Transcript
Welcome everyone, wherever you're joining from today, we'll be talking about making secure cloud storage easy and predictable. I'm Jacob Simonov, the Product Marketing Manager for Veeam Vault, and I'm joined by our wonderful Sam Nichols, who is the Senior Director of Product Marketing covering cloud, Kubernetes, and anything as a service. Sam, why don't you get started with the security landscape today? Yeah, absolutely. And thank you for that very warm welcome as well, Jacob, and welcome to everyone joining us virtually. VeeamON 2025 is said to be an exciting one. I'm sure you've already seen some very exciting things, but we're here to talk about that secure cloud storage and how to make it easy. And first off, we want to talk about why you should be making it easy, and it's because we live in this world of the perfect storm of complexity and threats. The world is seeing this explosive growth in data, up to 150 plus zettabytes created in 2025, and that's going to start doubling each and every single year. So each and every single business out there is a data-fueled, a data-driven business, and as a result, that data is incredibly valuable to the organization. We're also dealing with infrastructure complexity. Now, 92% of organizations have adopted a hybrid cloud strategy, and we can look at that through two different lenses. Hybrid cloud in the notion that we're running production workloads on-premises, but we're leveraging that scalability, that agility, that flexibility of cloud storage as an off-site backup target. And that's, of course, what we're here to deal with today. But then also hybrid and multi-cloud in the notion of I'm running some production workloads on-prem, some production workloads in one or more public cloud providers. Ultimately, we're seeing that data sprawled across multiple different environments, and that too is making things more complex. And then finally is this notion of vendor lock-in. Every three years, the average organization goes through an IT hardware refresh, and particularly in the cloud, once the data is in the cloud, that vendor does not want you to see that data, or they do not want to see that data leave the cloud. After all, that's how they make their money. So vendor lock-in is a struggle for us as well. And then the big one, the big word on everyone's lips, security, right? We're seeing this surge in ransomware complexity. In fact, 96% of ransomware attacks even are explicitly targeting your backups. So we've seen this evolution of ransomware deliberately attacking backups in order to hinder or prevent your ability to successfully restore from the last claimed backup and avert paying any sort of ransom. We're also seeing ransomware evolve in terms of exfiltration events. In fact, this is how ransomware started, what, 12, 15 years ago? It was exfiltration. I'm going to find this sensitive information that's residing within production data or backup data. I'm going to download it to a Thunderride, and then I'm going to hold that company ransom by saying, I'm going to leak this data if you do not pay it. So we're seeing, again, our environments becoming more and more complex, our dependency on data growing day by day, year by year, and bad actors out there seeking to inhibit how well we use that data. So Jada, why don't you talk to us about some common backup best practices to help prevent and overcome some of these challenges and threats? Yeah, of course. That is why I want to introduce you to our nine must-haves for off-site cloud storage. The first is an out-of-the-box experience. This ensures that you do not leave any vulnerabilities in terms of misconfiguration and also remove any vulnerabilities associated with mismanaging integrations or just general day-to-day management. Free up your IT department so that they can focus on the most critical business issues that they face every single day, as opposed to just managing the cloud storage. Secondly, we have security by default. Security is of the utmost importance when it comes to your cloud storage, and there are several different avenues here to actually consider. First, you should always have encrypted and immutable data. This ensures that your data is tamper-proof and that any threats, both internally and externally, are unable to actually read your data so that if they do get access to it, you're still safe in this type of disaster. Additionally, you should also always have multiple resilience zones, and this can also be achieved through logical error gapping, which is another specific requirement within security. To really unpack what I mean by error gapping, you should have your software for backup separate from your actual storage. This ensures that if one is compromised, the other is actually not, and your data remains safe for your continued always-on operations. Sam, is there anything else you'd like to add on here, or do you want to go to the next must-have? I think you covered it great, Jacob. Let's start to look at some of these next must-haves. So number three, we've got infrastructure reliability. So selecting a vendor with a strong track record of reliability is, of course, going to be of criticality to you. We don't want to deal with unreliability issues that are going to compromise successful backups, or even worse, successful restores, right? Especially in that time of need, when tensions are high, the adrenaline's pumping, we've got to start getting the business back online as quickly as possible. Choosing a vendor that has that strong track record of reliability is going to be critical to ensuring your system's reliability and the reliability of your recovery. But it also goes beyond that, right? We're starting to look at the vast global presence. Data sovereignty, data residency requirements are growing, and the ability to make sure that data is stored within a very specific geographic region, country, sometimes even very specific state, is going to be critical from a compliance perspective and governance perspective as well. So making sure that you choose a vendor that has a broad global presence to meet those residency and sovereignty requirements, and also that vendor with that strong, reliable track record in terms of their