“Partners and IT journos are two tribes that live in completely different worlds”
What’s changed in the world of backup and recovery since the lockdown? Two visits to Acronis’ head office give Steve an unusual perspective
My very last trip pre-lockdown was to see Acronis, in Schaffhausen, Switzerland. My first post-lockdown trip, in late November 2021, was to see... Acronis, in Schaffhausen, Switzerland. The agendas for the two events could not have been more different. Last time it was all quantum theoretical research; this time the main topic was ransomware and the arrival of a new CEO in Patrick Pulvermuller.
We get sent lots of “changing of the guard” releases and invites such as this, and traditionally we’re pretty aloof about them. The rules about what people can say in companies about “the future” are both strict and widely observed, so the conversations with Pulvermuller were more about the topics in the outgoing CEO’s speeches, not about his.
The outgoing gentleman I have mentioned before: Sergey Belousov. He is not a man who is overly bothered by regulations about forward-looking statements.
We all came across Acronis in the late 1990s or early 2000s as a neatly coded but sometimes peculiarly behaved Windows machine image backup utility. Belousov can trace out a consistent evolutionary process from those days. In essence, once the idea of a cloud backup met the idea of a complete PC image-copying process, it was inevitable (with 2021 hindsight) that this would evolve rapidly into a platform from which you could run a VM image of your backed-up PC, until such time as your local machine is back from a 100% wipeout and reload process.
The next stage, said Belousov, had already begun. Acronis was rolling out its own geographically local servers, so customers in various countries could be completely sure that they were hanging out within a single and relatively controllable legal framework, without wondering if some mixture of hackery or governmental malfeasance might stand between them and their backups. From the tone of Belousov’s voice, I could tell that this didn’t strike him as the most elegant of solutions, but also that if enough customers wanted it, he’d do it.
Much else of what Belousov had to say wasn’t so specific. Some of this was because his audience was 90% partners: that semi-hidden tribe of IT gurus who make up the majority of the market for Acronis, as well as the majority of expertise resources called upon by secretive, marketaware companies. Explaining to partners what the tools are and why they might want to use them is totally different to talking to IT journos, because the two tribes live in completely different worlds, informationally speaking.
Think of it like this. In medicine, there’s a lot of terminology not used in ordinary life: corpus callosum, cephalhaematoma, thrombophiliac... the list goes on, and all of them seem to carry a certain classical Latin root. Yet when you dig a bit deeper, there’s a massive divide in the implications of these bits of jargon. On one side lies the nomenclative: things that just have a name, such as humerus. And then there’s the stuff that everyone takes to be a naming thing, when in fact it’s not. Meningitis is a disease that makes your brain swell up, dangerously, but it’s not a specific pathogen: it describes an effect that can be brought on by any number of causes, from evil bacteria through to bad chemicals to a baseball bat on the bonce. You can’t infer anything from a descriptive name on its own.
It’s the same problem with issues such as anti-ransomware software. All you can ever do is say “ours is good, it finds stuff”. You just can’t put that into a hard comparative review, where some harried journalist somehow simulates months of infiltration emails and hacks by pouring viruses into a bench network.
Ransomware arrives quietly, and your risk takes many days – months, even – to become real, as the hackers need to understand what your business does before they can figure out your most sensitive IT resources. That’s tricky to test for in an automated script benchmarking process.
So back to what the audiences use these events for. As a writer, I want to keep you lot interested in the “how”, where partners are motivated by the “what” – it’s not how cool the tech is, it’s more to do with what a business achieves by signing up for the deal. And the achievements are frustratingly descriptive only: you will be better off, more secure, safer... a lot of what partners do is emotionally described, not technical. Ransomware hits them right in the bullseye, because their earlier, equally emotional promises about “total protection” and “peace of mind” are blown apart on the day the Bad Thing actually happens.
If I tell you that “so-and-so says this new release is going to take the market by storm” when it comes to ransomware, I’m making my reputation a hostage to fortune, quite a lot of which depends on not this release or that bit of kit. It depends on nebulous concepts such as “vigilance of staff” and “frequency of updates”, or even “speed of forensic analysis” when the problem in question is a lightning-fast self-propagator.
