Earlier today we brought you the news about some important updates to IBM Storage’s portfolio that will enable data protection at the workload level. This should boost the cyber resilience of organizations. We spoke with Scott Baker, VP at IBM Storage for the company’s Hybrid Cloud Portfolio, about this development prior to these announcements. What does this mean for the storage market?

Cyber resilience has a strong cybersecurity flavor these days. However, this was not always the case. Making an organization resilient to hardware and system crashes, human error, sabotage and natural disasters also falls under cyber resilience. However, these are things that do not occur tremendously often. Today, we are dealing with a completely different type of cyber resilience, which comes on top of the existing variants. The cause of this new variant of cyber resilience is – predominantly – ransomware. Baker cites figures from IBM’s own research (from August 2022) showing that 83 percent of organizations that participated have had to endure more than one ransomware attack in the past year. Those attacks not only result in high costs, but also a lot of data loss and high downtime for the organizations.

Results of ransomware surveys (Source; IBM)

The above shift regarding cyber resilience has implications for organizations’ data strategy. “Interestingly, quite a few organizations still think that storage systems and locations are not a major attack vector,” Baker remarks. So that needs to change. That is why IBM introduced an assessment early this year to help organizations understand the risks. “This is a vendor-agnostic assessment, primarily intended to start the conversation,” according to Baker. Should an organization then choose one or more other storage providers after such an assessment, they can do so. From IBM’s perspective, of course, they would prefer those organizations to do business with IBM. However, having the conversation with organizations apparently is so important right now that IBM is willing to run that risk.

Immutability with IBM Safeguarded Copy and FlashSystem Cyber Vault

IBM does not just have the assessment to improve the cyber resilience of organizations. Step by step, the company has developed features and solutions to help organizations secure and analyze their primary and secondary data.

Securing the data all starts with ensuring that there is a secure copy of the data. If you don’t have one, then you effectively have no cyber resilience. That’s what IBM offers with Safeguarded Copy. This is a snapshot of your data on an IBM FlashSystem. This snapshot is on the same FlashSystem that the data is on, but it is completely isolated from the rest. So it is an immutable snapshot of the data. Baker himself refers to it as “logically and operationally airgapped”. That is, should the FlashSystem be infected with a virus or ransomware, it can never get to the snapshot. If you also want to physically airgap it, you can, Baker points out. You can tag the snapshots that are guaranteed to be healthy and write them to tape.

With just a Safeguarded Copy, however, you’re not there yet. In order te know that snapshots are healthy, you will need to scan them. That’s why IBM has built an architecture called IBM FlashSystem Cyber Vault alongside or on top of Safeguarded Copy, depending on how you look at it. This allows you to fully automate the scanning of the copies you have made. You can then act quickly if there is an infected copy among them, but you always know which one you can restore.

IBM Spectrum Sentinel

The automated scanning of snapshots is step two of three. Just knowing which snapshots are healthy and which are not is not enough. Unless you want to start restoring everything manually, of course, but most organizations won’t feel like doing that. That is why IBM has developed Spectrum Sentinel within its Spectrum Software-Defined Storage offering. This solution is indebted to both SafeGuarded Copy and FlashSystem Cyber Vault. That is, it uses Cyber Vault’s architecture and relies on SafeGuarded Copy’s snapshots to perform what it is intended for. That is to automate the creation of immutable backups of data. Spectrum Sentinel analyzes the copies and then turns the safe snapshots into immutable backups.

IBM Spectrum Sentinel (Source; IBM)

With the combination of Spectrum Sentinel, FlashSystem Cyber Vault and Safeguarded Copy, Baker says IBM has an extremely powerful and, above all, very fast solution in its portfolio. “We’re talking about recovery times of minutes”, he voices IBM’s official statements. He adds that he would actually prefer to say seconds, so much confidence does he have in the solution. Part of that speed is no doubt also due to the fact that we seem to be dealing here with immutable snapshots on the FlashSystem arrays themselves. It is, however, also possible to leverage the cloud. “IBM Spectrum Virtualize runs in the cloud, so it is certainly possible to create immutable snapshots and backups in the cloud”, Baker points out.

Expanding step by step to specific workloads

IBM Spectrum Sentinel has not been on the market for very long. Also, it targets very specific applications or workloads. Its official launch was last June. Initially, it only supported the EPIC application that is widely used in healthcare. IBM did this, according to Baker, because that’s where the need was highest. In addition, it provided a little more control for IBM in the rollout. It also indicates that Spectrum Sentinel is not just about securing and restoring the data, but also about the application that goes with it. That, in fact, is pretty important when restoring snapshots or backups. “The restore point is different for every application”, Baker explains. With some applications, you have to go back much further in time than with others, for example.

One of the important announcements earlier today was the extension of IBM Spectrum Sentinel toward SAP HANA, SAP’s relational database. That is, from now on it will be possible to use Spectrum Sentinel to analyze immutable SAP HANA snapshots for anomalies and automate the orchestrations of restoring snapshots/backups. Spectrum Sentinel for SAP HANA uses the same technology for this as previously used in EPIC software, but with tweaks specific to SAP HANA to it.

IBM Spectrum Protect gets broader support for SaaS workloads

Many workloads and applications today do not run in their own data centers. However, SaaS services nevertheless use data and store it somewhere. By default, the providers of those services do not provide a backup of this data. In the shared responsibility model, data is always ultimately the responsibility of the end user. Many people still don’t realize that, Baker points out. “Many people think the backups are done by the SaaS provider,” according to him.

To address the above problem, IBM has expanded the IBM Spectrum Protect offering. IBM Spectrum Protect is IBM’s backup and recovery suite. Obviously, the first SaaS service IBM added was Microsoft 365. That really did take some heavy lifting, Baker points out. But all that hard work did provide a foundation for IBM to build on. That is, to add support for a new SaaS service, IBM only needs to make some workload-specific changes. Today it is the turn of Salesforce, the world’s second-largest SaaS platform. IBM Spectrum Protect Plus Online Services for Salesforce, as the new service is called, offers the ability to combine daily backups with on-demand backup and recovery capabilities.

Quarterly support for new workloads

The fact that both Spectrum Sentinel and Spectrum Protect Plus Online Services are relatively easy to customize for new workloads makes it clear where this is going. It looks like IBM is going to add all relevant workloads within (enterprise) organizations to Spectrum Sentinel and Spectrum Protect Plus Online Services one by one. After all, it takes relatively little time and effort to do it. “We hope to add more vendors every quarter”, Baker indicates. Next up for Spectrum Sentinel is VMware, he says. But in addition to SAP HANA, of course, there are other commonly used databases within organizations, so we expect workloads from Oracle, for example, to be added fairly soon as well.

Finally, these extensions are also very interesting for IBM Storage because it’s all software. That means an engineer doesn’t necessarily have to come by to install anything. Of course, this will happen if you buy storage arrays from IBM in addition to these services, but in principle you don’t have to. For IBM, this undoubtedly opens all kinds of new doors for customers who until now have not really had any interest in IBM Storage.

All of the above is not all that is going on at IBM Storage, by the way. For example, container-native storage is another topic that IBM Storage is getting more and more involved in. Spectrum Fusion offers software-defined storage for the Red Hat OpenShift Container Platform. Baker tells us that that will include support for OpenShift on AWS soon. That opens up yet more new opportunities for IBM Storage, which we will not go into here. That may be something for another time.