infrastructure availability, is going to be critical to your success. Jacob, back to you. Thank you, Sam. Our fourth must-have is design for durability, and these requirements for your durability should really be kept in mind. In the cloud world, durability actually refers to the ability of your storage system to protect your data against corruption or data loss over time, and this measure is typically expressed with a number of nines. For example, 11 nines, which in Microsoft Azure would be locally redundant storage, and this refers to when your data is replicated three times across one data center. However, in this scenario, you technically are still vulnerable to that data center's outage, so then if you want to have an additional level of durability, you can employ a strategy with 12 nines, so an additional nine there to that 11 nines in the previous example, and this in Microsoft Azure, for example, would be zone redundant storage, which then replicates your data three times across three different data centers, ensuring that your data is available even in the event of one or even two data center outages in this case. This durability is definitely a must-have, as if your off-site copy is not available at the time you need it most, then what really is the value of it even being there? You need to be able to call on that card at the most critical time, so that's why durability is absolutely a must-have. And now, to... Sorry, Jacob, I cut you off there, mate, but I absolutely agree, and I can remember working with Microsoft years and years ago when, you know, Azure, and we were talking about three nines of durability, so to get up to 11 and even 12 nines of durability is exceptional, something that you can architect for on-premises, but it can be very difficult, and it's very expensive to do so, so being able to have a cloud storage solution that takes that management of durability away from you and puts it on the onus of the cloud provider is going to be critical. Kind of in line with durability, if we move to the next slide, we can start talking about performance, right? Performance is going to be critical to help us adhere to our service-level agreements or objectives, SLAs or SLOs, so this is all about making sure that we choose storage that is capable of the I.O. required to ensure that our backups complete within their required windows, but also that restores are as fast as possible, so when we do face that inevitable disruption, irrespective of what causes the disruption, we're able to recover as quickly as possible. You can kind of liken this to, you know, discs versus tapes. Both of them are going to help you recover, but one is going to be much, much faster than the other, so it's all about that tolerance for downtime, how quickly do we need to be able to restore, so performance is something key to keep in mind when selecting your cloud provider. If we move to the next slide, we start to look at it from a disaster recovery perspective as well, so Jacob was mentioning earlier about leveraging off-site backups as part of a disaster recovery strategy in case your on-premises data center has been compromised, again, for whatever reason, right? It might be some sort of security event. It might be a natural disaster. Maybe there's a malicious insider. Who knows? Ultimately, being able to target your restores to an alternate location are going to be critical as well, so when you select your cloud storage provider of choice, you also want to make sure that they have compute and memory available so you can spin up virtual machines, databases, file shares in the cloud and target those as your recovery target instead of on-premises so you have that disaster recovery-like functionality by just using backups, so it's not necessarily like a failover to a hot site and a failback, but just being able to take that production-fresh data that lives in backups that are stored in the cloud and recovering them to cloud compute resources for in-cloud recovery gives you those disaster recovery-like capabilities without the necessary complexity and expense of disaster recovery. Back to you, Jacob. Thank you, Sam. Our next one is specifically focusing on an integrated experience. Integrated experiences ensure that your onboarding experience is streamlined as well as you're dealing with potential support cases. We've seen many times in the industry where if there's an issue with one vendor, that vendor may then say that the issue is due to your work with another vendor and vice versa. This can very often delay the resolution of those support cases, and we believe that this should not be something in the way of your data resilience, and because of that, an integrated experience should be considered also as a must-have for your off-site cloud storage. Our eighth must-have is now the predictably priced model, which technically in the cloud world can be seen as rare as the cloud pricing model is actually typically quite unpredictable. There's really a lot more to the cloud pricing and for the cloud storage pricing than just storage alone. We also have API calls for read and write, data retrieval, and egress costs. Because of that, and these additional factors really do add up quickly, we do see this notion of bill shock, where your bill is significantly higher than what you had expected or even higher than what you have budgeted for, which could definitely have all kinds of adverse effects to your overall business, so we believe that having a predictably priced model makes it easier to forecast and therefore eases your budget and helps you plan appropriately for your data resilience needs. And I'll pass that off to you, Sam, for our last one. Number nine, all right, and this one may not necessarily be applicable to each and every single organization, but certainly the larger your organization, being able to leverage any existing commits that you have with your cloud provider is going to be critical. So commits are available on multiple different platforms out there, whereby essentially you're saying, I agree to spend this much on your cloud platform every single year, and in return for committing to spend that amount, you're going to give me a specific discount in return. So