Orange County 949-556-3131

San Diego 619-618-2211

Toll Free 855-203-6339

Trends in Modern Data Protection

Executive Summary

The world of data protection is ever changing. ESG recently completed research that identified and quantified several fundamental trends occurring in the market today, with cloud adoption and data reuse as key highlights. Data protection remains a top priority for IT leaders as they modernize data protection processes while still facing service level and cost challenges. The use of secondary copies in a self-service fashion is low, but early adopters are realizing significant improvements in development quality and speed and efficiency of analysis.

  • 73% of surveyed respondents rate data protection modernization as a top-five IT priority in the next 12 months.
  • Respondents indicated that high storage costs was their number one data protection challenge.
  • Two thirds (66%) of respondents want to consume object storage on-premises, or at least have that option.
  • The percentage of organizations whose primary data protection solution will be a virtual appliance is expected to more than double over the next 24 months.
  • 67% of organizations use cloud data protection today, making up 25.6% of organizations’ protection environments on average.
  • 80% of respondents see cloud as a viable tape replacement.
  • 85% of organizations that allow application developers to use secondary copies of data for test and development in a self-serve fashion feel they have improved the development quality and speed.
  • 86% of organizations that allow business analysts to run analytics on secondary copies of data in a self-serve fashion feel they have increased efficiency of analysis.
  • When respondents were asked about the vendors that are best positioned to help organizations achieve data protection modernization, IBM was most frequently cited.


ESG recently conducted quantitative research on behalf of IBM, surveying well-qualified IT leaders in North America and Western Europe to better understand data protection modernization trends and perceptions. Topics of focus in this research include cloud adoption for data protection and secondary uses of data copies (beyond business continuity and disaster recovery). Full respondent demographics and research methodology details are also provided at the end of this report.

Research Findings

Data Protection Landscape

For IT professionals whose responsibilities include data protection, keeping pace with data growth and technology were the most frequently cited challenges. Given these factors, it’s not surprising that storage and operational costs were also frequently mentioned among their greatest challenges (see Figure 1). This trend confirms other ESG research in the space of data protection.

On the operational processes front, data loss ranks among the top concerns of respondents, and mitigating this includes maintaining key metrics such as recovery time objective (RTO) or recovery point objective (RPO). Data access and compliance challenges are also often mentioned as operational challenges.

Taken in combination, it is interesting to see how these challenges are intimately intertwined, and it can be hard to discern where one starts and one finishes. These operational challenges also underline how mission-critical data protection has become.

Another set of challenges are more technical and implementation-focused in nature and deserve detailed scrutiny as they have an impact on investment decisions.

Integration of data protection into the “ecosystem” is still presenting challenges, in particular around storage, databases, cloud-based workloads, and migration to the cloud. (Cloud-related topics are covered in more detail in a separate section.) While a mature technology in the data center, management of virtualized workloads is still evolving as customers and vendors alike seek better overall integration with virtual environments.

One notable challenge is the ability for administrators to manage data access and lifecycle. As the technology matures in the organization, data reuse is not only desired, but also needed as a business imperative. (This report delves deeper into data reuse in a separate section.)

This places data protection professionals at a crossroads in many ways, with current practices and challenges firmly anchored in traditional backup and recovery objectives, competing with technology integration, and a clear focus on operational and business efficiency, which is reflected in changing demands such as data reuse and more integration of cloud technology.

In this context, we sought to gain insight into what these professionals determine to be “enterprise-grade” data protection. This term is often used in the industry, but what does it really mean, particularly in light of the challenges highlighted in the survey results?

Figure 1. Key Data Protection Challenges

Comprehensive and enterprise-grade data protection can be characterized by a set of factors or capabilities. When ESG asked respondents what characteristics are most indicative of an enterprise-grade solution, centralization, speed of issue resolution, ease of integration, and task automation were most frequently mentioned (see Figure 2).

The ability to centralize protection across a broad range of workloads tops the list and confirms trends from other ESG research in the space of data protection. 2 It also more generally confirms a need for less complexity in IT, which is a major challenge.3

The ability to quickly recognize and respond to potential issues is also not surprisingly top of mind. Operational efficiency can easily be affected by many internal and external events, with a litany of consequences on service levels and business interruptions.

Integration into the IT “ecosystem” is a challenge that clearly affects the “enterprise-class” perception. Ease of integration into the IT fabric and automation of data protection tasks are not trivial, particularly in larger environments.

