Backup that flexes to counter rising ransomware risks

Over-provisioning? Not with a consumption model, says Object First

Ransomware continues to top the list of most feared cyberthreats, and not without reason. Today’s attacks unfold faster and are more damaging than ever, often featuring a level of sophistication that is too much for traditional policy-based defences.

Indications are that around two thirds of organizations have experienced at least one attack in the past two years. It is also increasingly apparent that just giving in to ransom demands is a fast track to making matters worse. Findings from data storage specialist Veeam, published in its 2025 Risk to Resilience Report, show that 69 percent of those who caved in to attacker demands were hit again, possibly their initial capitulation having broadcast their vulnerability.

The reality these days is that no IT system is immune from hijack, however tight its defences may seem. Given that a breach is likely to happen sooner or later, any right-thinking CIO should logically prioritize recovery and business continuity. They must also be mindful that ransomware practitioners are now targeting backup data as their primary objective, assuming that victims are more likely to pay if the backups are compromised. This makes a fail-safe, backup of – production data a matter of survival.

Resilience first

“If attacks can’t be prevented, the question becomes how fast and how confidently can data and applications be restored, and business with customers resumed,” says Luis Fernandez, senior research manager at independent research firm IDC.

Effective restoration relies on having that data intact in the first place. Enter immutable data storage. This locks down backup data for a set period once it has been written to storage. Absolute Immutability takes the idea one step further by ensuring that data cannot be altered or deleted under any circumstances, even by insiders. If production and data backup systems are breached, an untouchable, absolutely immutable version of that data remains safe.

The best route to Absolute Immutability and ransomware resilience is through S3 object storage. That’s why Object First developed an S3-compatible backup appliance based around Object Lock technology. Specifically designed for Veeam customers, it provides a ransomware-proof, primary object storage target for on-premise backups.

Object First has now broadened procurement models. Many organizations are moving away from large up-front capital investment toward more agile, consumption-based approaches that match spending with actual usage.

Object First still provides a capex option for those who simply want to buy, install, and manage the appliance themselves, but now customers can also adopt a consumption model. By paying only for what they use, they can avoid front-loaded costs in favor of predictable monthly billing, growing capacity according to need. They can start with backup capacity from 10 TB, with all technology refreshes, service, support and software updates included.

“A lot of organizations have bought into a subscription-based model in other areas of their business,” explains Andy French, Director of Product Marketing with Object First. “These are likely to be in the mid- to large-enterprise space. When it comes to backup storage, there hasn’t really been a consumption-based solution suitable for the full range of small businesses up to larger enterprises until now.”

Object First’s consumption model is ideal for businesses that haven’t opted for S3 immutable backups yet because they were put off by an upfront investment in an appliance, or data capacity thresholds were too high. A starting point of 50 TB or higher, typical among some backup storage providers, is liable to shut a lot of organizations out.

Now they can start as small as 10 TB but expand up to 7 PB or more, and with a simple cost model based on how much storage they consume. This is a straightforward way for any type of business to avoid over provisioning, says French: “We’re not just offering a new model for the smaller organization but also a simpler model for the larger organization.”

Sizing is key

One of the big challenges when choosing the right data backup is calculating how much storage you need. You’re not just calculating for today’s needs but planning for a future that can be hard to define. This means factoring in some complicated stuff like retention policies, unpredictable growth rates, change rates, compression and deduplication ratios, and restore performance requirements. Get it wrong and you end up over-provisioning, leading to wasted budget and idle hardware. Under-provisioning, conversely, risks failed backups, missed SLAs, and costly emergency upgrades.

“At Object First, we’re all about object storage and Veeam, and how to size correctly for S3,” reassures French. “We can help build a picture of how much storage you need now, and how much you might need in three years’ time.”

That capacity planning will have an impact on whether a consumption model makes sense or not. In a very slow-growing data storage requirement, capex might be a better option. But if you have rapidly growing data or a degree of uncertainty about future scale, then consumption would probably be a better choice. You might, for example, have an acquisition or merger in prospect where data levels could spike.

Organizations are now deploying AI-based solutions with vast language models, causing an explosion in data that needs to be backed up and an added degree of uncertainty over its future volumes.

“Nobody is quite sure how much AI-driven data is going to grow,” says French. “That’s a scenario where subscription makes sense, because organizations deploying AI solutions really aren’t clear what they will be handling in two or three years’ time.”

Object First’s subscription option additionally takes away the complexity of managing the backup product life cycle.

“You don’t need to worry about renewing it in three or five years’ time, or buying a second appliance if you run out of space,” explains French. “We take care of all of that. We assess the sizing needs with the customer to work out how much storage they will need now and in the future. That will decide the most appropriate appliance. We ship it, and then as far as installation is concerned it’s 15 minutes from ‘box to backup’. The customer will start on a particular capacity, say 12 TB. If they find they are consistently going over that capacity then it might make sense for them to move up to the next step. We’ll consult with them on that. When it comes time to replace the appliance, we organize that and help the customer move their backup data across.”

Keeping a watchful eye

Object First’s telemetry provides insight into the health of the appliance, as well as the spare capacity – meaning that any potential issues can be proactively raised with the customer. “We want to make managing Object First as easy as possible, throughout and beyond the scope of a normal product lifecycle,” he adds.

Fernandez of IDC agrees that flexible consumption is a great way of meeting various CIO priorities. “Digital leaders will be well familiar with the consumption model,” he notes. “Our finding is that around 96 percent of them are using some kind of flexible consumption in their private IT investments.”

Consumption pricing aligns IT resources and usage more effectively, according to IDC. That frees IT staff to focus on more added-value activities. It also leads to infrastructure that is better designed, integrated, and managed, along with better usage rates.

Pricing isn’t the only factor to consider, he adds. “What’s really important is achieving predictable and stable pricing based on bands of agreed consumption. They don’t want skyrocketing costs at the end of the month, but even more than that they don’t want to suddenly find they need some added capacity but don’t have immediate access to it.”

In the event of a ransomware attack, argues Fernandez, organizations need to know how safe the data in their backup actually is, and how fast they can recover from attack. This resilience is what will set them apart from others, potentially giving them a formidable competitive advantage as well as protecting them from harmful attack. Now they can enjoy that advantage on a straightforward low stress basis for a predictable monthly cost.

Sponsored by Object First.