2021

Cloud Protection
Trends Report
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

Introduction About the research

"WHEN YOU MODERNIZE PRODUCTION, An independent research firm was
commissioned by Veeam to survey 1,550
YOU MUST MODERNIZE PROTECTION" unbiased IT decision makers respondents
responsible for IaaS, SaaS, PaaS, and backup
@JBuff in the AsiaPac, Europe, North America and
South America regions, to assess the
One of the most transformational modernizations of "production" IT is the utilization challenges, drivers and backup
of cloud-based services in lieu of, or in supplement to, traditional servers within data considerations among IaaS, PaaS and SaaS
centers. personas
This research report summarizes a recent global survey of 1,550 unbiased organizations This was conducted to better understand the
across 14 countries to understand their approaches toward cloud-based production IT market landscape of adoption trends, drivers,
today – and the ramifications for their data protection strategies moving forward. challenges, and protection strategies for
This includes how they expect to be prepared for the myriad of IT challenges they face, cloud-powered production IT in 2021.
including hybrid cloud solutions, disaster recovery initiatives, as well as SaaS
and container usage.
The Veeam perspective
This report is presented in four sections:
While the majority of this report
1 | The realities of hybrid cloud is based on unbiased research
2 | Disaster recovery to cloud-hosted infrastructure from an independent firm, this section
is included as Veeam’s commentary,
3 | SaaS-based applications such as Microsoft (Office) 365 mention of applicable capabilities
4 | Containers or offerings, etc.

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

Hybrid is here
For the past few years, Veeam has sponsored
an independent research firm to conduct what
is believed to be the largest data protection report
Approximately what percentage of your organization's production in our industry. Looking at the year-over-year
data is protected by each of the following mechanisms? trajectory of hybrid IT:
Thinking ahead two years, which of the following do you Physical servers (left) are expected
anticipate being your organization's primary method to gradually decline within one’s overall IT
of backing up data? infrastructure
52% Virtual servers (middle) are anticipated
n=1,814 IT TDMs and EDMs
47% to remain “flat” – 30% from 2020 to 2022…
http://vee.am/DPR21report or 23/24% from 2021 to 2023
41% Cloud-hosted servers (right) are expected
38% to grow to nearly half of all servers by 2023

30% 32% As COVID accelerated IT modernization,

29% 29% 30%
organizations accelerated their usage of multiple
24% 24% cloud-hosted IT delivery models, including:
23%
IaaS for Production – running servers within
managed service providers or hyperscale clouds.
IaaS for Disaster Recovery – leveraging
that cloud infrastructure as a secondary “site”
for BC/DR
Software-as-a-Service – running applications
directly as a cloud service, e.g. Office 365

Physical servers within your
datacenter
2020 Actual (pre-covid)
Virtual machines on hosts within Hosted virtual machines within a
Containers – running “native” serverless
applications and frameworks, e.g. Kubernetes
your datacenter Hyperscale or Regional Service
Provider
One key point = Regardless of how your data
2021 Actual 2022 Estimated (pre-covid) 2023 Estimated is hosted in a cloud, it is still your data.

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

As a secondary site for Disaster Recovery

Realities of hybrid cloud
FIG 1.1
For which use cases does your
organization use a cloud-hosted 21%
infrastructure?
"High-priority" production workloads
n=1,553 Reality # 1: The IT world is undeniably hybrid
47% and not in “transition” before the data center
goes away. There will be a mix of physical,
"Normal" production workloads virtual, and hosted for the foreseeable extended
55% future – so organizations will need to continue
managing this hybrid state for their data
Development (non-production) protection.

36% Reality # 2: The cloud is not “new” for most

organizations; over 40% of all respondents
have been using production services
in the cloud for more than 24 months.

FIG 1.2
How long have you been using
the public cloud in production? More than 24 months 41%
n=846 Between 12 and 18 months
Between 18 and 24 months
Between 6 and 12 months
Less than 6 months 2%
The Veeam perspective
25%
Data is moving and IT platforms are
19% changing. Physical to virtual to cloud
to containers, this evolution shows that
13% data lives in multiple places, so organizations
need the flexibility to protect their data
regardless of physical location, hypervisor
or application. Protecting, recovering and
managing that data is where Veeam can help.

