Interview with Acronis CISO Kevin Reed.
|Kevin Reed, CISO, Acronis|
Last month, Acronis issued a press release in which they boldly announced that by advancing Cyber Protection, they were making “Traditional Backup and Data Protection Obsolete” you can see their press release in full below.
We took issue with some of the points they raised in the press release and wanted to understand in a bit more detail how and why they were making such bold claims.
We thought the headline had a “whiff” of jumping on the security bandwagon to get a good soundbite and we wanted to check if there was substance to their claim.
We contacted Acronis and told them we would like to ask some tough questions, and it turns out they were happy to take whatever we could throw at them.
We had 30 minutes to chat with Acronis CISO, Kevin Reed, who gave us some nice insight into how Acronis is thinking.
We started by taking issue with the statement, “cybersecurity and data protection have traditionally been treated as separate disciplines”, stating that most frameworks including NIST include backup as a part of the total security posture. Kevin agreed that backup is a part of security and certainly included in security frameworks, including ISO 27000, to which Acronis itself complies. However, he explained that in practice in the field, companies have long treated the two areas separately in his view largely because the solutions have been available and delivered separately.
Backup Without Security is Obsolete (according to Acronis).
In terms of making traditional backup obsolete, Kevin explained their statement was very much (though not exclusively) around the idea of bringing security and backup together. They contend that backup alone is no longer enough, pointing to a very famous state-backed attack on an entertainment company (he left us to draw our own conclusions as to which event he was highlighting). Kevin told us that once the breach was successful, the attackers managed to delete historical backup jobs – meaning that the backstop of “if all else fails, restore from a backup” was not an option for this high-profile corporate victim. His point is that the two technologies need tight integration and increasingly one without the other leaves gaps open in a company’s defences.
Providing another example of how the two need to come together, Kevin explained that Acronis have cryptographic-level backup verification, using Blockchain to ensure that the backup you recover is a true and faithful copy of the backup you originally made. According to Kevin, it is conceivable that backups themselves could be tampered with, meaning recovered data was not faithful to what was originally protected. The bulletproof verification he describes would stop that happening.
Do We See Anything Exciting in Pure Backup Functions?
Coming back to the claim that Acronis is making traditional backup obsolete, we wanted to know if there were exciting developments in the backup portion of their technology that could add weight to the assertion. Kevin covered off a few things, but the one we liked best was what we term here “contextual backup”. Kevin explained that APIs and integration within the backup software enable functionality and levels of protection that were simply inconceivable a few years ago. Citing integration to applications such as emergency warning systems, Kevin highlighted how if there is a dangerous weather alert, an impromptu backup will automatically kick off before the natural phenomenon occurs. From a security perspective, Acronis backup can integrate with threat intelligence services and where an alert comes out that is either targeting your industry or just highly virulent, an automatic impromptu backup can be kicked off.
Isn’t This Announcement Really About Finding a New Market As The Backup Space Has Gotten Crowded?
Even though Kevin’s points were already convincing us, we had to ask one last question. We wanted to know if this foray into security was because the backup space is getting crowded and Acronis is looking for new markets to fuel revenue growth. Unphased, Kevin gave his view on this. First, he doesn’t feel the backup space is overcrowded. Rather he feels it is expanding with new technologies emerging from new vendors fundamentally changing the approach data protection. From our perspective we know that Acronis are contributing to this advancement. However, Kevin’s overriding point came back to the crux of their announcement. Bringing security and backup together, not just conceptually but within a combined product and technology is not just an idea which Acronis created. It is being demanded by customers in real-world situations being driven by both compliance and genuine customer needs.
We liked what we heard, and coming back to the heading, whether traditional backup is now obsolete depends very much on what definition of traditional backup we use. But as a way of drawing attention to Acronis’ strategy – job done!
Press release follows:
Acronis Advances Cyber Protection, Making Traditional Backup and Data Protection Obsolete
The integrated stack of solutions provides complete protection of edge, endpoint and medium-size data centre workloads
Acronis has announced several new cyber protection solutions – Acronis Cyber Protect, Acronis Cyber Platform and Acronis Cyber Infrastructure – that will revolutionise how the industry solves modern data protection and cybersecurity challenges.
