With more businesses now using cloud, backing it up effectively is becoming ever-more important, especially with cyberthreats continuing to grow. Resellers must ensure customers understand the risks and adopt the most effective solutions.
Cloud adoption is now widespread among businesses of all sizes and, while it brings many benefits, there are nevertheless dangers too, which businesses – and the resellers and vendors that work with them – must be alert to.
One danger is the cloud backup being compromised, which means protecting them is crucial – and there are many threats out there. Richard May, CEO of virtualDCS, says that ransomware is probably the most significant threat to businesses’ cloud backups. “Attackers encrypt local data and then try to target all sources of a free recovery by also encrypting second copies,” he says. “This means that these copies must be held immutable so they cannot be changed or destroyed.”
Paul Speciale, chief marketing officer at Scality, agrees that ransomware remains the leading cyber threat. “Attacks are increasing in sophistication and frequency in the cloud,” he says. “While immutable storage remains an absolute must-have capability, attackers will focus on soft-targets – human admins and end users, to acquire cloud account access credentials where backups are stored. For this reason, cloud backup is still best used as a second or third backup copy along with fast on-premises backup storage, making it harder for attackers to destroy backups on multiple sites.”
Ian Stretton, head of practice for Infrastructure, Modern Work & Security at Infinity Group, agrees that human errors like misconfigurations or weak credentials can leave backups vulnerable, alongside natural disasters or outages at the cloud provider’s end. “With the threats being so far-reaching and unpredictable, it’s crucial to have robust protections in place,” he says.
Anton Shelepchuk, VP of Worldwide Sales, NAKIVO, notes that the high accessibility provided by cloud can also leave an organisation vulnerable to scenarios such as a disgruntled employee gaining access to company data and deleting files, which could only be recoverable from backups. “One of the most common causes of business data loss is the accidental deletion of data,” he adds.
Awareness
While there are weaknesses such as those above, there is another that businesses aren’t always aware of: that software-as-a-service (SaaS) solutions don’t necessarily come with comprehensive backup too.
Stew Parkin, global CTO, at Assured Data Protection, adds that there are many preconceptions about cloud data backup. “The main one being that once critical data resides in the cloud it is safe and secure, and backed up automatically by the cloud provider,” he says. “Unfortunately, that simply isn’t the case, unless you’ve made specific provisions for this.”
Richard adds: “Many businesses using SaaS solutions may not be fully aware that cloud providers typically focus on uptime and availability, but they do not provide comprehensive backup solutions.
“Microsoft themselves publicise their shared responsibility model, which states the customer is responsible for all data and system configuration. This means the move to the cloud has not removed the opportunity for resellers to perform backups. But in fact, provide a great opportunity for them to educate their customers.”
Ian adds that while SaaS providers focus on service availability and infrastructure resilience, they don’t necessarily on granular data recovery. “This means businesses might not realise they’re responsible for protecting their data within those SaaS applications,” he says.
“SaaS applications won’t always cover specific scenarios, such as accidental deletions or overwrites. They can also be limited when it comes to things like point-in-time recovery and data retention periods.
“Therefore, businesses need to be aware that SaaS backup is their responsibility, not the provider’s. This is particularly critical if you are in a highly regulated industry with strict compliance standards to meet.”
Dene Lewis CTO, CAE Technology Services, says partners have a responsibility to educate partners on the risks as well as the benefits of SaaS solutions. “It’s important to consider the shared responsibility model,” he says. “The provider is responsible for the application and everything underneath it that supports it (infrastructure, operating system, code, multi-tenant controls etc.) but responsibility for customer data, and access to that data sits squarely with the customer.”
Sector trends
While resellers need to be mindful of this, they also need to be alert to how the cloud backup sector is evolving, which is being driven by the changing needs of customers.
Richard notes that simplicity is a top trend. “Customers are demanding more automated backup processes, where backups happen continuously and with minimal human intervention,” he adds.
“They’re also demanding data sovereignty. Companies are aware that cloud services can be anywhere, and that it is important for their data stored to comply with local regulations e.g. GDPR.”
Separation is another trend, he adds. “Customers are seeing the risk of putting all their eggs in one basket, so relying on the SaaS provider to back up the data, or backing up Azure data back to Azure, should be a red flag for a backup solution,” Richard explains. “You could be storing your backups in the data centre as your live data.”
Ian adds that businesses now seek advanced features like immutable backups to safeguard against ransomware attacks. “AI-powered threat detection and zero trust access models are also gaining significant traction as organisations prioritise data protection,” he says.