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

FIG 1.3
Of the production Migrated from virtual machines
To the cloud & back again
workloads brought online within the data center 32%
within a cloud in the last Increased use of cloud does not necessarily mean
year, where did they Migrated from physical servers the decline of the data center; it means the dilution
originate? within the data center 30% of physical/virtual servers as organizations add cloud-
hosted servers to their environment.
n=850 First created in a cloud (not migrated) Only 3 of 5 cloud-hosted servers were migrated
38% from the data center – the other 38% were first
created in the cloud; validating the “cloud first”
strategy that many orgs are running under. It is also
notable that “On-prem to cloud” is not always a one-
way path. While 58% of organizations have
FIG 1.4 No, we have not brought cloud-hosted not brought any workloads back on premises,
Have you brought 2 in 5 orgs have for one or more purposes.
workloads back to the data center
any workloads BACK So, while hybrid cloud is growing, it is not accelerating
from a public cloud host 58% at the expense of the modern data center –
to on-premises? it is in addition to.
Yes, brought online during a disaster –
n=945 then brought back on-premises
The Veeam perspective
7%
Irrespective of where a workload might live today
Yes, developed in a cloud – (or in the future), it always needs protection –
already planned to run production within a data center even when in the public cloud.
Veeam Platform is the most complete data
23% protection solution for all data — on-premises
and cloud-hosted. Veeam is designed to accelerate
Yes, migrated from on-premises to a cloud – business agility by providing a single platform
but decided to bring back on-premises for cloud, virtual, physical, SaaS and Kubernetes
data management and protection that extends
23% beyond "just" backup.

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

FIG 1.5
Which team(s) within your
Central IT Team
63%
Who is backing up the cloud?
organization are involved in
54%
determining your data protection
strategy and requirements Cloud decision-making team Traditionally, the responsibility for backup has
for public cloud resources? 56% fallen to the data protection team under central
55% IT; however, the cloud approach is changing
n=945 IaaS Admins Application owners/administrators this.
n=332 Backup Admins
35%
36% New stakeholders (LOB owners, DevOps,
Data protection team and Compliance) are now leaning in on core
34% data protection decisions. This makes complete
33% sense as traditional IT solution stacks evolve
Compliance & Governance teams toward PaaS (microservices and containers)
18% IaaS Admins (n=945) and SaaS; the owners of the investments into
19% Backup Admins (n=332) those services are now taking a vested interest
in backup and recovery capability.

FIG 1.6
In general, who manages
The same individuals who manage on-prem backups also manage The Veeam perspective
cloud backups
the backups/data protection
66% Veeam's modular approach to cloud-native
of public cloud-hosted 64%
resources? backup and recovery provides purpose-built
The same individuals who manage cloud-hosting also manage cloud backups
backup and recovery available as:
43%
n=945 IaaS Admins 37% • A single platform for centralized multi-cloud
n=332 Backup Admins
Different individuals (on-prem vs. cloud) within a dedicated backup team data protection, management and cloud
11% mobility and cloud-hosted workloads
10%
• A standalone solution for AWS, Azure
We do not back up the data from public cloud-hosted infrastructure and Google Cloud for cost-effective backup
7% and recovery within each cloud
11% IaaS Admins (n=945)
Backup Admins (n=332)

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

FIG 2.1
How do cloud services contribute Cloud-based DR
to your disaster recovery (DR) strategy?
n=1,277 For many organizations, backup storage
and/or secondary infrastructure for disaster
recovery (DR) are their first endeavors in
We use cloud-based storage to store off-site cloud services, often in evolutionary
phases:
data (but intend to restore the data back to 40%
an on-premises location) • Start with survivable data
(via backup or replication)
to an off-site location

We are configured to use cloud-hosted • Then, typically a self-managed

infrastructure as a secondary site 39% cloud infrastructure in lieu
of secondary data centers
to be reconstituted during crises
• Finally, leveraging purpose-built DR
We use a purpose-built Disaster Recovery as capabilities (e.g. DRaaS) not only
a Service (DRaaS) solution
27% for secondary infrastructures, but
also orchestrated workflows, BC/DR
expertise, best practices,
and testing/documentation

We do not use any cloud services as part of

our DR strategy 19%

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

FIG 2.2
How are operations resumed
Recover on-premises - data is mountable in the cloud and we execute
from on-premises.
Cloud-based DR
for your DR function?
40% Even before cloud-based DR, the capabilities
n=1,007 to recover after crises of all sizes varies predominantly
due to the agile-ness of the secondary data:
Recover on-premises - data is offsite and needs to be pulled back on-site
Are you “restoring data” or “recovering servers”?
There are reasons for each, but this choice will define
25% your strategy based on your protection capabilities.
Recover in the cloud -- we have preconfigured servers that would Where will the recovery occur?
spin up but networking is manual At the original location, alternate location, or cloud-host;
based on how the business process resumption
22% will occur.
Recover in the cloud - we have preconfigured servers and networking How much can you orchestrate?
and all necessary components can be resumed What capabilities can you pre-script the recovery actions,
ideally for consistent testing and for predictable actual
12% recovery.

