The News: IBM announced today it is bringing enhanced data protection capabilities to the IBM FlashSystem family of all-flash arrays to help companies better plan for and recover quickly from ransomware and other cyberattacks. Read the full press release here.
IBM Storage Adds Enhanced Data Protection to FlashSystem Showing a Focus on Security, Ransomware, and Storage
Analyst Take: IBM Storage adding enhanced data protection to FlashSystem shows a clear focus on security, ransomware, and storage. Hot on the heels of the Q2 earnings announcements for IBM and a tough quarter for IBM Storage the team announced updates to the core FlashSystem range, along with a new Storage-aaS model. IBM has been in the storage domain since storage was invented as a category and can list numerous firsts in the industry. While today’s announcements are not as significant to the storage market of the day as IBM developing the floppy disk back in 1972, they are significant.
IBM’s Focus on Security, Ransomware, and Storage
It’s clear that IBM is rightly focused on security, ransomware, and storage. Cybercrime, and in particular, ransomware attacks have spiked, with nation states regularly leading the charge. Cybercriminals have focused on and taken advantage of the increasingly distributed data landscapes and ramped-up the frequency of their attacks. The most common form of ransomware is to gain access to and then encrypt corporate data to block its access and/or expose it unless a ransom is paid. According to cybersecurity firm, SonicWall, ransomware attacks rose to 304.6 million in 2020, up 62% over 2019, mainly due to the shift to remote working caused by the pandemic. The pace of these attacks is still increasing, with data showing that through May of 2021, the group reported 226.3 ransomware attacks already, up 116% year-to-date over 2020.
Against this backdrop, IBM deciding to focus on security for this latest series of announcements makes perfect sense. Storage updates from vendors normally focus on speeds and feeds and how fast the array is at serving data. I was relieved to hear none of that from IBM this morning when Sam Werner and Scott Baker covered the announcements on an IBM webinar. While the session was marketing level focused and relatively scant on actual product details, I did get a good sense of the engineering work IBM has undertaken to bring the FlashSystems’ capabilities to market.
“Protecting against ransomware and other forms of malware requires a two-pronged approach to resiliency that involves automated protection and rapid recovery,” said Denis Kennelly, General Manager, IBM Storage. “That’s why we’re standardizing our modern data protection software, Safeguarded Copy, across our portfolio, bringing even more cyber resiliency to IBM FlashSystem. Cyberattacks are on the rise, but data can be protected and restored when you are prepared.”
IBM Storage Enhancements Provide Safeguarded Copy
IBM Storage enhancements provide protection by way of something called Safeguarded Copy, which allows IBM clients to automatically create data copies in what the company calls “immutable snapshots” that are securely isolated within the system and cannot be accessed or altered by unauthorized users. In the event of data loss, a data breach, malicious activity or any other event that compromises data or disrupts operations, customers can recover their data from up to 1,500 snapshots based on known points-in-time prior to the breach. Once in the pool, the data is only actionable after it has been recovered, eliminating the risk of data tampering or deletion.
Safeguarded Copy is based on technology within the IBM DS8000 family delivering security, cyber resiliency and recovery innovations across the entire IBM Storage portfolio. IBM has a comprehensive approach to providing encryption at rest and in motion, as well as data replication, to the physical air gapping available with IBM tape solutions, to the Write-Once-Read-Many (WORM) capabilities within the virtual tape libraries.
What was particularly interesting to me was that the storage admin that creates the Safeguarded copy is unable to delete or modify the copy. This removes the social engineering threat vector which, according to multiple reports, can account for as much as 30 to 40% of attacks. IBM has a track record of focusing on air-gaping solutions and has featured EAL5+ certified Logical Partitions on its Z platforms for decades. This focus on bringing this same thought process to the company’s Storage systems shows a depth of focus on the security and recovery use cases that will resonate in the current threat landscape.
When I asked Werner and Baker on the announcement call about the uniqueness of this solution, they acknowledged that EMC has a similar capability in the PowerMax range, but that they believed Pure Storage has distinct weaknesses in this area. I will need to delve further into the functionality announced today, as well as these assessments by the IBM team and have asked IBM for a more in depth briefing, so check back for more updates when they are forthcoming.