“The rise of hybrid and multi-cloud environments is also shaping the sector, as customers require solutions capable of seamlessly protecting data across diverse platforms.”
Cost also remains a crucial factor, Ian adds. “The core benefit of cloud solutions is their pay-as-you-go pricing, so organisations still want cost-effective and flexible solutions.”
Paul adds that scaling storage cost and capacity as a business grows has always been a challenge, with unsuitable and inadequate data storage an obstacle to growth. “With flexible pay-as-you-go licensing and dynamic billing models, customers can align costs with usage while boosting revenue and operational efficiency,” he says.
“Additionally, wide-reaching EU data laws, such as NIS2, Dora and the Data Act, are going to affect how we store, process and share data, aiming to boost cybersecurity and create trust in data collection.”
Anton says that the trend for hybrid cloud adoption will continue, combining on-premises data centres with cloud storage to balance data control and scalability.
Green cloud initiatives will also be a focus, he adds. “A stronger focus on environmentally friendly cloud solutions is expected, to reduce the carbon footprint associated with data centres.”
Frank DeBenedetto, GTM, GM, MSP Suite, Kaseya, says that customers are demanding rapid recovery solutions that ensure business continuity. “The industry is shifting toward backup strategies that incorporate immutable storage and AI-driven anomaly detection,” he says. “These features help businesses recover quickly from ransomware attacks and accidental deletions while ensuring compliance with evolving data protection regulations.”
Managed option
One option that resellers could offer to customers is managed cloud backup. “The most important point resellers need to get across to customers is that they must take backup seriously,” says Mike Barron, UK managing director, SYNAXON. “Managed cloud backup is really appealing as it automates the process and keeps the backups off-site.
“Using a managed, cloud backup service is a really good way to safeguard against security threats – ransomware in particular. If you have a recent and validated backup of your data, you will have something to fall back on should you fall foul of an attack.”
Stew notes that resellers should emphasise that protecting data in the cloud is a full-time job and can easily become a drain on IT resources. “Specialist oversight, managed by a third-party with in-depth knowledge and experience of cloud data backup, removes that burden,” he says.
“That’s where the managed services function comes into play. Having a managed services solution in place is more than just having access to immutable backups or a secure second site, it’s about having 24/7 support, and access to skilled professionals that understand the dynamics of cloud data backup.”
Reseller conversations
There are other points that resellers should highlight when talking to customers about cloud backup.
Richard notes that recovery times are often overlooked with people just trying to get the cheapest data protection possible. “Moving data is a slow process, and when a ransomware attack happens, the impact of no IT systems can be catastrophic,” he says. “A clean room solution will give the customer an economical way to access data quickly when they have completely lost all their equipment.
“For industries that are subject to regulations like healthcare or finance resellers should ensure that customers understand how cloud backup solutions help them remain compliant with data protection regulations.”
Ian says that security should be woven into every aspect of the discussion. “This includes encryption of data in transit and at rest, access control measures, and protection against ransomware and other threats,” he says. “Resellers should showcase solutions with robust security features and explain how they can help customers meet compliance requirements.”
Anton says resellers are in a prime position to deliver cloud solutions with a much more personalised approach. “With resilient data protection in the cloud being of the utmost importance, the reseller role goes well beyond sales and aiding with product selection, to encompass implementation and configuration of prescribed security solutions, as well as ongoing support,” he says.
“Resellers can emphasise to customers the importance of proper backup procedures, and anti-ransomware measures like immutability, air-gapping, anomaly detection, and malware scanning tools, as well as a zero trust approach across endpoints – all of which remain essential defences. Additionally, automation will be increasingly integrated into data protection workflows to enhance efficiency and reduce human error.”
Alan Stephenson-Brown, CEO of Evolve, says that resellers need to advise customers to choose a reputable and reliable cloud provider that can help to minimise the risk of data loss or corruption. “Many businesses opt for a hybrid model of data storage that combines cloud and local storage, it’s also an option to use multiple cloud providers to reduce the risk of a single point of failure and ensure the availability of their data,” he says.
“There are also some easy wins that businesses can make that are not emphasised enough by resellers – customers need to implement strong authentication methods such as multifactor authentication (MFA), which can significantly reduce the risk of unauthorised access to data, and also encryption for data in transit and data at rest that can help protect sensitive data from unauthorised access and data breaches. Resellers play an important role in changing the way businesses see data protection and how effectively cloud solutions are used.”
