Crafting a Modern Data Protection Strategy with Sam Nicholls

Sam Nicholls, Director of Public Cloud Product Marketing at Veeam, joins Corey on Screaming in the Cloud to discuss best practices in the ever-evolving world of backups and restores. Listen as Sam describes how to evaluate the criticality of your workflows to determine a secure and cost-effective backup solution, as well as the reasoning and benefits of taking a hybrid- or multi-cloud approach. Sam also reveals how modern data protection has a security component to it, and why it’s so critical to take a proactive approach to avoid the financial impact of downtime.

Transcript

Announcer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.

Corey: This episode is sponsored in part by our friends at Chronosphere. Tired of observability costs going up every year without getting additional value? Or being locked in to a vendor due to proprietary data collection, querying and visualization? Modern day, containerized environments require a new kind of observability technology that accounts for the massive increase in scale and attendant cost of data. With Chronosphere, choose where and how your data is routed and stored, query it easily, and get better context and control. 100% open source compatibility means that no matter what your setup is, they can help. Learn how Chronosphere provides complete and real-time insight into ECS, EKS, and your microservices, whereever they may be at snark.cloud/chronosphere That’s snark.cloud/chronosphere

Corey: This episode is brought to us by our friends at Pinecone. They believe that all anyone really wants is to be understood, and that includes your users. AI models combined with the Pinecone vector database let your applications understand and act on what your users want… without making them spell it out. Make your search application find results by meaning instead of just keywords, your personalization system make picks based on relevance instead of just tags, and your security applications match threats by resemblance instead of just regular expressions. Pinecone provides the cloud infrastructure that makes this easy, fast, and scalable. Thanks to my friends at Pinecone for sponsoring this episode. Visit Pinecone.io to understand more.

Corey: Welcome to Screaming in the Cloud. I’m Corey Quinn. This promoted guest episode is brought to us by and sponsored by our friends over at Veeam. And as a part of that, they have thrown one of their own to the proverbial lion. My guest today is Sam Nicholls, Director of Public Cloud over at Veeam. Sam, thank you for joining me.

Sam: Hey. Thanks for having me, Corey, and thanks for everyone joining and listening in. I do know that I’ve been thrown into the lion’s den, and I am [laugh] hopefully well-prepared to answer anything and everything that Corey throws my way. Fingers crossed. [laugh].

Corey: I don’t think there’s too much room for criticizing here, to be direct. I mean, Veeam is a company that is solidly and thoroughly built around a problem that absolutely no one cares about. I mean, what could possibly be wrong with that? You do backups; which no one ever cares about. Restores, on the other hand, people care very much about restores. And that’s when they learn, “Oh, I really should have cared about backups at any point prior to 20 minutes ago.”

Sam: Yeah, it’s a great point. It’s kind of like taxes and insurance. It’s almost like, you know, something that you have to do that you don’t necessarily want to do, but when push comes to shove, and something’s burning down, a file has been deleted, someone’s made their way into your account and, you know, running a right mess within there, that’s when you really, kind of, care about what you mentioned, which is the recovery piece, the speed of recovery, the reliability of recovery.

Corey: It’s been over a decade, and I’m still sore about losing my email archives from 2006 to 2009. There’s no way to get it back. I ran my own mail server; it was an iPhone setting that said, “Oh, yeah, automatically delete everything in your trash folder—or archive folder—after 30 days.” It was just a weird default setting back in that era. I didn’t realize it was doing that. Yeah, painful stuff.

And we learned the hard way in some of these cases. Not that I really have much need for email from that era of my life, but every once in a while it still bugs me. Which gets speaks to the point that the people who are the most fanatical about backing things up are the people who have been burned by not having a backup. And I’m fortunate in that it wasn’t someone else’s data with which I had been entrusted that really cemented that lesson for me.

