georgejmclittle - Fotolia

Data protection news 2017: Security issues make headlines

WannaCry and Amazon S3 buckets put greater focus on data protection security in 2017. Converged appliances, a Veeam CEO shift and private equity deals also made news.

Backup and data security became intertwined in 2017.

WannaCry ransomware and Amazon Simple Storage Service (S3) bucket leaks highlighted data protection news, forcing users and vendors to find new ways to protect data. Other data protection news showed shifts in technology and corporate strategy, such as two old-school backup vendors rolling out converged appliances, a billion-dollar-plus private equity transaction and a maturing vendor's decision to split its CEO job in two.

WannaCry shines a light on ransomware, data recovery

The WannaCry attack that hit more than 100,000 organizations in 150 countries in May brought ransomware into the public conscience, and it also highlighted the need for proper data protection. As a result, backup vendors now routinely include features designed to help combat ransomware attacks.

That hasn't stopped the attacks, though. Experts noted that ransomware attacks have become stealthier, and protection against ransomware is now more complicated. That means recovering data from such attacks is getting trickier.

News about WannaCry continued right until the end of the year, as well, when the White House in December officially blamed the North Korean government for the attacks.

See: WannaCry proves the importance of backups

U.S. blames North Korea for WannaCry

Cybersecurity experts expose leaky Amazon S3 buckets

Reports surfaced that corporations, small companies and government agencies have left terabytes of corporate and top-secret data exposed on the internet via misconfigured Amazon S3 storage buckets. Experts claim data was left vulnerable to hacking because access control lists were configured for public access, so any user with an Amazon account could get to the data simply by guessing the name of the bucket.

The list of firms affected by the data protection news included telecommunications giant Verizon, Dow Jones, consulting firm Accenture, World Wrestling Entertainment and U.S. government contractor Booz Allen Hamilton. Many in the IT industry blame end users for failing to click on the proper restricted access level on the buckets, but the publicity still prompted Amazon to build in new features to mitigate the cloud storage security problem.

Amazon added new S3 default encryption that mandates all objects in the bucket must be stored in an encrypted form. The vendor also added permission checks that display a prominent indicator next to each Amazon S3 bucket that is publicly accessible.

Still, reports of more sensitive data left exposed in unsecured storage buckets continued. In November, cybersecurity firm UpGuard reported it was able to access data in storage buckets belonging to the United States Army Intelligence and Security Command and the U.S. Central Command and Pacific Command.

See: Poorly configured Amazon S3 buckets exposed data

Don't blame Amazon for S3 issues

Dell EMC, Commvault converge backup

Relative backup newcomers Cohesity and Rubrik had a great impact on data protection news in 2017, as stalwarts Dell EMC and Commvault moved down the converged backup path the upstarts have taken.

The Dell EMC Integrated Data Protection Appliance (IDPA) launched at Dell EMC World in May. The purpose-built, preintegrated system converges storage, software, search and analytics in one appliance, providing data protection across applications and platforms with a native, cloud-tiering capability for long-term retention. IDPA includes Data Domain data deduplication technology.

Commvault answered with its HyperScale appliance that puts the vendor's HyperScale software on a scale-out storage system. The branded Commvault appliance marks a new direction for the vendor, which previously only sold software. Commvault has also partnered with Cisco, which rebrands HyperScale as ScaleProtect on the Cisco Unified Computing System. 

See: Dell EMC integrates backup technologies

Commvault hypes HyperScale

Barracuda becomes a private affair

In a deal that best represents data protection acquisitions in 2017, equity giant Thoma Bravo spent $1.6 billion to acquire publicly held Barracuda Networks and take it private. Barracuda is best known for its security products, but has steadily expanded its backup and disaster recovery platforms in recent years.

The Bravo-Barracuda data protection news highlighted a 2017 trend in the field's acquisitions. Datto and Spanning also went the private-equity route during the year. Vista Equity Partners acquired Datto and merged it with Autotask, and Dell EMC sold off cloud-to-cloud backup pioneer Spanning to Insight Venture Partners.

See: Bravo takes Barracuda Networks private

Veeam tag-teams CEO role

Veeam Software has grown up so much it now takes two chief executives to run the company. Veeam split its CEO job in 2017, naming Peter McKay and founder Andrei Baronov co-CEOs. Baronov started Veeam in 2006 along with Ratmir Timashev, who served as CEO until 2016 and remains on its board. McKay came to Veeam in 2016 as COO and president.

The division of power calls for McKay to head Veeam's "go-to-market," finance and human resources functions, while Baronov handles research and development, market strategy and product management. William Largent, who held the CEO job for 11 months, is now chairman of Veeam's finance and compensation committees.

See: Veeam shifts management, product strategy

Dig Deeper on Data storage backup tools