More Than Just the Storage Array
The announcements from IBM Storage today were more than just the usual Storage array. In addition to the Safeguarded copy functionality announcement, IBM went further and announced that Safeguarded Copy can now be integrated with IBM Security QRadar®. QRadar monitors activities and looks for signs that an attack may have begun, such as the attempted logging in of an unauthorized person. I found the fact that QRadar can now be used to proactively invoke Safeguarded Copy to automatically create a protected backup at the first sign of a threat very interesting. This means that IBM has focused on integrating the storage array copy functionality with storage logging in QRadar to check for anomalies or peculiar login activity. If an anomaly is detected in QRadar then Safeguard Copy automatically kicks off a copy. This reduces the time between an anomaly being detected and the time to ensure data is protected. I believe this is a significant development and that IBM needs to stress the importance of this integration more to clients, as it should radically reduce the impact on data loss in the event of an attack and speed up the recovery process.
Of course, I will need to get closer to the offerings and then fully digest the full technical details, but I believe that if clients are looking to secure their data, IBM has demonstrated a focus on solving the issues at hand that is more thought through than some of their competitors who are more focused on ease of use and cloud delivery models.
IBM Finally Moves Into Storage-as-a-Service (STaaS)
When it comes to Storage-as-a-Service (STaaS) offerings, IBM has been slow to the game and have let competitors such as Pure Storage and HPE’s GreenLake gain traction in the market with STaaS models where clients only pay for what they use. Details on this offering were scant during this briefing, and I will need to get more details from IBM to comment further, but IBM did give these details in the press release:
Pricing for IBM Storage as a Service will be offered in three tiers that consider the level of system performance needed, capacity required, and the length of commitment. The service will start as low as $27/TB/month on effective basis and come with full concierge lifecycle services. In addition, customers will have the ability to take advantage of IBM’s optional 100% data availability guarantee. For each solution, IBM will provide about 50% of additional reserve capacity above customer base needs to be able to respond immediately for data growth. The reserve capacity will be billed at the same rate as the base capacity once it is utilized.
IBM and Hybrid Cloud
As our team here at Futurum Research has covered extensively, IBM is clearly all-in on hybrid cloud. It’s clear that clients want an alternative or complementary approach to a pure-play public cloud model, and we see that well-reflected in the market for hybrid cloud as a whole. IBM is allowing clients to drive hybrid cloud connectivity with IBM Spectrum Virtualize for Public Cloud, which supports IBM Cloud and AWS, and with planned support for Microsoft Azure. IBM Storage-as-a-Service will also support hybrid cloud solutions deployed via cloud-adjacent architecture at Equinix. I will need to understand more about actual deployment architectures, replication options and data charges to fully comment, but this level of hybrid cloud deployment choice is to be expected.
IBM plans to make its IBM Storage-as-a-Service offering available across North America and Europe in September. The company plans to extend the service to other regions around the world in the future. The service joins IBM’s existing as-a-Service offerings, including the IBM Storage Utility service and IBM Cloud Storage services, all of which are designed to provide customers with the ability to access and integrate IBM innovation in the most effective manner possible, across any hybrid cloud environment.
Overall, the announcements today are part catch-up and part innovation. The STaaS offering is long overdue and even IBM acknowledged in the webinar that the offering is comparable with others already in the market, such as HPE GreenLake. IBM will have to be more holistic in the company’s approach to server and Storage-as-a-Service if it is to gain the market traction the underlying technology deserves.
However, the security functionality launched today is interesting and exactly what the market is looking for. I will need to get more insight into the QRadar integration and the level of automation it can drive on the FlashSystem arrays, but IBM is certainly making strides in a domain that is both needed by clients but also positions IBM well against competitors in an area where IBM is trusted, namely security.
Disclosure: Futurum Research is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Other insights from Futurum Research:
Image Credit: martechseries.com
Steven Dickens is Vice President of Sales and Business Development and Senior Analyst at Futurum Research. Operating at the crossroads of technology and disruption, Steven engages with the world’s largest technology brands exploring new operating models and how they drive innovation and competitive edge for the enterprise. Read Full Bio.