Understanding BaaS Solutions, the Role of Data Resilience for AI-Driven Security, and Keeping the Business Running Despite Security Incidents

TechNadu interviewed David Allot, Field CISO - APJ at Veeam Software, and found out about the company’s comprehensive approach towards enhancing awareness among employees, customers, and partners with training programs. 

In the age of AI and technology, the importance of human intervention cannot be stressed enough. A perspective shared by Allot included bringing together people, processes, and technology to address risks.

Following robust zero-trust principles is a must to monitor access controls. Allot deliberated on establishing a repeatable set of protocols as part of structured incident response plans.

He reiterated the importance of data resilience and how it has become a strategic priority that is being discussed in the boardroom and making sure that the business keeps running despite systems getting compromised.

Read on to make the most of this discussion addressing Backup-as-a-Service (BaaS) model, understanding partner ecosystem, innovating, staying aligned with market needs, and more.

Vishwa: Please tell us about your journey to Veeam Software from the start of your career path? What has been your motivational force?

David: My cybersecurity journey started with Symantec almost 15 years ago, where I was passionate about speaking with customers adopting solutions powered by machine learning and threat intelligence. I later moved to McAfee, spending considerable time with C-suite and industry experts honing my knowledge in how organisations tackled increasing risk resulting from global cyber incidents.

I wanted more experience on the front line with security leaders, so I moved across to lead the APJ Cyberdefense practice at Orange Business Services. I partnered with organisations and technology vendors to define security outcomes, design and deploy solutions, and ultimately manage those solutions.

It was important to me to share gained insights and experiences with security leaders challenged with strengthening their overall security posture, so I moved to DXC Technology as their ASEAN CISO. There, I worked with the largest organisations across the region, advising on solving complex security challenges, often with multi-vendor solutions and services to most effectively achieve business outcomes.

Most recently, as organisations acknowledge data as their most valuable digital asset, the move to Veeam allows me to further impart my experience and knowledge and advise on and deliver more resilient and secure outcomes.

Vishwa: What is your vision for the future of Veeam Software? How are you working towards fulfilling it?

David: At Veeam, our vision is to lead the way in data resilience by offering cloud-first backup solutions that integrate security, AI, and cutting-edge technologies. Our focus is on becoming the #1 enterprise BaaS solution, ensuring businesses can securely protect and rapidly recover their data in a world increasingly dominated by cyber threats.

As data complexity and cyberattacks rise, our primary goal remains to building resilient systems that not only recover but also secure and optimize enterprise data.

• BaaS-first Strategy, Enhanced by Security and AI: As organizations transition to multi-cloud environments, Veeam is focused on becoming BaaS-first, offering scalable, secure cloud backup solutions. We continue to integrate AI to provide more proactive defenses, automate data management, and offer actionable insights to minimize risks. This empowers businesses to predict and prevent potential threats, ensuring data protection remains robust in the face of evolving challenges.
• Data Resilience Beyond Backup and Recovery: Data resilience requires more than just backup and recovery. It encompasses data security and threat intelligence. Veeam’s solutions are built on a Zero Trust Data Resilience Model, ensuring that backup data is immutable and encrypted, protecting it from cyber threats, and providing in-house end-to-end ransomware response and recovery services. Veeam’s vision is to empower businesses with comprehensive, AI-driven, and secure data resilience solutions that protect and optimize their data in an increasingly complex and cyber-risked world.
• Vitality of Board-Level Focus on Data Resilience: Data resilience has become a strategic priority that extends beyond the IT department — it’s now a critical topic for boardroom discussions. Enterprises must recognize it as critical to business continuity and risk management. With cyber threats targeting data repositories, the need for strong data resilience strategies has never been greater. At Veeam, we believe that organizations must invest at the highest levels to ensure their data remains secure, available, and recoverable, regardless of the threat landscape.

Vishwa: Being the Field CISO of Veeam Software serving the Asia Pacific and Japan (APJ) region, what measures do you ensure are regularly followed to prevent human errors?

David: One of the major challenges in cybersecurity is preventing human errors, which can significantly impact data security and business continuity. To address this, at Veeam, we ensure a consistent approach based on people, processes, and technology to minimize the risk of mistakes.

Through various training programs offered by Veeam, we emphasize the importance of continuous training and awareness. Our training programs cater to internal teams, customers, and partners, offering comprehensive learning journeys.