Sam: Yeah, yeah. It’s a good point. I could remember a few years ago, my wife migrated a very aging, polycarbonate white Mac to one of the shiny new aluminum ones and thought everything was good—

Corey: As the white polycarbonate Mac becomes yellow, then yeah, all right, you know, it’s time to replace it. Yeah. So yeah, so she wiped the drive, and what happened?

Sam: That was her moment where she learned the value and importance of backup unless she backs everything up now. I fortunately have never gone through it. But I’m employed by a backup vendor and that’s why I care about it. But it’s incredibly important to have, of course.

Corey: Oh, yes. My spouse has many wonderful qualities, but one that drives me slightly nuts is she’s something of a digital packrat where her hard drives on her laptop will periodically fill up. And I used to take the approach of oh, you can be more efficient and do the rest. And I realized no, telling other people they’re doing it wrong is generally poor practice, whereas just buying bigger drives is way easier. Let’s go ahead and do that. It’s small price to pay for domestic tranquility.

And there’s a lesson in that. We can map that almost perfectly to the corporate world where you folks tend to operate in. You’re not doing home backup, last time I checked; you are doing public cloud backup. Actually, I should ask that. Where do you folks start and where do you stop?

Sam: Yeah, no, it’s a great question. You know, we started over 15 years ago when virtualization, specifically VMware vSphere, was really the up-and-coming thing, and, you know, a lot of folks were there trying to utilize agents to protect their vSphere instances, just like they were doing with physical Windows and Linux boxes. And, you know, it kind of got the job done, but was it the best way of doing it? No. And that’s kind of why Veeam was pioneered; it was this agentless backup, image-based backup for vSphere.

And, of course, you know, in the last 15 years, we’ve seen lots of transitions, of course, we’re here at Screaming in the Cloud, with you, Corey, so AWS, as well as a number of other public cloud vendors we can help protect as well, as a number of SaaS applications like Microsoft 365, metadata and data within Salesforce. So, Veeam’s really kind of come a long way from just virtual machines to really taking a global look at the entirety of modern environments, and how can we best protect each and every single one of those without trying to take a square peg and fit it in a round hole?

Corey: It’s a good question and a common one. We wind up with an awful lot of folks who are confused by the proliferation of data. And I’m one of them, let’s be very clear here. It comes down to a problem where backups are a multifaceted, deep problem, and I don’t think that people necessarily think of it that way. But I take a look at all of the different, even AWS services that I use for my various nonsense, and which ones can be used to store data?

Well, all of them. Some of them, you have to hold it in a particularly wrong sort of way, but they all store data. And in various contexts, a lot of that data becomes very important. So, what service am I using, in which account am I using, and in what region am I using it, and you wind up with data sprawl, where it’s a tremendous amount of data that you can generally only track down by looking at your bills at the end of the month. Okay, so what am I being charged, and for what service?

That seems like a good place to start, but where is it getting backed up? How do you think about that? So, some people, I think, tend to ignore the problem, which we’re seeing less and less, but other folks tend to go to the opposite extreme and we’re just going to backup absolutely everything, and we’re going to keep that data for the rest of our natural lives. It feels to me that there’s probably an answer that is more appropriate somewhere nestled between those two extremes.

Sam: Yeah, snapshot sprawl is a real thing, and it gets very, very expensive very, very quickly. You know, your snapshots of EC2 instances are stored on those attached EBS volumes. Five cents per gig per month doesn’t sound like a lot, but when you’re dealing with thousands of snapshots for thousands machines, it gets out of hand very, very quickly. And you don’t know when to delete them. Like you say, folks are just retaining them forever and dealing with this unfortunate bill shock.

So, you know, where to start is automating the lifecycle of a snapshot, right, from its creation—how often do we want to be creating them—from the retention—how long do we want to keep these for—and where do we want to keep them because there are other storage services outside of just EBS volumes. And then, of course, the ultimate: deletion. And that’s important even from a compliance perspective as well, right? You’ve got to retain data for a specific number of years, I think healthcare is like seven years, but then you’ve—

Corey: And then not a day more.