Introduced at the inaugural Acronis Global Cyber Summit currently being held in Miami FL, Acronis’ new solutions deliver modern cyber protection capabilities to replace the legacy solutions that no longer meet modern IT challenges.
The ability to trust data is a major challenge of the modern digital world for execution of data-driven decisions. The rising adoption of machine learning and artificial intelligence allows businesses to quickly and effectively make business decisions, while requiring the collection, storage and use of data that can be trusted. The growing number of devices and distribution of data between multiple devices, locations and cloud services creates complexity in infrastructure, and this decentralised infrastructure is more vulnerable to cyberattacks. Acronis builds on the expertise of protecting its 500,000 business customers and 5.5 million home users with Acronis Active Protection technology stopping over 400,000 ransomware attacks in 2018, saving businesses and individuals hundreds of millions of dollars in damages.
“Today’s reliance on data is creating new challenges that companies have never had to face before and their legacy solutions were never designed to handle,” said Serguei Beloussov, founder and CEO of Acronis. “A new approach to data management and protection is needed to meet these modern challenges – one that addresses the safety, accessibility, privacy, authenticity, and security of data. Acronis calls these the Five Vectors of Cyber Protection, or SAPAS, and our suite of cyber protection solutions are designed specifically to address all of the vectors.”
Available through Acronis’ worldwide network of more than 50,000 partners, the new and updated solutions include:
Acronis Cyber Protect, integrates seven key cyber protection capabilities into one easy-to-use solution – including backup, disaster recovery, AI-based protection against malware, data authenticity certification and validation, vulnerability assessments, patch management and remote monitoring and management.
Acronis Cyber Platform, provides developers and ISVs the ability to customise, extend and integrate Acronis Cyber Protection solutions.
Acronis Cyber Infrastructure, delivers cost-efficient, easy-to-use and reliable hyper-converged infrastructure optimised for cyber protection deployments.
“Cybersecurity and data protection have traditionally been treated as separate disciplines, but enterprise appetites for data and analysis make this delineation increasingly difficult to maintain. We advise organisations to embrace this change and use data growth and digital transformation initiatives as an opportunity to adopt the concepts of cyber protection,” said IDC’s Andrew Smith, Research Manager, Enterprise Infrastructure. “Organisations that pursue a comprehensive cyber protection program will be better protected against data loss, data theft and data manipulation.”
Acronis’ newly announced solutions provide easy, efficient and secure cyber protection due to the complete integration at the business, user interface, management, product and technology levels. As a result, customers get better protection, higher availability of systems and significantly lower overhead to support the solution than any other of non-integrated solutions.
Acronis Cyber Protect
Acronis Cyber Protect is the first all-in-one cyber protection solution covering all parts of NIST Cybersecurity Framework – Identify, Protect, Detect, Respond and Recover. All of Acronis Cyber Protect’s capabilities are available through a single lightweight agent, managed from a modern management console with a web experience optimised for mobile devices.
Acronis Cyber Platform
The platform is the foundation of the all Acronis services, and features a series of APIs supported by software development kits (SDK) and sample code. By accessing the platform, partners can differentiate from their competition by protecting new data sources, supporting new data storage locations, implementing new data management functionality, and enhancing their applications with cyber protection.
“Acronis is a close partner and marketplace leader,” said Jeff Bishop, Chief Product Officer, ConnectWise. “The company has held the innovation banner high in the fast-growing convergence of data protection and cybersecurity. We are excited to have a role in the Acronis Cyber Platform through meaningful mutual integrations, which will certainly elevate the end-user experience.”
Acronis Cyber Infrastructure
A universal software-defined infrastructure solution that uses industry-standard hardware and combines compute, software-defined network, block, file, and object storage workloads. Made specifically for cyber protection workloads, Acronis Cyber Infrastructure offers the lowest cost on the market for secondary data storage and management, as well as a reliable and secure environment for running the Acronis Cyber Platform and solutions based on the platform.