in the Azure world, it's called a MAC agreement, in AWS, it's an EDP. Essentially I'm going to spend this amount, you're going to give me a specific discount. So making sure that you can leverage those investments and those commits with your cloud storage and using that cloud storage to help buy down that commit is ultimately going to help you meet those spend goals and lock in that discount that you've agreed upon. So again, might not necessarily be something applicable to absolutely everyone. It's kind of on the larger side of things, but it ties in nicely what Jacob was talking about around predictability of pricing and making sure that we're as cost effective as we possibly can with our budgets. So, you know, Jacob and I have walked through nine specific must-haves for cloud storage, and I think really the notion that probably springs to mind is, hey, delivering and maintaining cloud storage is going to be a challenge. If I've got these nine things just at the surface that I've got to consider, let alone all of the different intricacies within each of those nine, that's going to be a challenge for me, therefore I'm going to forego it. You are not alone, right? Most organizations, whether from the largest of enterprises down to the smallest of businesses, agree that maintaining cloud storage is a challenge. From the unexpected cost and build shock that Jacob was just talking about, managing cloud cost is actually the number one challenge across organizations of all sizes. The next up is around architecting securely. A lot of us are IT administrators, IT generalists. We don't necessarily have any security training, security expertise certifications, nor do we have those within the cloud. So ultimately, knowing what we need to do to make sure that we are designing and architecting for security can be a challenge. And then finally, just making sure that it integrates with the backup solution as well. Again, this kind of stems off of the security piece, and it might be a skilling or resources limitation or gap. Ultimately, doing all of this can be a challenge. But that's why we introduced Veeam Vault, right? So we purpose built this to meet those nine must-haves. Jacob, talk to us a little bit about Vault, please. Yeah, Veeam Data Cloud Vault is our fully managed secure cloud storage resource built directly on Microsoft Azure, and it is purpose built specifically for your Veeam Data Platform backups. We're really trying to remove those headaches of cloud management, those unpredictable pricing models, and that need for expertise and management that can really be holding you back in the cloud strategy. Referencing back to the title of the session, it is exactly this product that is why and how we're making secure cloud storage easy and predictable. Now, with that, I also really want to just dive deeper into specifically each of our three pillars within our benefits of the Veeam Data Cloud Vault. First, security, and Veeam Vault is always going to be secure due to three specific key features that I'd really like to drill down on here. So Veeam Vault is always air-gapped, your software or your backups, as well as your cloud storage will continually be separated, and this ensures logical air-gapping. Like I mentioned earlier in the presentation, this means that if someone accesses one of these key parts of your solution, they won't get access to the other, and then you will continually have that data available to you. This also ensures having multiple resilience zones as well. Additionally, Veeam Vault is always immutable, and you cannot turn this off. We use warm state immutability, and this prevents encryption, deletion, and modification for many bad actors. And on the note of encryption, all of the data will be encrypted, and you're the only one who holds the keys so that if there is an attack, like Sam mentioned at the very beginning of the presentation, where if a cyber criminal takes the thumb drive, puts your data on there, and they threaten to leak it, well, it really won't be readable, so that kind of reduces that specific threat there with security. Sam, what do we have with Eve? Yeah, absolutely. You know, we say secure cloud storage made easy, so how are we going to make it easy? Firstly, Vault is available on demand across multiple channels. So whether your preferred procurement method is through a trusted reseller, through the Azure Marketplace, or even on the Veeam Online store, Veeam Vault is available on demand through those channels. So you can go from having no offsite backup strategy to something that's fully implemented literally within the space of minutes. If you haven't been to the Veeam.com Veeam Vault page, you could actually go through what the process looks like to get it set up. I have purposefully taken my seven-year-old daughter through this. She is capable of setting up secure cloud storage with Veeam Vault again in a matter of minutes. So it's readily available on demand. It's also fully managed. So as Jacob was mentioning earlier, we don't want to deal with the complexities and the challenges and mistakes that happen around configuration, management, integration with backup solutions. So Veeam Vault is pre-secured and fully managed by Veeam. As Jacob was mentioning earlier, it is always air-gapped. It is always immutable. It is always encrypted. So none of the pitfalls that a lot of folks typically fall into are pitfalls at all. You can easily just step over those. And then finally, Vault is also incredibly durable. So Jacob was talking about up to 12 nines of durability. That is also available with Vault. We have both 11 nines and 12 nines options, which we'll get onto in a little bit. But what this ultimately means, 11 nines means one object lost for every million objects in a thousand years. And 12 nines means one object lost for every billion objects in a thousand years. So again, these are exceptional levels of durability that are baked into the product that you don't have to go out and architect and design for. It's all done for you to be as easy as possible. Jacob, why don't you bring us home on predictable pricing? Our last benefit I want to talk about here is predictable pricing. With Veeam Vault, your pricing is