A look forward — Data protection and resilience predictions for 2022

Stephen Manley, CTO

2021 was a year of anxious uncertainty marked by continued remote work, supply chain issues, and big headlines that reminded us of the ever-present threat of cyber attacks. In 2022, expect more threats to persist — with ransomware considered as the greatest threat to businesses. 

Here are our key data protection predictions for 2022 as we anticipate big changes from the market and IT landscape in the coming year. These strategies and new approaches can help IT and data security teams reduce challenges and complexities in 2022 and beyond.

A widespread focus on strengthening data resilience

Combating ransomware as it rapidly evolves

In 2022, we will see a dramatic increase in both the volume and complexity of ransomware attacks. A threat to virtually any organization, ransomware has gone mainstream by becoming “as-a-service.” Many of these attacks target users to penetrate your company’s security, and once inside, silently spread through your environment. These attacks delete your backups so you cannot recover from the attack without paying a ransom. Once your defenses are eliminated, they rapidly encrypt file data on servers, NAS appliances, and endpoints, and demand payment for the decryption key. 

As threats evolve and become more sophisticated, it is critical for enterprises to prepare for advanced ransomware attacks that avoid detection, compromise the environment, and exfiltrate data. Preparation is absolutely essential for new multi-cloud environments. Companies will need to invest in enhanced data protection technologies that provide these capabilities: 

  • Data resiliency — Ensure that data will be automatically protected and recoverable in the event of an attack.
  • Data classification — Identify the type and location of data throughout the organization to minimize the risk of compromising their most sensitive data.
  • Data access governance — Manage who and what can access data.
  • Data access analysis — Monitor the patterns of who or what is accessing data.

Leveraging SaaS solutions to defend against software and hardware vulnerabilities

Interruptions to the hardware supply chain and vulnerabilities in legacy software and its supply chain drive businesses to adopt software-as-a-service (SaaS). The shortage of processors, SSDs, and memory means that many companies will not be able to acquire servers and storage. Cloud providers have the purchasing power to expand on-demand capacity and instant scalability that businesses need. Still, for those new to cloud, if you buy infrastructure-as-a-service, management can be complex and you are ultimately responsible for the security of your data. 

Security threats are increasing as criminals target the software supply chain. Cyber criminals penetrate a software supplier’s environment and compromise their modules with malware. Every organization that leverages that software is then vulnerable. The only way to combat such threats is to constantly scan for vulnerabilities in a dynamic microservices environment. Rather than taking on that burden for all applications, evolving organizations will select proven cloud providers to manage and protect data across common services. That way, IT teams can focus their equipment and resources on delivering unique customer value and supporting company growth.

Business appetite for IT security, privacy, cloud transformation, and data governance will grow

Board-level IT initiatives

Each year company leadership wants to invest in strategic innovations that deliver business results. Every company is becoming a technology business, whether they sell light bulbs, cars, or pizza. Therefore, the perception is that IT should “just work” so the business can focus on building applications and systems that drive customer value. The board will expect IT to deliver on: 

  • Cybersecurity — The ransomware threat is very real and potentially disastrous. It can potentially create tremendous damage to your company, its customers, its reputation, and its very existence.
  • Digital transformation — The combination of remote work, distributed workforces, and global supply chain issues is driving a rapid migration to the cloud. The question is no longer — “Can that move to the cloud?” It is now, “Why isn’t that in the cloud?”
  • Data governance — Privacy regulations, AI/ML models (and lawsuits about those models), and the need to break through company silos mean that both data access and management is paramount. Expect to see more Chief Data Officers and Chief Privacy Officers in addition to Chief Security Officers in 2022.

Data privacy rules, regulations, and fines will expand globally

Businesses will be preparing for CPRA — the CCPA amendment which goes into effect January 1, 2023. While California, Colorado, and Virginia have enacted comprehensive privacy laws, some other states have enacted privacy laws for specific sectors or individuals (i.e., children, finance, breach reporting requirements, etc). We anticipate seeing more US states passing comprehensive privacy laws more closely aligned with those in California and the European Union (EU).

Because enterprises have growing responsibilities for managing and protecting more data on customers and employees, the number of individuals and the volume of data impacted by attacks and breaches will continue to grow. More privacy laws being passed will include increased fines for violations in multiple jurisdictions.

Increased cloud transformation and migration

Balancing “open” and “sticky,” including Kubernetes backup and AI/ML

Companies want the flexibility of multi-cloud environments, and cloud providers want to make their offerings as “sticky” as possible. For organizations looking for portability, Kubernetes is becoming ubiquitous. It abstracts the underlying cloud infrastructure and simplifies running applications and CI/CD pipelines at scale. As a result, all major cloud providers are either offering or promising to offer Kubernetes options that run on-premises and in multiple clouds. While Kubernetes is making the cloud more open, cloud providers aim to become “stickier” with more vertical integration. From database-as-a-service (DBaaS) to AI/ML services, cloud providers are offering options that make it easier and faster to code. 

For applications and environments that can scale quickly, Kubernetes may be the right option. For stable applications, leveraging DBaaS and built-in AI/ML could be the perfect solution. For infrastructure services, SaaS offerings may be the optimal approach. The number of options will increase, requiring more business guidelines and protocols for your teams. 

Legacy workloads migrate while infrastructure lags behind

IT teams are aggressively “lifting and shifting” legacy workloads to the cloud to enable a cloud-first focus for distributed workforces and hybrid work models. However, they still need services including backup, disaster recovery, logging, performance management, and more. Due to egress fees and network load, they will not be able to leverage their on-premises solutions and cannot afford to manage two complex, bespoke environments. Instead, they will adopt cloud-native services to provide the functionality they previously managed on-premises. There will be no need to choose between agility and control; cloud-native infrastructure services will provide both.

Managed service provider growth outperforms the market

Managed service provider (MSP) growth in 2022 is expected to outperform the market by almost double. The focus for MSPs will be on aligning to where the market is investing (building your own service set and enterprise software) as buying and maintaining infrastructure is a losing game vs. hyperscalers.

MSPs that partner with independent software providers (ISVs) with the necessary certifications around security, auditability, solutions, and service delivery models that tie to the MSP’s GTM and consumption models, will have the ability to achieve profit, safety, and efficiency. Profit can be gained by aligning revenues with spend. Safety can be achieved by working with ISVs that have market maturity. Efficiency will come by working with an ISV that is incentivized to sell with the MSP rather than against them. 

Key takeaways and next steps

Organizations and individuals alike must plan for the risks of data protection and management in 2022. Evolving threats such as ransomware, global privacy regulations, and strict business initiatives will present challenges to IT teams. 

As you evaluate how to best navigate the complex data protection landscape in 2022, Druva can help you improve your data protection and management and increase cyber resiliency while strengthening compliance. 

Druva was named a Leader for SaaS app data protection in Forrester’s New Wave, and a Visionary in the Gartner Magic Quadrant for enterprise backup and recovery. Our industry-leading data resiliency cloud protects and manages enterprise backup data across data centers, clouds, and workloads, meeting critical business needs without the cost and complexity of legacy software and hardware. 

To learn more, register for a free live demo to see Druva in action.