This includes everything from onboarding materials to advanced certifications, ensuring that everyone involved in our cybersecurity efforts is equipped with the knowledge to identify and mitigate potential threats. Our employees are also educated on the principles of Zero Trust Data Resilience, reinforcing the importance of safeguarding data at every level and ensuring that our security culture becomes deeply ingrained across the organization.

Alongside training, we ensure that our teams are always aligned and have a consistent, repeatable set of protocols to follow. This alignment between IT and security teams, as well as the availability of structured incident response plans and data backup strategies, ensures that we can respond quickly and efficiently if a cyber threat or human error does occur. These processes are regularly refined, tested, and updated based on real-world situations and feedback, ensuring that they stay relevant and effective as the threat landscape evolves.

Technology plays a critical role as well in safeguarding against human error. Veeam’s solutions, such as Veeam Cyber Secure and the Veeam Data Platform, automate backup processes, offer real-time threat detection, and ensure rapid recovery.

By reducing the need for manual intervention, these technologies significantly lessen the chance of human mistakes. Moreover, integrating Zero Trust principles ensures that every access request is thoroughly validated, protecting critical data from unauthorized access and preventing potential breaches due to human oversight.

Vishwa: Do you ever feel that there is a need to simplify cybersecurity for stakeholders and other professionals from non-technical backgrounds? Can you share your experience and observations about it?

David: While it’s important to communicate technical aspects of cybersecurity in a way that stakeholders and professionals from non-technical backgrounds can understand, the core issue isn’t about simplifying the language.

The real challenge is helping them recognize that data resilience is not just an IT issue but something that directly affects them and their responsibilities at the highest level of the organization.

Cybersecurity should be framed as a business risk that impacts overall organizational stability and operational continuity. For instance, CXOs are increasingly held accountable for cybersecurity failures, with some even facing termination if they fail to protect their company from cyberattacks or operational disruptions.

This might not be primarily because of a lack of technical expertise, but because of a failure to properly integrate data resilience into their risk management strategy. Such incidents serve as an alert to understand that cybersecurity, or more appropriately, data resilience, is a business imperative for leaders at the board level.

In concise, it’s less about simplifying the technical jargon and more about shifting the mindset so that stakeholders recognize the potential risks to their business and take proactive measures to manage and mitigate those risks.

It’s important for stakeholders across organisations to understand that data resilience isn't just about protecting data; it's about making sure the business keeps running, even when systems are compromised.

Vishwa: How do you measure the growth of a company? Is it based on sales, market standing, consistently yet slowly reaching milestones, effective implementation of strategies, customer retention, or something else?

David: Veeam measures its growth through a combination of strategic factors, focusing on our partner ecosystem, technological advancements, and customer satisfaction. These elements are integral to our ability to innovate and drive business results while staying aligned with market needs.

• Partner Ecosystem: Our extensive partner ecosystem is key to Veeam's growth. We collaborate with over 700 partners, including industry leaders like HPE, Cisco, and Lenovo, as well as cloud service providers, global system integrators, and independent software vendors (ISVs). This network extends Veeam’s reach and enables us to provide tailored solutions across different industries. The close collaboration with partners also helps drive customer adoption, especially in areas such as ransomware recovery, backup, and disaster recovery.
• Technology and Innovation: Technology plays a central role in Veeam’s growth strategy. Our partnership with Microsoft, including a recent investment from Microsoft to integrate AI into Veeam’s platform, highlights our commitment to technological advancement. By incorporating AI, we aim to enhance data resilience, automate recovery processes, and improve threat detection for our customers. Veeam Data Cloud, for example, integrates seamlessly with Microsoft Azure, providing backup-as-a-service (BaaS) with built-in data protection and security.
• Customer Surveys: Customer feedback is a critical measure of our growth. With 4 out of every 5 Fortune 500 companies relying on Veeam for data protection, customer retention and satisfaction are central to our strategy. We regularly conduct surveys and monitor customer feedback to ensure we are meeting their evolving needs. This feedback drives our product development, ensuring we provide solutions that help businesses manage data protection challenges effectively.
• Digital Alliances and Market Expansion: Veeam also focuses on strengthening its digital alliances. For instance, our expanded partnership with Microsoft supports the development of AI-powered solutions that offer faster data restores and smarter threat detection. Furthermore, Veeam’s growth is supported by strong alliances in high-growth sectors such as public sector, government, and BFSI, ensuring we meet sector-specific regulatory and data protection needs.

Vishwa: What is the most critical and effective solution offered by Veeam? Please elaborate on some of its features?