Sam: Yeah, and then not a day more because that puts you out of compliance, too. So, policy-based automation is your friend and we see a number of folks building these policies out: gold, silver, bronze tiers based on criticality of data compliance and really just kind of letting the machine do the rest. And you can focus on not babysitting backup.

Corey: What was it that led to the rise of snapshots? Because back in my very early days, there was no such thing. We wound up using a bunch of servers stuffed in a rack somewhere and virtualization was not really in play, so we had file systems on physical disks. And how do you back that up? Well, you have an agent of some sort that basically looks at all the files and according to some ruleset that it has, it copies them off somewhere else.

It was slow, it was fraught, it had a whole bunch of logic that was pushed out to the very edge, and forget about restoring that data in a timely fashion or even validating a lot of those backups worked other than via checksum. And God help you if you had data that was constantly in the state of flux, where anything changing during the backup run would leave your backups in an inconsistent state. That on some level seems to have largely been solved by snapshots. But what’s your take on it? You’re a lot closer to this part of the world than I am.

Sam: Yeah, snapshots, I think folks have turned to snapshots for the speed, the lack of impact that they have on production performance, and again, just the ease of accessibility. We have access to all different kinds of snapshots for EC2, RDS, EFS throughout the entirety of our AWS environment. So, I think the snapshots are kind of like the default go-to for folks. They can help deliver those very, very quick RPOs, especially in, for example, databases, like you were saying, that change very, very quickly and we all of a sudden are stranded with a crash-consistent backup or snapshot versus an application-consistent snapshot. And then they’re also very, very quick to recover from.

So, snapshots are very, very appealing, but they absolutely do have their limitations. And I think, you know, it’s not a one or the other; it’s that they’ve got to go hand-in-hand with something else. And typically, that is an image-based backup that is stored in a separate location to the snapshot because that snapshot is not independent of the disk that it is protecting.

Corey: One of the challenges with snapshots is most of them are created in a copy-on-write sense. It takes basically an instant frozen point in time back—once upon a time when we ran MySQL databases on top of the NetApp Filer—which works surprisingly well—we would have a script that would automatically quiesce the database so that it would be in a consistent state, snapshot the file and then un-quiesce it, which took less than a second, start to finish. And that was awesome, but then you had this snapshot type of thing. It wasn’t super portable, it needed to reference a previous snapshot in some cases, and AWS takes the same approach where the first snapshot it captures every block, then subsequent snapshots wind up only taking up as much size as there have been changes since the first snapshots. So, large quantities of data that generally don’t get access to a whole lot have remarkably small, subsequent snapshot sizes.

But that’s not at all obvious from the outside, and looking at these things. They’re not the most portable thing in the world. But it’s definitely the direction that the industry has trended in. So, rather than having a cron job fire off an AWS API call to take snapshots of my volumes as a sort of the baseline approach that we all started with, what is the value proposition that you folks bring? And please don’t say it’s, “Well, cron jobs are hard and we have a friendlier interface for that.”

Sam: [laugh]. I think it’s really starting to look at the proliferation of those snapshots, understanding what they’re good at, and what they are good for within your environment—as previously mentioned, low RPOs, low RTOs, how quickly can I take a backup, how frequently can I take a backup, and more importantly, how quickly can I restore—but then looking at their limitations. So, I mentioned that they were not independent of that disk, so that certainly does introduce a single point of failure as well as being not so secure. We’ve kind of touched on the cost component of that as well. So, what Veeam can come in and do is then take an image-based backup of those snapshots, right—so you’ve got your initial snapshot and then your incremental ones—we’ll take the backup from that snapshot, and then we’ll start to store that elsewhere.

