Ian Moyse Technology Influencer & Sales Leader

In today’s digital landscape, Cyber Threats are increasingly sophisticated and pervasive and unexpected outages of varying causes have been seen to take IT systems offline at unexpected times. Traditional data backup solutions alone are no longer sufficient for the intrinsically linked IT and data mission critical lives we all live, even though with the cloud you may think you have it covered!?

When a system is impacted, by whatever cause, the need to recover it back to a clean, live and performing state in an optimal time has never been demanded more. As users and customers we all have an expectation of always on, always available (any device anywhere) from systems and applications which we use not only rely on for work, but in our daily personal lives. We all have no tolerance for a system not being available every time we choose to access it, not just critical banking and flight apps, but whatever the app, frustration is high if it doesn’t work as expected when we choose to want it!

Month by month we are witnessing the impact of our reliance on technology and what happens when it fails.  Even just in the early part of 2025 we have seen UK retail hit hard with three major news making cyber-attacks taking out stores and affecting customers. The CO-OP UK retail chain and Harrods the prestigious London store were very publicly hit by cyber-attacks that impacted their operations. Also Marks and Spencer, a major UK retailer, had a whole week in April of systems down due to a cyber-attack which took major systems offline and impacted their reputation and customers greatly.  We also saw speculation whether the Spain and Portugal power outages were down to some sort of cyber-attack.  Organisations no longer live with ‘if they will be hit by a cyber-attack’, but when; and what impact will it make and how fast can they recover?

‘88% of organisations expect a major IT outage in 2025’ – Source PagerDuty

​We are in an era where cyber threats are larger and more sophisticated than ever before and where our reliance for system and data availability is at its utmost. Every minute of non-availability has a cost; from customer impact, reputational damage, operational disruption and employee morale. 

In business the cloud serves as the backbone for modern enterprises and today’s positional default must be  ‘be prepared for when you are impacted not if!’  Traditional backup solutions  were scoped for the traditional problem of restoration of data if something went wrong. Today this is not enough and falls short of the imperative demands of the user/customer to be live again.  Restoring data alone is no longer enough, there is a need to achieve a recovery and restore point faster than ever before and for a wider footprint that includes the intricate web of cloud applications and configurations.

Restoring to a live point used to involve simple applications that could be reinstalled easily and the focus was mostly on data restoration, with the assumption that the impact would simply be solved by simple steps and rebuilds. Restoring the data alone in our now complex technology world is massively challenging, but add to this the rebuild of a variety of cloud applications and configurations that have shown to be labour intensive, time consuming and complex and your re-live time could be days or weeks out.

It is critical you re-appraise your speed of total recovery and the breadth this involves.  All a customer cares about is ‘can I do what I usually do now’ ; excuses no longer cut it, delays result in persistently noisy social and public brand negativity and heads inevitably roll.

‘Over 60% of organizations experienced a security incident related to public cloud usage in the past 12 months’ – Source : Statista

Having been in the cloud arena myself coming on for 2 decades now, I am all too aware of the challenges of the false expectation that ‘putting it in the cloud’  meant it was easy and all done for us and there was no need to worry. There was a belief and pitch at board level that Public Cloud was the ‘be all and end all’ of solving all the traditional woes of IT systems availability, protection and management by letting someone else (the Cloud Vendor) do it for you.

Recovering from a cyberattack in a public cloud environment presents challenges that most organizations aren’t fully prepared for. One of the primary challenges is that in the shared responsibilitymodel (inherent in public cloud platforms), whilst cloud providers manage the security of the cloud infrastructure, the customer is responsible for securing their data and configurations within it.

Compromised credentials or manipulated cloud-native services can cause serious issues. Restoring data alone is insufficient; systems need correct configurations, permissions, and application dependencies to function properly and allow businesses to resume operations quickly and securely. Without precise and recent backups of data and configurations, restoring a clean version of the environment is nearly impossible.

Many organisations find that restoring data alone does not ensure operational continuity when network rules, IAM policies, and application topology are also compromised or misconfigured.  Another potential risk involves delayed detection and response times. Public cloud environments are dynamic, and changes can propagate rapidly across regions or services. If an attacker gains access and moves laterally within minutes—deleting snapshots, altering permissions, or encrypting storage—traditional backup mechanisms may not capture a clean recovery point in time.

From such an impact long downtimes and significant business impact can occur (as seen recently in the retail examples above) , especially in regulated industries or mission-critical operations. Reliance on cloud-native tools may create a single point of failure if those tools are compromised during an attack. Without a strong recovery strategy for both data and cloud configurations that includes automated rebuild capabilities, organizations face a slow, chaotic, and manual recovery process at a time when speed and precision are crucial.

I was pleasantly surprised therefore to see the power and game step change that Commvault has delivered with Cloud Rewind a way to recover your cloud from an attack or outage up to 10 times quicker than manual efforts allow.

Cloud rewind is impressive in the way it attacks this problem with extreme automation that discovers your cloud-native applications, brings them in and enables you to recover and rebuild applications quickly and cleanly including their metadata, data and state back to the way it was – ‘a rewind’.  Importantly this rewind takes minutes, not the days or weeks or effort this could be taking to do it manually to recover from a malware or ransomware attack. Don’t think of this as an incremental improvement, it’s a positive disruptive redefinition of cloud recovery to the level that is needed in today’s consumer landscape. I believe if more transparency was given to the actual impact and why’s of security breaches the need for a solution such as this would be far higher on agenda’s as it should be.

Commvault also allows you to try this free for 30 days, something I would recommend to help you understand the exposure you may be sat with right now with your public cloud services – Visit here to find out more https://www.commvault.com/trials/cloud-rewind