IBM has taken its Data Protection strategy in new directions: Modern Data Protection.
Through three pillars of this concept, IBM offers a wide range of tools that make it possible to find suitable data protection approaches in complex landscapes.
Agent Based
- Agent based (client to server) offers maximum flexibility in terms of supported applications and operating systems. Even very old operating system versions or applications can be supported, which, although they are out of support and have no upgrade path, are still critical for business processes. Examples of such applications are: Control servers for industrial equipment, telephone systems, special applications for measuring devices, etc.
- In addition, agent-based backup offers the advantage that the backup team does not need administrative access to the clients to be backed up. The server or application managers can install and administer the clients. There is a clear separation of roles here. This is also advantageous from a security point of view: there is no need for administrators to have access to production and backup data (separation of duties).
Agentless
- on the other hand, offers the advantage that the backup is controlled from the backup application. There are no clients installed on the client that need to be administered. New functionalities are directly available for all backup clients. Discovery of new backup clients (e.g. VMs) is also possible. This ensures that all relevant data is in the backup.
- To ensure this, however, administrative rights to the applications and, depending on the application or operating system to be backed up, certain requirements (remote logins, ports, etc.) must be met. On the other hand, the sophisticated RBAC concept in Spectrum Protect Plus allows access to data protection and data reuse to be handed over to application owners without jeopardizing the compliance of the backup data. For example, a developer could have a new copy of his VM or application created automatically on a regular basis to test his current work against the real data.
Self Protect
Self Protect refers to the S3 gateway of the Spectrum Protect server. Via the Object Agent available since version 8.1.10, S3Api operations can be used to write and read data stored in the Spectrum Protect Server. Thus, all applications that have implemented an export of data via S3 can also send this data to a Spectrum Protect Server. Since the data is stored in a container pool or on tape, multiple copies of the object data can be created. This creates unique opportunities to use Spectrum Protect as a data store.
Conclusion
IBM offers a diverse portfolio to address different needs of customers and to establish an efficient data protection strategy in complex infrastructures. In addition, the use of new functionalities can mean potential savings by reducing complexity. Depending on the needs, a security gain can be achieved by means of adapted concepts: by revising authorization concepts according to the minimal principle. This is an effective building block in the prevention of ransomware attacks and attacks from internal sources.