And that is likely going to be in a different account. We can look at the Well-Architected Framework, AWS deeming accounts as a security boundary, so having that cross-account function is critically important so you don’t have that single point of failure. Locking down with IAM roles is also incredibly important so we haven’t just got a big wide open door between the two. But that data is then stored in a separate account—potentially in a separate region, maybe in the same region—Amazon S3 storage. And S3 has the wonderful benefit of being still relatively performant, so we can have quick recoveries, but it is much, much cheaper. You’re dealing with 2.3 cents per gig per month, instead of—

Corey: To start, and it goes down from there with sizeable volumes.

Sam: Absolutely, yeah. You can go down to S3 Glacier, where you’re looking at, I forget how many points and zeros and nines it is, but it’s fractions of a cent per gig per month, but it’s going to take you a couple of days to recover that da—

Corey: Even infrequent access cuts that in half.

Sam: Oh yeah.

Corey: And let’s be clear, these are snapshot backups; you probably should not be accessing them on a consistent, sustained basis.

Sam: Well, exactly. And this is where it’s kind of almost like having your cake and eating it as well. Compliance or regulatory mandates or corporate mandates are saying you must keep this data for this length of time. Keeping that—you know, let’s just say it’s three years' worth of snapshots in an EBS volume is going to be incredibly expensive. What’s the likelihood of you needing to recover something from two years—actually, even two months ago? It’s very, very small.

So, the performance part of S3 is, you don’t need to take it as much into consideration. Can you recover? Yes. Is it going to take a little bit longer? Absolutely. But it’s going to help you meet those retention requirements while keeping your backup bill low, avoiding that bill shock, right, spending tens and tens of thousands every single month on snapshots. This is what I mean by kind of having your cake and eating it.

Corey: I somewhat recently have had a client where EBS snapshots are one of the driving costs behind their bill. It is one of their largest single line items. And I want to be very clear here because if one of those people who listen to this and thinking, “Well, hang on. Wait, they’re telling stories about us, even though they’re not naming us by name?” Yeah, there were three of you in the last quarter.

So, at that point, it becomes clear it is not about something that one individual company has done and more about an overall driving trend. I am personalizing it a little bit by referring to as one company when there were three of you. This is a narrative device, not me breaking confidentiality. Disclaimer over. Now, when you talk to people about, “So, tell me why you’ve got 80 times more snapshots than you do EBS volumes?” The answer is as, “Well, we wanted to back things up and we needed to get hourly backups to a point, then daily backups, then monthly, and so on and so forth. And when this was set up, there wasn’t a great way to do this natively and we don’t always necessarily know what we need versus what we don’t. And the cost of us backing this up, well, you can see it on the bill. The cost of us deleting too much and needing it as soon as we do? Well, that cost is almost incalculable. So, this is the safe way to go.” And they’re not wrong in anything that they’re saying. But the world has definitely evolved since then.

Sam: Yeah, yeah. It’s a really great point. Again, it just folds back into my whole having your cake and eating it conversation. Yes, you need to retain data; it gives you that kind of nice, warm, cozy feeling, it’s a nice blanket on a winter’s day that that data, irrespective of what happens, you’re going to have something to recover from. But the question is does that need to be living on an EBS volume as a snapshot? Why can’t it be living on much, much more cost-effective storage that’s going to give you the warm and fuzzies, but is going to make your finance team much, much happier [laugh].

Corey: One of the inherent challenges I think people have is that snapshots by themselves are almost worthless, in that I have an EBS snapshot, it is sitting there now, it’s costing me an undetermined amount of money because it’s not exactly clear on a per snapshot basis exactly how large it is, and okay, great. Well, I’m looking for a file that was not modified since X date, as it was on this time. Well, great, you’re going to have to take that snapshot, restore it to a volume and then go exploring by hand. Oh, it was the wrong one. Great. Try it again, with a different one.

And after, like, the fifth or six in a row, you start doing a binary search approach on this thing. But it’s expensive, it’s time-consuming, it takes forever, and it’s not a fun user experience at all. Part of the problem is it seems that historically, backup systems have no context or no contextual awareness whatsoever around what is actually contained within that backup.