Data reduction capabilities are typically needed to reduce the storage footprint and associated operational cost. It is a common feature, but clearly its presence (or absence) will impact a solution’s perception in the minds of IT decision makers.

The survey also showed that more than four in five respondents use or are interested in object storage. Object storage doesn’t necessarily reside in a public cloud, such as AWS, IBM Cloud, or Azure. Often companies want to utilize on-premises object storage. Looking at findings from the research, we see that, in fact, two-thirds want to consume object storage on- premises or at least have that option.

Looking at these factors in combination, it is clear that operational scale is at the heart of the respondents’ answers. This should come as no surprise, considering the deluge of data organizations must protect, combined with the stringent SLAs they must adhere to. Solutions that are both broad and deep feature-wise are needed.

Figure 2. Defining “Enterprise-grade” Data Protection

Data Protection Modernization

One objective of ESG’s research was to assess data protection modernization perceptions. It is therefore critical to define what data protection modernization actually means for organizations, and why it matters to them through the manifestation of expected benefits.

Figure 3 provides a detailed picture of key attributes of modernization in the minds of respondents. Most often, respondents reported that data protection modernization means meeting recovery and data security objectives, which can be obtained via storage and software snapshot technology and air-gapped tape storage or object storage with immutable data features.

It is important to highlight that beyond the protection efficacy and security, a material portion of respondents cited increasing public cloud service use for backup and recovery, optimizing archival data technology, data self-service, consolidating data protection solutions, and increasing automation as attributes they consider important to the meaning of data protection modernization. Many parallels exist between an organization’s “modernization” perceptions and their definitions of “enterprise-class.”

Modernization of data protection really matters to IT professionals: 73% of all organizations surveyed place data protection modernization among their organizations’ top five IT priorities for the next 12-18 months (see Figure 4). As a matter of fact, it is the most important priority for 20% of all organizations surveyed and 25% of enterprises (defined as organizations with 1,000 or more employees).

Figure 4. The Importance of Data Protection Modernization

The areas of data protection modernization that organizations reported wanting to improve echo the key challenges they reported facing: better economics, greater data security/compliance, and improved operational backup/recovery/ replication (see Figure 5). Data reuse and self-service are also to be noted because they are intertwined to a large extent. In summary, IT leaders expect that data protection modernization projects, which are top IT priorities, will alleviate key data protection challenges they identified.

Figure 5. Desired Benefits of Modernization

Beyond questioning respondents about the importance of data protection modernization, what the concept means to them, and the benefits desired, ESG also asked respondents to identify the vendors they believe can best help them achieve data protection modernization over the next 12-24 months. IBM was the vendor most frequently mentioned by respondents, showing enterprise customers’ ongoing confidence in IBM as a strategic technology partner

Cloud Trends

Cloud technologies and services are maturing and becoming pervasive in every aspect of IT infrastructure for many different uses. Backup and recovery of on-premises workloads was one of the first use cases to become “cloudified” a few years ago, followed by protection of cloud-based workloads, but tight integration and instrumentation has been lacking. The situation has significantly evolved as solutions have matured and organizations have gained experience and confidence.

Cloud is a hot topic in data protection and is continuing to gain momentum. Current cloud service usage for data protection is significant today and poised to grow: 67% of organizations surveyed currently use public cloud services in their data protection environment (see Figure 7). Among those users, on average 26% of their protection environments (measured by amount of data) are housed in the cloud, a number which is expected to grow to 35% in 24 months. It should also be noted that 80% of respondents see cloud as a potential tape replacement.

Figure 7. Public Cloud Use for Data Protection

Leveraging cloud-based data protection is expected to yield significant benefits. Improved performance, scalability, lower costs, and data portability are the cloud benefits that the largest percentages of organizations have achieved or expect to achieve

From an RPO/RTO perspective, while capabilities in the cloud have greatly evolved recently, a number of environmental conditions need to be met, such as sufficient network bandwidth. Also, there may be variations based on the type and scale of recovery the organization is undertaking. With this proverbial “grain of salt” in mind, organizations still strongly believe the cloud can deliver improved SLAs.

Scalability has been a challenge in IT forever, and not surprisingly, one of particular magnitude in data protection. Gaining access to a seemingly unlimited capacity of tiered storage for data safekeeping, archiving, or active recovery/high availability is undeniably a strong advantage offered by cloud infrastructures.

Lowering costs is a perennial pursuit for IT leaders, and the ulility consumption model offered by the cloud is clearly perceived as a great way to lower the bills for cloud-based data protection services. However, organizations may see varying levels of results here as well since there are many different pricing schemas and ingress, compute, and egress fees to consider. The fact remains that surveyed organizations expect a cost benefit when migrating data protection to cloud.