FIG 2.3 The Veeam perspective

What kind of failover/failback
mechanisms do you use We have written scripts for reconnecting
resources that are now running remotely
for resuming functionality?
50%
n=1,007
We will manually reconfigure user
connectivity during the crisis
34%
We have orchestrated workflows that will
reconnect resources that are now running
remotely 16%
From an operational standpoint, restoring
to the cloud is similar to restoring to a data
center hypervisor using Veeam, making it simple
for Veeam customers to test and execute cloud-
based DR plans.
Veeam partners are service providers are excellent
resources to help ensure your cloud infrastructure
is ready to receive the workloads ahead of time.
Having the proper cloud architecture and ability
to readiness verification is crucial to success.

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

Network configuration during testing, while production is still functional

FIG 2.4
What challenges have you
experienced in using/testing Connectivity for users within corporate locations
54%
Cloudy DR isn’t Easy (yet)
the public cloud for DR? 47%
Securing the remote site against cyber-attack or access
n=1,007 Re-hosting servers that went down in one location
43% and came back online elsewhere is already
Current cloud DR users Connectivity for users working remotely hard. It can be even more difficult if those servers
42% went down as datacenter servers and came back
Bringing up servers at remote locations within a cloud host.
29%
How to reconnect the networks to ensure
Verifying functionality of the remote servers’ application productive access without exposing a security risk
17% is a key consideration among both current DR
users and those not yet leveraging cloud DR,
which is even more complicated when the
recovery is from less than a whole-site failure,
so current users must now access some old
Cloud infrastructure is not secure enough or would violate compliance requirements and some rehosted servers simultaneously.
FIG 2.5 20%
You stated that you Our DR strategy uses a remote third-party BC/DR location
This is certainly achievable, but not (yet) easy.
do not use cloud-hosted 18%
infrastructure as part Cloud infrastructure is too expensive
of your DR strategy.
Why not? 14%
Our DR strategy utilizes our multiple data centers protecting each other
The Veeam perspective
n=241 14%
Veeam's portable data format allows for easy,
IT professionals Cloud-based failover doesn’t provide enough manageability or orchestration
bi-directional data movement from on-prem
NOT using cloud DR 12%
to cloud 1, cloud 1 to cloud 2, cloud 1
Too much invested in our existing DR facilities
to on-prem, and all combinations.
7%
Our IT is outsourced, including DR capabilities
Data portability and cloud mobility
7%
are differentiating concepts and capabilities
Cloud-based failover is too complex or impractical for our workloads
for the Veeam Platform.
5%

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

FIG 3.1
Which team(s) within your
Central IT team
68% Why Back Up Office 365?
organization are involved 62%
Office 365's backup strategy has very similar
in determining your data Cloud decision-making team
behavior to what we also saw earlier in cloud
protection strategy 57% backup. As in the previous case, the core IT
and requirements 48% operations team is defining strategy far more
for SaaS-based applications? Data protection team often than the back of admins. That said, who's
48% responsible for backups differs – it is not typically
n=276 SaaS admins 34%
n=332 Backup admins central IT doing backups; it’s the SaaS admin.
Applications owners
32% This makes a lot of sense because the SaaS
29% application requires a different kind of expertise
Compliance & Governance teams that IT is probably not going to have. Not only
SaaS Admins (N=276)
20% backup, but more importantly, restore.
Backup Admins (N=332)
10%

The Veeam perspective

Regardless of the team in charge of the
FIG 3.2 Different individuals (on-prem vs. cloud with a dedicated backup team) backup, the most important step for these
Who manages 6% organizations was in first determining that
the backups/data protection Office 365 data was their responsibility and
6%
for Office 365? needed to be protected.
The same individuals who manage on-prem backups
n=374 SaaS admins Veeam Backup for Microsoft Office 365 is a
n=194 Backup admins 34% comprehensive solution that is easy to learn
38% and manage. So that even the least
experienced IT admin can get up and running,
The same individuals/team who manage the Office 365 application estalishing Office 365 backup jobs and
59% performing restores very quickly.
56%

SaaS Admins (N=374) Backup Admins (N=194)