Sam: Yeah, yeah. I mean, you kind of highlighted two of the steps. It’s more like a ten-step process to do, you know, granular file or folder-level recovery from a snapshot, right? You’ve got to, like you say, you’ve got to determine the point in time when that, you know, you knew the last time that it was around, then you’re going to have to determine the volume size, the region, the OS, you’re going to have to create an EBS volume of the same size, region, from that snapshot, create the EC2 instance with the same OS, connect the two together, boot the EC2 instance, mount the volume search for the files to restore, download them manually, at which point you have your file back. It’s not back in the machine where it was, it’s now been downloaded locally to whatever machine you’re accessing that from. And then you got to tear it all down.

And that is again, like you say, predicated on the fact that you knew exactly that that was the right time. It might not be and then you have to start from scratch from a different point in time. So, backup tooling from backup vendors that have been doing this for many, many years, knew about this problem long, long ago, and really seek to not only automate the entirety of that process but make the whole e-discovery, the search, the location of those files, much, much easier. I don’t necessarily want to do a vendor pitch, but I will say with Veeam, we have explorer-like functionality, whereby it’s just a simple web browser. Once that machine is all spun up again, automatic process, you can just search for your individual file, folder, locate it, you can download it locally, you can inject it back into the instance where it was through Amazon Kinesis or AWS Kinesis—I forget the right terminology for it; some of its AWS, some of its Amazon.

But by-the-by, the whole recovery process, especially from a file or folder level, is much more pain-free, but also much faster. And that’s ultimately what people care about how reliable is my backup? How quickly can I get stuff online? Because the time that I’m down is costing me an indescribable amount of time or money.

Corey: This episode is sponsored in part by our friends at Redis, the company behind the incredibly popular open source database. If you’re tired of managing open source Redis on your own, or if you are looking to go beyond just caching and unlocking your data’s full potential, these folks have you covered. Redis Enterprise is the go-to managed Redis service that allows you to reimagine how your geo-distributed applications process, deliver, and store data. To learn more from the experts in Redis how to be real-time, right now, from anywhere, visit redis.com/duckbill. That’s R - E - D - I - S dot com slash duckbill.

Corey: Right, the idea of RPO versus RTO: recovery point objective and recovery time objective. With an RPO, it’s great, disaster strikes right now, how long is acceptable to it have been since the last time we backed up data to a restorable point? Sometimes it’s measured in minutes, sometimes it’s measured in fractions of a second. It really depends on what we’re talking about. Payments databases, that needs to be—the RPO is basically an asymptotically approaches zero.

The RTO is okay, how long is acceptable before we have that data restored and are back up and running? And that is almost always a longer time, but not always. And there’s a different series of trade-offs that go into that. But both of those also presuppose that you’ve already dealt with the existential question of is it possible for us to recover this data. And that’s where I know that you are obviously—you have a position on this that is informed by where you work, but I don’t, and I will call this out as what I see in the industry: AWS backup is compelling to me except for one fatal flaw that it has, and that is it starts and stops with AWS.

I am not a proponent of multi-cloud. Lord knows I’ve gotten flack for that position a bunch of times, but the one area where it makes absolute sense to me is backups. Have your data in a rehydrate-the-business level state backed up somewhere that is not your primary cloud provider because you’re otherwise single point of failure-ing through a company, through the payment instrument you have on file with that company, in the blast radius of someone who can successfully impersonate you to that vendor. There has to be a gap of some sort for the truly business-critical data. Yes, egress to other providers is expensive, but you know what also is expensive? Irrevocably losing the data that powers your business. Is it likely? No, but I would much rather do it than have to justify why I’m not doing it.

