Kevin Reed, Chief Information Security Officer, Acronis

Kevin Reed, Chief Information Security Officer at Acronis, global cyber protection company  with dual headquarters in Singapore & Switzerland. Unicorn status since 2019, Acronis now has more than 2,000 employees and offices in 34 locations worldwide. In his 20+ years in cyber security, Kevin has been protecting the network of various organisations, including the 3rd largest bank in Europe, where he implemented cryptographic protection. As a CISO and Vice CIO of Yandex, the $10 billion NASDAQ traded search engine, he supervised the company’s security strategy. Now CISO of Acronis, Kevin is in charge of developing cutting-edge security solutions and leads the company’s Cyber Protection Operation Centres (CPOC) worldwide.


The majority of the connected population in India is hounded by one question, and that question  is, “Is there no place for privacy in India? And at what point will audiences realise that online  privacy and security go hand in hand?” 

Over the last 20-30 years, what has changed and what will keep changing down the road is technology—while foundations may remain the same, technology is constantly evolving and  changing. Companies need to implement technology as they cannot afford downtime, hence the  pressure to reduce the difference between downtime and recovery time drives the pressure  toward RTO and RPO.  

The Recovery Point Objective (RPO) is the amount of data that usually gets lost within a period,  reflecting its consequences to the most relevant business before any significant harm occurs— starting from the point of a critical event to the most preceding backup one. On the other hand,  Recovery Time Objective (RTO) generally refers to the quantity of time that an application or  system, within the process, can be down without causing significant damage, including the time  spent restoring the application as data. Ultimately, it helps to have a basic sense of alertness  regarding both RPO and RTO. 

As changes in technology are important now, one critical point of interest is the prevalence of the  cloud for data protection. Hence, with the cloud beginning to encompass most if not all data  entering the web, applying the 3-2-1 Rule as the foundation of data protection is basic. This Rule  works so that one needs to make three copies of every piece of critical data and store them  in two different formats while keeping one of the copies offsite. This Rule will ensure no  complete wipe-out of data as the offsite copy helps in protecting the data from physical disasters.  In contrast, the following two copies will include an internal drive and external media, for  example, cloud storage. 

Prevalence of Cloud  

Traditionally, companies preferred making backup copies of essential data on a specific drive and  concluding the entire storage process by sending it somewhere safe. For instance, Iron Mountain  is wholly dedicated to keeping data safe in a secure, protected environment. 

When choosing on-site versus cloud backup, opting for cloud storage as an offsite data backup  option is essential. Based on Acronis user base globally, the trend observed is that 45% of data is  in a local storage format, whereas 55% is in a cloud storage format, resulting in fewer security  breaches and human errors. It means fewer people involved in this process send a copy of one’s  data to data protection software, from where the copy of data gets encrypted and sent to the  cloud.

Companies will be using the cloud more and more to keep at least one copy of their data, which  will be considered backup data that will be capped in the cloud. With the amount of data  increasing, more and more companies will start using the cloud as their offsite backup cloud  storage.  

With clouds becoming increasingly local, there is a trend of hyper-scalers like Amazon and  Microsoft, which started with large data centers in a few countries, now applying the approach  with smaller data centers in more countries specifically to adhere to local legislation and improve  connectivity. 

The data transfer rates also depend on the network and the target’s distance from the source. As  data backups are done in massive amounts, having the backup data center close to the source  data center is helpful for backup and restoring speed. Typically, restoration occurs when data is  lost, and companies are under pressure to recover the data as soon as possible—resulting in the  pushing of data centers locally to customers because of good network connectivity and  compliance with local legislation of specific geographies. 

No matter the situation in any particular geography where companies operate, they would like to  have their backups accessible as fast as possible, especially during a data loss event. It means  that the data centers that hold their data need to be physically close in terms of network  connectivity. Because of this, Acronis has 49 cloud data centers worldwide, with that number  increasing every year. 

Organisations are also investing across the board in IT improvements and enhancements where  top priorities include data privacy and compliance with modernising cybersecurity stacks to  reduce risk. According to the Acronis Cyber Protection Week survey, 76% of organisations faced  downtime due to data loss. The downtime is the result of several common issues, including  system crashes (52%), human error (42%), cyberattacks (36%) and insider attacks (20%), with  61% of global organisations preferring integrated solutions that replace their complicated stacks  of cybersecurity and data protection tools with a unified console. 

Ransomware Loss 

Ransomware is the biggest game changer as cyberattacks grow, becoming increasingly  malicious, common, and harder to bypass. The best and most effective approach to defending  against targeted attempts to deprive companies of data is the continued merger of data protection  and cyber security into cyber protection. As malicious third parties intentionally lock the  company out of the systems, the cyber protection cycle is the only possible way to prevent those  non-random events. Starting from surveillance, the initial compromise, followed by the  propagation of network privileges, and finally burrowing down the hatchet; metaphorically with  network dominance, which turns out to be costly in terms of recovery events—ultimately  resulting in the integration of cybersecurity into the data protection process and circling back to  cloud storage.

When talking about logistics in terms of security, the amount of data is growing, leading  companies to use the cloud as an offsite data backup storage facility. But this has to keep  changing with the necessary changes in technology, preventing potential ransomware attacks that  are affected by hardware and human error. These are nothing but intentional actions by  cybercrime. With data protection legislation, various countries took different approaches to  recognise the value of data. 

Companies use two approaches: one is the Indian approach of keeping data in the country,  meaning the companies want to process the data independently. That involves the country having  adequate legislation in terms of data protection, which also requires encryption for the data  before it is sent anywhere. Another one is more in line with the European Union, meaning all  companies need to comply with the requirements to consider it a safe location for data  processing. 

Organisations are under pressure to improve both RTO and RPO, which means they need to  decrease the amount of data, including data loss events, and the time it takes to restart the  service. Despite technological advancements, additional pressure exists to respond to potential  data loss, increasing the total number of data loss events worldwide. 

Companies should now merge cyber security with data protection strategies. In addition,  companies will be pressed to reduce their power RPOs when it comes to industries like online  order processing with online auto processing. For example, customers won’t appreciate it if a  company loses their hotel or ticket reservation due to a cyberattack. 

The future of data protection will be RPOs reduced to zero. Of course, as a cyber protection  company, we commend investing in security, but it’s important to spend wisely — instead of just  building a stack of unintegrated, outdated solutions. As 2022 will continue to prove further, the  best way to utilize this budget is with integrated cyber protection solutions—before it’s too late.

Content Disclaimer

Related Articles