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

FIG 3.3
What are your primary reasons Why Back Up Office 365?
for protecting the data from Office 365? It is an urban myth that SaaS, particularly Office
n=194 SaaS admins 365 admins, don't believe that their data should
n=180 Backup admins be backed up, and that perhaps the recycling bin
is "good enough".
Accidental deletion of data
The reality is that both SaaS admins and Backup
58% admins agree on the reasons Office 365 still
49%
Preparation against cybersecurity attacks
requires traditional backups above and beyond
57%
the built-in availability mechanisms. Most notably
47% the actual deletion of data, resiliency versus
Malicious user or other internal threats cyberattacks and malicious threats, and long-term
48% retention and regulatory requirements.
42%
Better restoration capabilities (e.g. granularity) than built-in functions
44% The Veeam perspective
47%
Compliance or regulation requirements Too many IT professionals still assume
43% that because Office 365 is natively resilient,
29% it doesn’t need to be backed up. Others still
Internal policy for data retention don’t know what to look for in a backup vendor
38% or make the mistake of choosing a vendor that
28% insufficiently protects the myriad applications
Centralized or simplified restore capabilities within Office 365 or doesn’t accommodate their
38%
37%
recovery needs.
To extend retention beyond built-in mechanisms Veeam Backup for Microsoft Office 365 allows
35%
the flexibility to deploy and store data in nearly
33%
any cloud or hardware platform, enables
As part of migration processes
6% customizable protection per application,
SaaS Admins (N=194) and helps recover data in whatever way makes
12%
Backup Admins (N=180) the most sense for each organization.

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

FIG 4.1
How are you backing up data
within your containers?
Containers
Even though the IT roles in charge of deploying,
n=385 IaaS admins managing and protecting containers (and its data)
n=181 Backup admins
n=143 SaaS/PaaS admins
46% varies greatly, there is relative consistency
between personas as to whether container-based
data needed to be backed up, and if so, by what
kinds of mechanisms.
35% As more “stateful” container applications
32% 33% are brought into production, the need to protect
the data holistically (meaning native within
the container, instead of “just” the storage
25% repository) is likely to grow – and presumably
22%
the requirement for third-party native backups.
21%
19%

14% The Veeam perspective

12% 12%
Kubernetes environments requires an application
8% centric approach vs. infrastructure focus.
7%
5% Unfortunately, regardless of platform, data
4%
loss scenarios still take place in Kubernetes
which are not addressed by availability/replication –
so organizations still need a backup solution
Our containerized Our container architecture is Our containerized We do not currently back up We back up our container that works against a wide range of Kubernetes
applications do not have natively durable, so we do applications stateful data is the data from our data using a third-party tool
application stacks and deployment methods.
data that needs to be not back up contained separately (and containers, but are looking
backed up backed up there) for a solution
Kasten K10 has been built to focus on the
application, is Kubernetes native, can run in multiple
cloud and on-premises clusters, and is data services
IaaS Admins (n=385) Backup Admins (n=181) SaaS/PaaS Admins (n=143)
aware.

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
 INTRODUCTION 1.0 PRODUCTION IAAS 2.0 IAAS FOR DISASTER 3.0 SOFTWARE-AS-A-SERVICE 4.0 CONTAINERS CLOSING
RECOVERY

Summary About the Authors

The industry analyses of this data was
Cloud-based IT is inevitable for almost every organization, though authored by the following contributors
unlike every IT generation before, there is not just one “modern”
architecture. In the past, nearly everyone standardized on Jason Buffington
Midrange, then NetWare, then Windows, then VMware-powered VP, Solutions Strategy
@JBuff
virtualization. This time, there are several “modern” scenarios
including IaaS, SaaS, PaaS, and containers – each with various Dave Russell
benefits and each with different data protection requirements. VP, Enterprise Strategy
@BackupDave
This research shows that while central IT is still most often defining
overall data protection strategy, which is especially important for Julie Webb
consistency of governance and compliance in retaining data that Director,
Market Research & Analysis
may be more natively resilient in the cloud but still just as necessary
to preserve.
That said, it is easy to see that differing maturations in cloud To download additional materials
platforms’ adoption are yielding differing understandings of who from this research, click HERE
and how to back up production data in the clouds.
For questions
on this research or its usage:
StrategicResearch@Veeam.com

Cloud Protection Trends Report for 2021 - published by Veeam in August 2021 (N=1,550 unbiased IT Decision Makers across 14 countries, including IaaS, SaaS, PaaS, and Backup administrators)
Thank you!

veeam.com