Sam: Yeah. Wasn’t likely that I was going to win that 2 billion or 2.1 billion on the Powerball, but [laugh] I still play [laugh]. But I understand your standpoint on multi-cloud and I read your newsletters and understand where you’re coming from, but I think the reality is that we do live in at least a hybrid cloud world, if not multi-cloud. The number of organizations that are sole-sourced on a single cloud and nothing else is relatively small, single-digit percentage. It’s around 80-some percent that are hybrid, and the remainder of them are your favorite: multi-cloud.

But again, having something that is one hundred percent sole-source on a single platform or a single vendor does expose you to a certain degree of risk. So, having the ability to do cross-platform backups, recoveries, migrations, for whatever reason, right, because it might not just be a disaster like you’d mentioned, it might also just be… I don’t know, the company has been taken over and all of a sudden, the preference is now towards another cloud provider and I want you to refactor and re-architect everything for this other cloud provider. If all that data is locked into one platform, that’s going to make your job very, very difficult. So, we mentioned at the beginning of the call, Veeam is capable of protecting a vast number of heterogeneous workloads on different platforms, in different environments, on-premises, in multiple different clouds, but the other key piece is that we always use the same backup file format. And why that’s key is because it enables portability.

If I have backups of EC2 instances that are stored in S3, I could copy those onto on-premises disk, I could copy those into Azure, I could do the same with my Azure VMs and store those on S3, or again, on-premises disk, and any other endless combination that goes with that. And it’s really kind of centered around, like control and ownership of your data. We are not prescriptive by any means. Like, you do what is best for your organization. We just want to provide you with the toolset that enables you to do that without steering you one direction or the other with fee structures, disparate feature sets, whatever it might be.

Corey: One of the big challenges that I keep seeing across the board is just a lack of awareness of what the data that matters is, where you see people backing up endless fleets of web server instances that are auto-scaled into existence and then removed, but you can create those things at will; why do you care about the actual data that’s on these things? It winds up almost at the library management problem, on some level. And in that scenario, snapshots are almost certainly the wrong answer. One thing that I saw previously that really changed my way of thinking about this was back many years ago when I was working at a startup that had just started using GitHub and they were paying for a third-party service that wound up backing up Git repos. Today, that makes a lot more sense because you have a bunch of other stuff on GitHub that goes well beyond the stuff contained within Git, but at the time, it was silly. It was, why do that? Every Git clone is a full copy of the entire repository history. Just grab it off some developer's laptop somewhere.

It’s like, “Really? You want to bet the company, slash your job, slash everyone else’s job on that being feasible and doable or do you want to spend the 39 bucks a month or whatever it was to wind up getting that out the door now so we don’t have to think about it, and they validate that it works?” And that was really a shift in my way of thinking because, yeah, backing up things can get expensive when you have multiple copies of the data living in different places, but what’s really expensive is not having a company anymore.

Sam: Yeah, yeah, absolutely. We can tie it back to my insurance dynamic earlier where, you know, it’s something that you know that you have to have, but you don’t necessarily want to pay for it. Well, you know, just like with insurances, there’s multiple different ways to go about recovering your data and it’s only in crunch time, do you really care about what it is that you’ve been paying for, right, when it comes to backup?

Could you get your backup through a git clone? Absolutely. Could you get your data back—how long is that going to take you? How painful is that going to be? What’s going to be the impact to the business where you’re trying to figure that out versus, like you say, the 39 bucks a month, a year, or whatever it might be to have something purpose-built for that, that is going to make the recovery process as quick and painless as possible and just get things back up online.

Corey: I am not a big fan of the fear, uncertainty, and doubt approach, but I do practice what I preach here in that yeah, there is a real fear against data loss. It’s not, “People are coming to get you, so you absolutely have to buy whatever it is I’m selling,” but it is something you absolutely have to think about. My core consulting proposition is that I optimize the AWS bill. And sometimes that means spending more. Okay, that one S3 bucket is extremely important to you and you say you can’t sustain the loss of it ever so one zone is not an option. Where is it being backed up? Oh, it’s not? Yeah, I suggest you spend more money and back that thing up if it’s as irreplaceable as you say. It’s about doing the right thing.