Meanwhile, flexible scaling and solid reliability are the cornerstones of secure cloud storage, Paul adds. “Whether that’s dealing with less than one petabyte of data or hundreds of petabytes,” he says. “That’s why we’re shifting to a pay-as-you-go licensing model, to ensure customers only pay for the storage capacity they use, aligning costs with revenue.”
Dene adds that demand for seamless integration into multi-cloud is growing. “With customers consuming several hyperscaler services as well as requiring support wider ranges of SaaS platforms,” he says. “Some of this is driven by a desire to intelligently automate tasks leveraging AI and DevOps tooling across platforms. Using AI to advise on policy iterations and automate threat hunting are high interest features at we are seeing demand for.”
Paul Collins, CTO at UBDS Digital, agrees that a robust, multi-layered cloud security strategy is required. “It’s not enough to just check the boxes with strong passwords and MFA,” he says. “When speaking with clients, resellers need to drive home the value of immutable backups, which are essentially tamper-proof. This is a critical defence against ransomware and other malicious attacks.
“Coupled with a comprehensive disaster recovery plan is non-negotiable. However, it’s more than just recovering data; it’s about ensuring the business can keep going. Compliance with regulations like GDPR is not a suggestion; it is a legal requirement. These are essential points to cover with every client.”
Beyond traditional backup
Aron Brand, CTO, CTERA, says resellers should move beyond selling backup services. “They should focus on offering cyber storage solutions, which Gartner defines as intelligent, self-defending storage that continuously protects data and enables instant recovery,” he says. “Unlike conventional backups, which often leave companies vulnerable between snapshots, cyber storage solutions provide built in continuous replicas, allowing organisations to roll back data to any point in time without suffering major losses.
“Another key demand from customers is instant disaster recovery. Traditional backup models often require lengthy restore times, forcing businesses offline when they need access most. With modern cyber storage solutions, businesses can recover data from the cloud seamlessly in the background, allowing employees to continue working while missing data is streamed back in real time.
“For resellers, this shift represents a major opportunity. Instead of treating backup as an afterthought, they can position cyber storage as a critical security investment. The market is moving away from legacy backup models, and resellers who recognise this shift early will be best positioned to meet the growing demand for modern, intelligent storage solutions.”
Frank adds that conversations with customers should focus on risk reduction, the financial impact of data loss, and how modern backup solutions can minimise downtime. “As AI-driven threats continue to evolve, businesses must invest in intelligent, automated recovery solutions that keep pace with emerging risks.
“The future of cloud backup lies in integrated, proactive protection. By helping customers adopt secure, scalable backup solutions, resellers and MSPs can position themselves as trusted advisors, ensuring businesses stay resilient in the face of growing cyberthreats.”
AI influence
As Frank mentioned, AI threats continue to evolve – but AI is also having a positive impact too. Jon Jarvis, Microsoft Security Solutions Architect, says that customers are looking for increased automation. “Customers seek automated backup solutions that minimise manual intervention and ensure consistent data protection,” he says.
“Customers are also searching for backup solutions incorporating AI and machine learning to enhance data analysis, detect threats and optimise storage management.”
Ian adds that with the emergence of AI and rising cybersecurity risks, “it does seem the cloud backup sector is on the cusp of a transformative period,” he says.
“We’ll likely see AI playing a key role in predictive capabilities, analysing data to forecast potential issues and proactively mitigate risks before they lead to data loss or downtime. This will empower businesses to strengthen their defences and minimise disruptions.
“Automation will be further enhanced by AI, streamlining backup and recovery processes to boost efficiency and reduce the risk of human error. This could include intelligent backup scheduling, automated failover and recovery mechanisms and optimised resource allocation. Security will also see significant advancements, with AI algorithms able to identify anomalies indicative of malicious activity and provide more granular control over access to sensitive data.”
Anton says data protection is expected to lean more on AI and machine learning to create self-protecting systems capable of proactive monitoring and instant threat responses. “AI will strengthen predictive data protection measures, identifying anomalies in real-time and automating responses to cyberthreats,” he says.
Jon says the cloud backup and security sector is set for significant evolution, for instance with things like AI-driven threat detection. “AI will play a pivotal role in identifying and mitigating threats in real time, thus enhancing overall data security,” he says.
“Also, AI-powered predictive analytics will assist in anticipating potential vulnerabilities and proactively addressing them.
“Additionally, AI will further automate backup processes, ensuring efficiency and reducing the risk of human error.”
Jon adds that personalised security solutions will also be part of the mix. “AI will facilitate the creation of customised security solutions tailored to specific business needs and risk profiles,” he says.