inclusive of storage, write and read API calls, data retrieval, and e-dress fees. Like I said, this is specifically that benefit that will help you keep control of your costs and not see that bill shock where we go above your budgeted costs for the cloud. Secondly, Veeam Vault is very scalable. So that means you can add more capacity as you grow with simple co-terming. And this is also on-demand, meeting your needs as your needs grow or reduce as well. And then also we have guaranteed fast performance. Veeam Vault is built directly in Azure Blob cold tiers for the highest cost-effective restore performance as well. It's a really good point as well. And one of the other things that I hear sometimes is Azure Blob also has hot tier available or other cloud providers saying like hot cloud storage, though they perceive because Veeam Blob is built on cold tier that it's going to be less performant and a little bit misaligned to what I was talking about earlier about performance. Something that's important to know is Azure Blob's hot tier and cold tier are built on the exact same infrastructure. So you can get the exact same speeds, whether you're restoring or writing to hot or cool storage. What's really different is the economics behind it when you're DIYing this yourself. But again, like Jacob's mentioning, we've made it incredibly predictable. So you are guaranteed the highest performance object storage with Veeam Vault as again, it's built on Azure Blob cold tier, which is the exact same infrastructure as hot tier. Yeah, very, very insightful addition there, Sam. Thank you for that one. And what do we have as far as the pricing model here for our Veeam Vault? So for the foundation editions, we're starting at $14 per terabyte per month compared to that of our advanced edition coming in at $24 per terabyte per month. Both of these editions have that predictable pricing. They're always secure, meaning they're always immutable, encrypted, and logically air-gapped. And again, the predictable pricing nature means that both of these models include that API calls, retrieval, and egress cost. Why don't we get into more of the differences between the two editions as well? Yeah, no worries, Ray. So the first up is around that durability, right? The 11.9s and 12.9s. Again, 11.9s is an exceptionally high level of durability. Remember, one object for every million objects lost in 1,000 years. So 11.9s, especially if you're using Vault as a secondary backup target, is going to give you an exceptionally high level of durability. But for those organizations that want to go that extra mile, get up to that 12.9s, one object every billion objects in 1,000 years, we do have that advanced edition available in order to meet those high levels of durability. The next difference comes around reads and respalls. Within Foundation, we implement a fair use policy. This is a common policy that is available across all Vault-like offerings. So with Beam Vault, we give you a 20% fair use policy. So that means that 20% of the total data that you have stored in Vault can be restored at no additional cost. So let's say you have 100 terabytes, you can restore up to 20 terabytes in any given year with no additional costs. This is twice what the competition offers, and it actually is in excess of average read restore patterns in theme installations. But for those that want an unlimited number of reads restores, again, head over to the advanced edition, especially those organizations that are undergoing frequent testing. That's that zero part of the 32110 rule that Jacob was talking about. Advanced edition is going to be the option for you there because it doesn't have a ceiling in terms of how many times you can read or restore from the storage, but that's a real world scenario or a test scenario. And then the final difference is just around how granular you can be when choosing where you want your data to live. So we, again, know that data residency, data sovereignty concerns are apparent, especially in heavily governed spaces. On foundation edition, you can choose the specific country that your vault will live in, but Veeam and Microsoft will choose the very specific Azure region that it will live in. So for example, here in the United States, there's more than half a dozen different data centers available. You would choose the United States and Veeam and Microsoft would choose the very specific region that your data would be targeted to. But if you do want that full control, that full ownership and want to pick the very specific region, again, moving over to advanced is going to give you that granular choice. So as Jacob mentioned, they're always built on Azure Blob, they're always predictably priced, they're always pre-secured, but those are some of the differences between the two. So if we move to the next slide, this just starts to look a little bit of the Veeam Vault architecture to help you also understand just how it works. So over on the left hand side, this is your environment. You're likely living within your environment with your Veeam Data Platform deployment there. So you authenticate within Veeam Data Platform and the Vault UI and Veeam Data Platform will authenticate against the Vault service itself. But the purpose behind showing you this is to show you that the backup and restore mechanisms do not traverse any sort of Veeam Vault service. They are going directly to the Azure Blob container within that region that you have specified. So there is nothing in between that is going to cause any sort of throttling, bottlenecks, or decreases in IO performance. You are going to get the full performance writing to that Azure Blob storage, nothing to do with bulb stands in the way. So that's a critical piece that I just wanted to show just around the performance piece as well. So I think that's kind of bringing us to an end, Jacob. Why don't you bring it home, please? Yeah, so overall, Veeam Vault is our secure cloud storage made easy solution. Hopefully, you got a better idea of how we're making secure cloud storage predictable and simple. And here, there's a QR code. I invite you all to scan this and check out our product page on veeam.com for Vault. Thank you all for joining. Bye.