Sam: Yeah, yeah, it’s interesting, and it’s going to be hard for you to prove the value of doing that when you are driving their bill up when you’re trying to bring it down. But again, you have to look at something that’s not itemized on that bill, which is going to be the impact of downtime. I’m not going to pretend to try and recall the exact figures because it also varies depending on your business, your industry, the size, but the impact of downtime is massive financially. Tens of thousands of dollars for small organizations per hour, millions and millions of dollars per hour for much larger organizations. The backup component of that is relatively small in comparison, so having something that is purpose-built, and is going to protect your data and help mitigate that impact of downtime.

Because that’s ultimately what you’re trying to protect against. It is the recovery piece that you’re buying is the most important piece. And like you, I would say, at least be cognizant of it and evaluate your options and what can you live with and what can you live without.

Corey: That’s the big burning question that I think a lot of people do not have a good answer to. And when you don’t have an answer, you either backup everything or nothing. And I’m not a big fan of doing either of those things blindly.

Sam: Yeah, absolutely. And I think this is why we see varying different backup options as well, you know? You’re not going to try and apply the same data protection policies each and every single workload within your environment because they’ve all got different types of workload criticality. And like you say, some of them might not even need to be backed up at all, just because they don’t have data that needs to be protected. So, you need something that is going to be able to be flexible enough to apply across the entirety of your environment, protect it with the right policy, in terms of how frequently do you protect it, where do you store it, how often, or when are you eventually going to delete that and apply that on a workload by workload basis. And this is where the joy of things like tags come into play as well.

Corey: One last thing I want to bring up is that I’m a big fan of watching for companies saying the quiet part out loud. And one area in which they do this—because they’re forced to by brevity—is in the title tag of their website. I pull up veeam.com and I hover over the tab in my browser, and it says, “Veeam Software: Modern Data Protection.”

And I want to call that out because you’re not framing it as explicitly backup. So, the last topic I want to get into is the idea of security. Because I think it is not fully appreciated on a lived-experience basis—although people will of course agree to this when they’re having ivory tower whiteboard discussions—that every place your data lives is a potential for a security breach to happen. So, you want to have your data living in a bunch of places ideally, for backup and resiliency purposes. But you also want it to be completely unworkable or illegible to anyone who is not authorized to have access to it.

How do you balance those trade-offs yourself given that what you’re fundamentally saying is, “Trust us with your Holy of Holies when it comes to things that power your entire business?” I mean, I can barely get some companies to agree to show me their AWS bill, let alone this is the data that contains all of this stuff to destroy our company.

Sam: Yeah. Yeah, it’s a great question. Before I explicitly answer that piece, I will just go to say that modern data protection does absolutely have a security component to it, and I think that backup absolutely needs to be a—I’m going to say this an air quotes—a “first class citizen” of any security strategy. I think when people think about security, their mind goes to the preventative, like how do we keep these bad people out?

This is going to be a bit of the FUD that you love, but ultimately, the bad guys on the outside have an infinite number of attempts to get into your environment and only have to be right once to get in and start wreaking havoc. You on the other hand, as the good guy with your cape and whatnot, you have got to be right each and every single one of those times. And we as humans are fallible, right? None of us are perfect, and it’s incredibly difficult to defend against these ever-evolving, more complex attacks. So backup, if someone does get in, having a clean, verifiable, recoverable backup, is really going to be the only thing that is going to save your organization, should that actually happen.

And what’s key to a secure backup? I would say separation, isolation of backup data from the production data, I would say utilizing things like immutability, so in AWS, we’ve got Amazon S3 object lock, so it’s that write once, read many state for whatever retention period that you put on it. So, the data that they’re seeking to encrypt, whether it’s in production or in their backup, they cannot encrypt it. And then the other piece that I think is becoming more and more into play, and it’s almost table stakes is encryption, right? And we can utilize things like AWS KMS for that encryption.