This is a state of affairs peculiar to anti-ransomware, because several of the best techniques are actually fairly basic and straightforward to implement; think Pi-hole to block bad sites, or Wireshark to log traffic when you’re tucked up in bed at home. Perhaps the biggest difficulty surrounds curmudgeonly staff who don’t want to listen to or obey instructions on how not to be the weak link in the security chain. You can’t fix this by technology alone alone, even if you find the bigg biggest, loudest megaphone in t the world through which to address the slackers.
The spreading of mission that Acronis went through in the last few years of Belousov’s reign was aimed at solving these manifestly less code-oriented problems in businesses trying to improve their internal attitudes to the nature and source of the bigges biggest risks. I guess that’s why the slogan for the 2021 meeting was #Cyberfit, which I think had much better traction with those partners than it did with the small and courageous band of IT scribblers.
Rage against the machine
To attend the latest Acronis event in Schaffhausen, I had to first decide on my mode of transport. In more normal times it would entail a quick shuffle around the various websites for ferry companies and airlines and a session on Booking.com. These days, that’s only the start.
A few years back I disrupted a cybersecurity summit on the subject of “biggest influences on the market” because they’d left out the regulator. Lawmakers can change market conditions far faster than any humble entrepreneur or inventor, and if there was ever a proof of this, it’s the insanity of the testing and crosschecking processes surrounding Covid. Covid I looked at four countries’ websites while planning my trip, and took ok careful note of the exceptions, eptions, the cautions and d the provisos. I might as s well have made my notes on toilet roll.
The night before my overnight ferry, the ferry company sent an URGENT message with lots of CAPS in it, telling me I need TWO PAPER... I can’t keep that up, sorry. orry. They needed two paper per copies of every certificate, icate, complete with
“Ransomware arrives quietly, and your risk can take many months to become real”
QR codes, or I would be turned back at the Dutch border. Much printing and worrying followed, but it turns out I should just have turned over and gone back to sleep because the Dutch border force purely occupied themselves with my passport. They didn’t even mention the paperwork, never mind a second copy.
This set a consistent pattern for my journey. While the various forms mostly requested the same information, all hooked together using the passport number and date of birth, the whole edifice of dire threats and ever-expanding data gathering simply didn’t match up to what was happening on the ground. The Germans flatly stated that a vaccination certificate wasn’t valid if it used two columns to present a QR code block: I zoomed my phone up so only one of the QRs appeared, and they let me past with no further ado.
It seemed clear that the border patrol people were just ignoring the regulations. At one post (I think it was crossing from Luxembourg to Belgium), the border guard saw a convoy of vehicles approaching, and waved us all through without even bothering with passports or vehicle papers. Most irritatingly, the complex dance around cones that has taken the place of the old Eurotunnel terminal at Calais has a neat little quirk: the French cell provider has, by some electromagnetic legerdemain, arranged it so that right at the UK Border Force line of booths, you have absolutely no mobile phone data whatsoever. So when you attempt to present your vaccination and certification codes on your phone as per their demands, you can’t. Even with the file saved locally on my phone, the app still wanted to talk back to base via the cloud before it would permit anything to be seen.
Of course, the Border Force people had a solution: ignore all that nonsense, look at the passport, and let the man with the thunderous, angry expression through.
This isn’t just a chance to laugh and gripe about government IT. We have to be very careful, both of extremely fast-moving regulators who have been told that it’s all
“only software”, and of entire departments of public servants, who (in that curious way they are allowed to) have individual responsibility for observing the law while doing their appointed job.
That an entire contact group across the nations I travelled through had decided that the complex demands on their own administration’s websites was just a waste of their time is a disturbing disconnection between the people deciding on the policies and the people expected to make them work. Why can’t they honestly tell the traveller what’s expected of them, and provide enough actual human staff to meet those obligations?
In this case it seems that IT in general has achieved the level of “agility” that many were getting excited about pre-pandemic. Yet nobody has said whether this agility is a desirable state of affairs in the real world. The procedures as explained online were jumping about like crazy, while the procedures in the drizzly autumn rain were totally unaffected.