talking
POINT
WHY TRADITIONAL BACKUP STRATEGIES ARE FAILING MODERN ENTERPRISES
Fred Lherault, Field CTO, EMEA Emerging, Everpure, tells us modern AI threats and business operations demand more than a backup strategy.
T he cyber threat landscape has entered an era of fully automated, AI-generated ransomware that probes systems 24 / 7 at an unprecedented speed and scale. There is even a new term for the modern approach: vibe hacking uses Large Language Models to automate and scale intrusions, and it has created a stark digital divide. On one side are organisations whose systems have kept pace with AI-enabled threats. On the other are those still treating backup as a legacy insurance policy rather than a strategic differentiator.
Production workloads previously operated on high-performance primary storage. Backups were stored in a different location – often on specialised backup hardware, designed to store as much data as possible without a great emphasis on data recovery speed. The logic was: isolation reduces risks, speed of backup is what matters most and restore speeds matter less since we’ ll generally only need to recover a small amount of data when mistakes happen.
The approach discussed above is obviously not fit for purpose anymore and if companies cling to it without rethinking the underlying assumptions, this can now increase risk rather than reduce it. For the modern global enterprise, the conversation must evolve from simple data protection to true multilayered cyber resilience. This integrates traditional prevention with lightning-fast recovery, ensuring that if an attack succeeds, the business recovers in minutes or hours, not days or weeks.
For 24 × 7 global organisations, recovery targets are now clearly defined( and in many cases even enshrined in regulation) and organisations may have to recover the“ minimal viable business” in a matter of hours, not days. Standard backups, or frankly any method that requires data movement at the time of recovery, will fail to meet the RTO requirements of the modern enterprise. Immutable snapshots on data storage systems that can directly be used to run services are the only way to achieve these recovery objectives, since no data movement is required.
This does not eliminate the need for isolation though. A thoughtful multi-layered resilience architecture should involve:
• Immutable and indelible snapshots on the production storage systems. This is the fastest way to recover critical systems if still available, since no data movement or network reconfiguration is required.
• Storage level data replication to disaster recovery systems. This is to provide a recovery environment in case of physical disaster, power or networking outage.
• Storage level data replication and immutable snapshots of the data required to run the Minimum Viable Business in a Secure Isolated Recovery Environment( SIRE) or“ clean room”. This should involve isolated networks to allow for data to be recovered and sanitised if needed without connection to what may be an infected production network.
Ransomware recovery SLAs( Service Level Agreements) have become a new gold standard. In many regulated industries globally, the ability to restore critical services in a matter of hours is no longer a goal – it is a baseline requirement. This shift is being accelerated by a global wave of resilience mandates like DORA and NIS 2 in the EU. Regulators are no longer just asking how organisations can prevent an attack, but how fast they are able to recover. This means, for modern enterprises an outdated backup strategy isn’ t just a technical risk, it is now a major compliance failure. If their primary storage is locked down for a forensic investigation by insurers or law enforcement, they need a strategy that provides an alternative, operational environment immediately.
Fred Lherault, Field CTO, EMEA Emerging, Everpure
For 24 × 7 global organisations, recovery targets are now clearly defined.
WWW. INTELLIGENTCISO. COM / MIDDLE-EAST 19