But that’s there to help defend against the exfiltration attempts. Because these bad guys are realizing, “Hey, people aren’t paying me my ransom because they’re just recovering from a clean backup, so now I’m going to take that backup data, I’m going to leak the personally identifiable information, trade secrets, or whatever on the internet, and that’s going to put them in breach compliance and give them a hefty fine that way unless they pay me my ransom.” So encryption, so they can’t read that data. So, not only can they not change it, but they can’t read it is equally important. So, I would say those are the three big things for me on what’s needed for backup to make sure it is clean and recoverable.

Corey: I think that is one of those areas where people need to put additional levels of thought in. I think that if you have access to the production environment and have full administrative rights throughout it, you should definitionally not—at least with that account and ideally not you at all personally—have access to alter the backups. Full stop. I would say, on some level, there should not be the ability to alter backups for some particular workloads, the idea being that if you get hit with a ransomware infection, it’s pretty bad, let’s be clear, but if you can get all of your data back, it’s more of an annoyance than it is, again, the existential business crisis that becomes something that redefines you as a company if you still are a company.

Sam: Yeah. Yeah, I mean, we can turn to a number of organizations. Code Spaces always springs to mind for me, I love Code Spaces. It was kind of one of those precursors to—

Corey: It’s amazing.

Sam: Yeah, but they were running on AWS and they had everything, production and backups, all stored in one account. Got into the account. “We’re going to delete your data if you don’t pay us this ransom.” They were like, “Well, we’re not paying you the ransoms. We got backups.” Well, they deleted those, too. And, you know, unfortunately, Code Spaces isn’t around anymore. But it really kind of goes to show just the importance of at least logically separating your data across different accounts and not having that god-like access to absolutely everything.

Corey: Yeah, when you talked about Code Spaces, I was in [unintelligible 00:32:29] talking about GitHub Codespaces specifically, where they have their developer workstations in the cloud. They’re still very much around, at least last time I saw unless you know something I don’t.

Sam: Precursor to that. I can send you the link—

Corey: Oh oh—

Sam: You can share it with the listeners.

Corey: Oh, yes, please do. I’d love to see that.

Sam: Yeah. Yeah, absolutely.

Corey: And it’s been a long and strange time in this industry. Speaking of links for the show notes, I appreciate you’re spending so much time with me. Where can people go to learn more?

Sam: Yeah, absolutely. I think veeam.com is kind of the first place that people gravitate towards. Me personally, I’m kind of like a hands-on learning kind of guy, so we always make free product available.

And then you can find that on the AWS Marketplace. Simply search ‘Veeam’ through there. A number of free products; we don’t put time limits on it, we don’t put feature limitations. You can backup ten instances, including your VPCs, which we actually didn’t talk about today, but I do think is important. But I won’t waste any more time on that.

Corey: Oh, configuration of these things is critically important. If you don’t know how everything was structured and built out, you’re basically trying to re-architect from first principles based upon archaeology.

Sam: Yeah [laugh], that’s a real pain. So, we can help protect those VPCs and we actually don’t put any limitations on the number of VPCs that you can protect; it’s always free. So, if you’re going to use it for anything, use it for that. But hands-on, marketplace, if you want more documentation, want to learn more, want to speak to someone veeam.com is the place to go.

Corey: And we will, of course, include that in the show notes. Thank you so much for taking so much time to speak with me today. It’s appreciated.

Sam: Thank you, Corey, and thanks for all the listeners tuning in today.

Corey: Sam Nicholls, Director of Public Cloud at Veeam. I’m Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you’ve enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you’ve hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry insulting comment that takes you two hours to type out but then you lose it because you forgot to back it up.

Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

Announcer: This has been a HumblePod production. Stay humble.

Join our newsletter

checkmark Got it. You're on the list!
Want to sponsor the podcast? Send me an email.

2021 Duckbill Group, LLC