the past, securing organizational data meant keeping it confined to the data center. However, today’s data landscape is much more complex, with information distributed across internet of things (IoT) devices, remote endpoints, edge locations, and various cloud service providers. The Thales Group, a firm focused on defense, security, and aerospace technology, reports that 60% of corporate data now lives in the cloud, a significant increase from just 30% in 2015. Additionally, 80% of enterprises have now embraced a hybrid computing model.
Here are the main reasons for the increasing demand for data protection platforms within hybrid environments:
Ransomware: In contrast to other malware types that aim to disrupt networks, ransomware is specifically designed to target data. When a ransomware attack is successful, it can encrypt essential corporate information, causing significant operational delays. What’s more alarming is that attackers may exfiltrate this data and sell it on the dark web. The ultimate safeguard against ransomware is maintaining multiple backups of data, securely stored in the cloud.
Unplanned outages: Outages due to natural disasters have always been a risk, but the effects of climate change have made this a more pressing issue. To address these risks, organizations should implement cloud-based disaster recovery solutions to mitigate potential disruptions caused by such events.
Privacy: Regulations governing data privacy globally are becoming increasingly stringent. Customers and employees alike expect organizations to protect their data and provide options that allow data owners to control how their information is utilized.
Misconfigurations: In a public cloud environment, major service providers like Amazon Web Services, Google Cloud, and Microsoft Azure take charge of securing their infrastructure. However, the responsibility falls on the enterprise utilizing these services to ensure that their data is configured and managed correctly in the cloud. One of the leading causes of cloud-related data breaches is often a straightforward misconfiguration of an Amazon S3 storage bucket. Cloud security posture management (CSPM) tools are valuable resources for identifying these misconfigurations, along with other potential risks.
Artificial intelligence: There is a frenzy among organizations to harness the capabilities of machine learning and artificial intelligence (AI), including generative AI. However, the sophisticated analytics that these technologies provide depend on a robust foundation of data that is secure, dependable, and easily accessible.
Volume: The amount of data being generated is skyrocketing, as is its importance to the organization. This trend places an increasing demand on enterprise IT practices to safeguard that data, whether it originates from an IoT device, human input, or generative AI processes.
Data protection platforms ought to encompass the following features and capabilities:
Data discovery/classification: This process clearly defines what data is present and categorizes it according to its sensitivity and any applicable regulatory obligations. By engaging in data discovery and classification, organizations can implement suitable levels of data protection tailored to various data types.
Vulnerability assessment: This involves identifying possible weaknesses within the database infrastructure, such as configuration errors and other security shortcomings.
Data protection: This involves the implementation of multiple security layers, which include the encryption of data both at rest and in transit, data masking, CASB, DLP, as well as additional strategies like air gapping and ensuring data immutability.
Monitoring and analytics: This aspect involves tracking system performance and providing immediate alerts and reports, ensuring comprehensive visibility throughout hybrid cloud environments.
Access control: This system of policy-driven access management limits user access to data resources, identifies and prevents suspicious activities, and regulates user permissions.
Audit and compliance: This maintains a clear separation of roles, enables thorough forensic analysis and compliance checks, and facilitates reporting across various environments, including on-premises, public cloud, and SaaS.
Performance and scalability: This ensures that the mechanisms for data protection do not create delays that hinder business operations. The data protection architecture should be designed for scalability and robustness.
Automation: This minimizes the need for manual engagement, reduces errors, allows staff to focus on more strategic tasks, and accelerates processes, including recovery from outages.
Data protection can be implemented using on-premises solutions or through cloud services. Organizations have the option to either manage their data protection processes independently or utilize a managed service.
The trend is evident: as applications and data transition to the cloud, data protection is following suit, thanks to the cloud’s scalability, flexibility, and accessibility.
The global data protection market was valued at $136 billion in 2023 and is projected to reach $610 billion by 2026, according to Spherical Insights and Consulting. Data protection as a service (DPaaS) is a rapidly growing segment within the overall market, fueled by organizations embracing hybrid cloud models that require the safeguarding of data managed by hyperscalers and SaaS providers, in addition to local data. The DPaaS market was estimated at $25 billion in 2024 and is expected to expand at a rate of 33% annually, potentially hitting $100 billion by 2029, as noted by research firm Mordor Intelligence.