Improving the portability of data in order to make it accessible to other parts of the organization for reuse, such as in

analytics or test and development, is also a frequently cited benefit.

Figure 8. Benefits of Cloud-based Data Protection

Cloud and data protection have a great future together, and we expect to see more capabilities emerge to keep fulfilling the cloud promises. While benefit perceptions may appear inflated in some areas today, we expect further instrumentation and better portability will continue to accelerate cloud adoption.

Data Reuse

Reusing data is not a new concept in IT or business. Most organizations reuse some secondary data today, yet they have reported some roadblocks to broader adoption, among which are security concerns and compliance exposures as well as operational cost and complexity to deploy. Data reuse means thinking of data as an asset that can be leveraged beyond its original use. Examples of data reuse include running analytics to detect customer trends and using “real” production data to test a new application or feature without interfering with actual production workloads.

ESG categorized data reuse in three ways: technical use cases, such as disaster recovery testing or ransomware sandboxing; business use cases such as analytics, collaboration, and reporting; and data compliance determination use cases (GDPR, for example, is a recent regulation creating significant pressure points across businesses and IT). There are also hybrid use cases such as the aforementioned application development and testing, which combines both technical and business prerogatives. Figure 9 provides more details on these use cases’ popularity.

Figure 9. Most Organizations Reuse Secondary Data Today

It should be noted that many constraints are associated with sharing data, such as portability, format, compliance/security, and of course, volume. In other words, sharing data is not as easy as it sounds.

Zooming in on a couple of these data reuse cases, we see that IT becomes a business enabler that improves the efficacy of data reuse processes. This is significant because it places data and IT at the heart of business operational efficiency and makes IT supporters of business innovation. The modalities of data delivery will vary, with self-service being an attractive approach that allows the data consumer to work with data without having to depend on IT for provisioning or access.

Application development is a critical function in many organizations as it provides key business capabilities that are often competitive differentiators. However, to develop right, you need to test a lot—with flexibility and real data to reproduce production conditions. Our research shows that while only about 19% of organizations surveyed reuse data for app dev in a self-service fashion, those who do are realizing great business value (see Figure 11). For this use case, 85% of these organizations feel they have improved development quality and speed.

Figure 11. Self-service Secondary Data Improves Application Development Outcomes

Application developers have increased speed and quality of development thanks to self-service dev and test on secondary storage

Application developers have an increased appreciation of IT as an enabler of self-service dev and test on secondary storage


The market is changing rapidly with evolving demands such as data reuse increasing the value of data backups and rapid adoption of cloud-based technologies extending traditional on-premises environments. In fact, cloud has become one of the hottest topics in data protection and is continuing to gain momentum and growth.

Yet organizations continue to struggle with storage costs and operational efficiency-related data protection challenges. Modernization is needed to tackle these challenges and IT professionals are making it a top priority.

In this new world of hybrid data protection, data is not really portable across solutions and is not easily reusable. The requirement for context and content about the data is also becoming more visible with the need for reuse of data to support digital transformation and produce more business benefits.

Organizations that reuse data can reap benefits with a direct and positive impact on business. At ESG, we call this evolution “data intelligence.” As organizations evolve to manage data beyond traditional data protection, the ability to further leverage data assets will enable more parts of the business to deliver on their mission, produce better applications, help companies better understand customers, and support compliance efforts. This concept is summarized in Figure 12: As organizations evolve, they will cross a data management chasm, which will allow them to leverage data more intelligently and autonomously.

Figure 12. Backup Data Transformation Model

Research Methodology and Demographics

To gather data for this report, ESG conducted a comprehensive online survey of IT decision makers from private- and public-sector organizations.

These IT professionals were qualified on the basis of their knowledge about their organization’s data protection practices and requirements. Additionally, all respondents were required to be employed at organizations with 100 or more employees.

Responses were collected between 12/19/18 and 1/4/19, with respondents based in North America (US and Canada) representing 73% of complete responses, and Western Europe (UK) representing 27%.

All respondents were provided an incentive to complete the survey in the form of cash awards and/or cash equivalents. After filtering out unqualified respondents, removing duplicate responses, and screening the remaining completed responses (on several criteria) for data integrity, a final sample of 275 respondents remained.

The figures that follow detail the demographics of the respondent base, including individual respondents’ current job title as well as organization size and primary industry. Note: Totals in figures and tables throughout this report may not add up to 100% due to rounding.