W. Curtis Preston, AKA Mr. Backup, is an expert in backup & recovery systems, a space he has been working in since 1993. He has written four books on the subject, is the founder and webmaster of backupcentral.com, and is the host of the Restore it All Podcast. Curtis is also the Chief Technical Evangelist at Druva, a data protection as a service company.
In this episode of The Secure Talk Cybersecurity Podcast, we talk with Curtis about data protection as a service (DPaaS), backup basics, and the importance of having an incident response plan. Curtis also talks about the recent trend toward backups being a priority target for hackers. (See excerpt at the bottom of this page.)
Thank You for Listening to The Secure Talk Cybersecurity Podcast!
The following is an excerpt from the discussion with W. Curtis Preston:
Mark Shriner
Hello, everybody. Welcome to The Secure Talk Podcast. I’m Mark Shriner , and I’ll be your host for this episode of Secure Talk. Today we are welcoming back W. Curtis Preston, aka Mr. Backup. Curtis is an expert in backup and recovery systems. It’s a space that he’s been working in since 1993. He’s written four books on the subject, and currently he’s the Chief Technical Evangelist at Druva, a Data Protection as a service company. He’s also the host of the Restore It All Podcast and the founder and webmaster of Backup Central, a website dedicated to backup and recovery. We’re going to be talking to Curtis about data protection as a service. We’re also going to touch on some backup basics, and then we’re going to talk about how attackers these days, they’re actually going after the backup systems that companies are using. Before we do all that, let’s say hi to Curtis. Curtis, how are you doing today?
W. Curtis Preston
I’m great. Always happy to chat about my favorite subject.
Mark Shriner
To kick things off, why don’t you explain what is data protection as a service?
W. Curtis Preston
Well, it’s pretty simple if you compare it to everybody knows what Exchange is and everybody knows what Microsoft 365 is.
So typical companies, when they do backup and recovery, they do it like Exchange. They have a server, they put some software on it, they might buy an appliance that already has the software on it, but generally speaking, it’s a box with some software in their data center. And then you have Microsoft 365, which is as a service, right? You just go to a website and you use whatever you need to use that’s backup as a service. Which is basically instead of running and maintaining and most importantly securing a backup server in your data center, you just go to a website, in this case Druva.com, and you say, I have these servers over here that need protecting, I need to back up Microsoft 365, here’s my laptop.
You just basically authenticate it with the right things. Depending on what you’re backing up, you might need to install an agent and then all of the infrastructure that is required to create your backups, store your backups and secure your backups, all of that infrastructure is managed by the service provider, in this case Druva. And it’s made possible by deduplication by what’s called source ID deduplication.
So basically this is technology that we’ve had for about 20 years now where we identify duplicate data in the backup and source side. Meaning that means that we do the or client side, if you will, we identify the duplicate data at the thing being backed up and so we don’t actually have to send it across the network. And that’s how it’s possible to backup a pretty large data center or a large laptop or whatever. We’re backing up across relatively limited bandwidth because we eliminate most of the transfer.
Mark Shriner
I’m assuming this can be automated and you could set a schedule.
W. Curtis Preston
Yeah exactly, that’s the whole point, right. Basically it’s a trite phrase, but it should be set it and forget it. Right? And if you have a good data protection as a service, they’re also doing using modern technologies like machine learning and AI to look for patterns so that they can detect abnormal activity. Both from this server is a lot bigger than it used to be, or this server stopped backing up when it used to, or this server and the reason, by the way, if the server is a lot bigger than it used to be, it could be because it’s being encrypted.
If a lot of files are being encrypted, suddenly the backups jump in size and so that’s a security alert. Or you’re deleting a bunch of somebody’s deleting a bunch of backup. A lot of automation should be in there as part of that service, helping it to make sure that the backups continue everday.
Mark Shriner
What you’re saying is that you can automate the backup not just based upon a schedule, but also it can be triggered by certain events or activities.
W. Curtis Preston
No. So great question. So your first question was, can it be automated with a schedule? Yes, absolutely.
And that’s typically what you’re saying, I want to back up once a day, once an hour, once every five minutes, depending on what it is that you’re backing up.
And it just depends on the RTO and the RPO, the recovery time objective, how quickly you want to restore, and how much data you will accept as a loss. Because that will determine how often. So that should be a one time setup. You create backup configurations per backup type. So you’re like VMware, I’m going to back up like this. My laptops, I’m going to back up like this. Let’s say SQL Server, I’m going to back up like this.And Microsoft 365, I’m going to back up like this.
You create a backup configuration and then when you get a new VMware box, you just go back it up like all my other VMware boxes. Right, got you. So it should be completely automated. And then what I was saying was, once that automation is kicked off, there are other automatic things that should also be happening where the backup provider is watching your backups, right. Making sure that bad things aren’t happening to your backups.
Mark Shriner
Okay, yeah, I mean, it would be interesting to say, for example, hey, we can do once a day backup, but if we have an extra amount of activity, maybe we want to do a backup a bit earlier or something like that.
W. Curtis Preston
Yeah, you would just generally do that manually. Right, got you.
Mark Shriner
What are the chief concerns from your customers and prospects when they’re looking at using a backup service provider?
W. Curtis Preston
So I’d say currently security is the number one concern. And I don’t want to jump to the end of the podcast, but we’re going to talk about that more at the end of the podcast. I think, based on what I heard you say earlier, the other concern is bandwidth.
So how do I make sure that I can get my backups done. I have a certain amount of bandwidth. How can I get my backups done? And the most important question that you should be asking is how do large restores work? And we have great answers for all those questions. The way the source ID duplication works just takes care of the bandwidth issue on the backup side. It really does for most environments
You’d be amazed at the size of some of our data centers that we’re backing up remotely over the Internet. Regarding large restores, there’s basically three options. You can have a local cache of the data, you can have what’s called a reverse seed, where we ship you essentially a copy of your data on an AWS device that would have your data on it that you can restore locally. By the way, that option, the worst option, the RTO will be very long. You will pay extra for that copy, and it will take them, depending on the size of your data, will take them a certain amount of time to copy it onto that device.
Then they have to FedEx the device to you. So you’re looking at multiple days, not hours..
The best option, I think, for large recovery is to recover in the cloud. And I think that’s universally accepted for everybody. And so we’re able to automatically do those large scale recoveries in the cloud. So that generally answers the big question. As far as just my general answer on the security question, I’ll take the security of even the average cloud provider over the security of the average data center any day, especially with the way things are going on.