Phil Goodwin, research vice president for the Infrastructure Systems, Platforms, and Technologies Group at IDC, remarks, “Data protection as a service continues to be a crucial pathway for data protection software vendors. In some scenarios, this involves vendors selling DPaaS solutions directly, and in others, it is facilitated through cloud services providers. Regardless, [DPaaS] stands as the fastest-growing consumption model and opportunity within the data protection landscape.”
The list of vendors offering data protection services is extensive and continues to expand.
For enterprises looking to create a solution with multiple vendors:
Organizations that prefer a comprehensive vendor platform encompassing both data security and backup/restore can refer to GigaOm’s 2023 Radar Report for Hybrid Cloud Data Protection. The report highlights Cobalt Iron, Cohesity, and Commvault as the leading providers for large enterprises.
Additionally, GigaOm recognizes four other vendors as leaders due to their extensive platforms for data protection and their innovative approaches: Dell, Druva, HYCU, and Veritas. Notable challengers include Rubrik and Veeam. GigaOm also identifies several vendors, such as Arcserve, Atempo, Bacula, IBM, and Unitrends, as providing more established solutions that lack innovation.
Here’s a brief overview of the top contenders in the field:
Amazon Web Services: In its shared responsibility framework, clients are responsible for the management and security of their data within AWS, while AWS provides services related to identity and access management, compliance, auditing, governance, encryption, and key management.
Cisco Systems: Cisco provides a comprehensive range of data protection solutions, some created internally and others offered through collaborations. While Cisco excels in security, it also offers consulting services that assist clients in establishing a solid data protection strategy.
Cobalt Iron: Cobalt Iron delivers robust data protection as a service, featuring strong defenses against ransomware, advanced analytics, and extensive support for various workloads, including Kubernetes. Nevertheless, disaster recovery necessitates the integration of third-party solutions.
Cohesity: The Cohesity Data Cloud Platform offers robust ransomware protection through immutable snapshots of enterprise data. It also features continuous data protection, a comprehensive Zero Trust module, automated threat intelligence, and adheres to compliance requirements.
Commvault: Commvault’s Complete Data Protection suite encompasses data security, management, backup, and disaster recovery solutions. Clients have the flexibility to opt for a self-managed, on-premises setup or a fully managed service.
Dell: Dell’s PowerProtect Data Manager and APEX Backup Services ensure comprehensive data protection, backup, disaster recovery, and long-term data retention across both single and multiple cloud environments.
Druva: The Druva Data Resiliency Cloud offers a fully managed, cloud-native data protection and management service.
HPE: HPE provides DPaaS as an integral part of its comprehensive GreenLake edge-to-cloud platform. This managed data protection service is designed to assist organizations in modernizing their backup systems, automating workflows, safeguarding against data loss and ransomware threats, and ensuring recovery in the event of disasters.
HYCU: HYCU is known for its seamless integration with both on-premise and cloud data platforms, thanks to its agentless, application-aware solution. The company’s key strength lies in disaster recovery, offering an automated service that includes a guaranteed recovery time objective (RTO).
IBM: IBM’s Security Guardium delivers solutions for data discovery and classification, monitoring data activities along with analytics, providing near real-time responses to threats, and automating compliance audits and reporting.
Oracle: Oracle presents a range of data protection products and managed services that encompass data classification, encryption, key management, and backup and restoration processes in hybrid environments.
Rubrik: Rubrik excels in the realm of data security. Its Rubrik Security Cloud provides an all-encompassing analytics platform that prioritizes metrics and the detection of anomalies.
Veeam: Veeam presents a versatile data protection solution through a modular product suite, addressing a wide range of enterprise workloads. It also facilitates backup as a service via third-party providers.
Veritas: Expanding on its Net Backup data protection solution, Veritas has introduced the Alta cloud policy engine, which incorporates ransomware protection, data immutability, and recovery capabilities.
Given that each enterprise has unique characteristics and that hybrid clouds can be intricate and diverse in their data management, it is crucial to fully understand your specific requirements, capabilities, and resources prior to engaging with potential vendors and selecting tailored solutions for data protection.