David: Veeam is a leading provider of data protection solutions, delivering innovative technologies to safeguard critical data and ensure business continuity. As cyber threats grow more sophisticated, organizations require reliable, secure, and efficient solutions to protect their data.

Two of Veeam’s vital solutions - Veeam Data Cloud Vault and Veeam ONE, meet these demands, providing organizations with resilient, secure backup options and proactive threat detection capabilities.

• Veeam Data Cloud Vault - Secure and Resilient Cloud Storage: Veeam Data Cloud Vault is a fully managed cloud storage solution designed to securely store backup data. It is built on Microsoft Azure and follows the 3-2-1-1-0 backup rule, ensuring data is safe, immutable, and air-gapped from production environments. With features like AES-256 encryption, predictable pricing, and high durability (up to 12 nines), it eliminates management complexities and enables rapid data recovery. The solution protects against cyber threats like ransomware, providing a reliable and cost-effective way to ensure data resilience.
• Veeam ONE - Proactive Monitoring and Threat Mitigation: Veeam ONE offers real-time monitoring, alerting, analytics, and compliance reporting for backup environments. It uses AI-powered insights to proactively detect security threats such as ransomware, feed these insights into an organisations’ broader security operations, and reduce the risk of data loss. Veeam ONE automates issue detection and remediation, ensuring that businesses can minimize downtime and meet recovery objectives. With advanced visibility and continuous monitoring, Veeam ONE helps organizations protect their data integrity and maintain a secure backup environment.

Vishwa: What is your observation related to the progress of AI-based cybersecurity? What can be done to make the most of AI capabilities for security?

David: AI-based cybersecurity is rapidly evolving and is proving to be a game-changer in the fight against cyber threats. However, to leverage AI effectively for security, organizations must first establish a solid foundation in data resilience. Without ensuring that data is secure, available, and holds integrity, AI tools can end up doing more harm than good.

Data resilience plays a critical role in AI-driven security because AI algorithms depend heavily on accurate, clean, and well-vetted data to make informed decisions. AI tools that analyse live production data without proper vetting can lead to inaccurate and unreliable results, potentially exposing new vulnerabilities or creating additional attack surfaces for malicious actors to exploit.

The situation worsens if AI tools are allowed to interact with or write to live production datasets without proper oversight or governance. This can not only cause discrepancies but also open up critical business systems or data to compromise.

To make the most of AI capabilities for security, organizations need to integrate AI in a way that complements existing cybersecurity infrastructure. Again, AI must be able to adapt to new threats by continuously learning from new data and security incidents. This continuous monitoring and updating will keep AI models effective against emerging threats and ensure that organizations remain ahead of evolving cyber risks.

Vishwa: How has Veeam Software used AI to prevent threats, and tackle other concerns?

David: Veeam leverages AI to enhance cybersecurity by addressing key concerns related to data resilience and ransomware mitigation. By integrating AI into both the operational workflow and security architecture, Veeam helps businesses safeguard their data, maintain business continuity, and achieve long-term cyber resiliency.

• AI as a Source for Data Intelligence: AI provides crucial data intelligence by identifying vulnerabilities and enhancing threat detection, especially in the context of ransomware. Backups are often the first target in a ransomware attack, as highlighted by Veeam’s Ransomware Trends Report 2024, which found that 96% of ransomware attacks specifically target backup repositories. Veeam’s solutions integrate AI to support security partners in analysing threats across the entire business environment. By incorporating AI-driven threat detection, businesses can receive early warnings about potential attacks, enabling them to respond quickly and effectively.
• Integrating AI into Veeam for Operational Efficiency and Forensic Analysis: Veeam integrates AI into its systems to improve operational efficiency. AI-based malware scanning of backups ensures businesses can quickly identify clean backups, preventing reinfection during recovery. This is a vital feature in protecting against repeated threats, as organizations can easily discern which backups are safe to restore. Additionally, AI also contributes to forensic analysis by offering valuable insights into the attack's origin, allowing businesses to better understand the scope and source of the breach.
• Integrating AI into Veeam for Enhanced Usability and Insights: In complex IT infrastructures, AI tools excel at analysing data and providing valuable insights. With Veeam’s AI integration, IT managers can gain a clearer understanding of their environment and receive actionable recommendations. For example, AI can review the status of backup processes and software, highlighting areas requiring attention, such as outdated systems or incomplete backup operations. It’s like having a virtual support agent, trained specifically on an organization's environment, that guides IT teams toward optimal decisions and best practices.