Phil Goodwin, research director at IDC, said security for backups isn’t a new issue, but there is now greater awareness of it and a desire to address it. Arcserve extended its Secured by Sophos portfolio in May to cover Microsoft Office 365 and hybrid cloud deployments, and Druva introduced API integration in its InSync product with FireEye Helix in June to let security teams view access and performance information.

Goodwin said there is value in coordinating backup and security from a recovery point objective (RPO) perspective. If security can determine the point of intrusion, it’s easier for backup admins to roll back. Previously, these were two separate activities, and backup admins would have to determine the clean restore point — one that doesn’t accidentally restore the malware — by trial and error.