SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Veam solo interview
#
Storage
#
Virtualisation
#
Data Protection

Exclusive: Veeam's Ben Young sounds alarm on backup risks in AI era

Mon, 8th Sep 2025
Author image
By Melania Watson, Interview Editor

As generative AI reshapes data architectures and drives unprecedented velocity in digital transformation, organisations across Asia Pacific and Japan (APJ) face growing cracks in their backup and disaster recovery strategies.

Ben Young, Field CTO for APJ at Veeam, believes many enterprises are ill-equipped for the data security risks emerging from distributed infrastructure, cloud sprawl, and regulatory complexity.

"We're seeing a fundamental shift in where data lives and who manages it," Young told TechDay. "And with that comes risk - particularly when organisations aren't applying enterprise-grade protection strategies to these new environments."

AI workloads, kubernetes, and shadow data redefining the threat landscape

According to Young, the widespread adoption of Kubernetes for AI model training and inferencing is pushing data outside traditional IT perimeters - often into unstructured formats stored in S3 buckets, vector databases, or ephemeral containers managed by application teams rather than infrastructure leads.

"The value, sensitivity, and sheer volume of data has exploded," he said.

"But many organisations haven't updated their recovery playbooks. That's a dangerous gap."

Ransomware threats rising amid backup failures

Veeam's latest ransomware trends report found that 38% of victims had backup repositories compromised, meaning immutability - a key safeguard - wasn't enforced.

"It scares me to read that," Young admitted. "It means customers are still configuring backups in ways that leave them vulnerable."

In response, Veeam is aggressively moving to restrict unsafe configurations, launching offerings like Data Cloud Vault, which mandates encryption and immutability by default. "You can't opt out of safety," Young said bluntly. "It's a best-in-class storage vault that creates a virtual air gap, even if your production systems are breached."

Cost predictability a barrier to cloud recovery testing

While hyperscaler storage is cheap upfront, Young noted the hidden retrieval costs discourage enterprises from regularly testing recovery - leading to blind spots in resilience. Data Cloud Vault, with its fixed pricing model, is designed to counter this.

"No bill shock. No hesitation. Just predictable, expandable resilience," said Young.

VMware licensing shake-up drives urgency in cloud portability

Young also flagged Broadcom's licensing overhaul of VMware as a major disruptor for regional service providers. "Many won't meet the new thresholds," he warned.

"This will accelerate cloud migrations, and companies will need the ability to move workloads across hypervisors fast."

Here, Veeam's platform play - providing portability between clouds and formats - is positioned as a hedge against vendor lock-in and sudden market shifts.

Security & IT silos still blocking recovery readiness

Despite growing threats, process breakdowns - not tech - remain the biggest barrier to resilience, Young argued.

"We see security teams and IT still working in silos. During a real incident, that's fatal," he said.

Veeam's own workshops have exposed how even well-equipped enterprises lack coordinated response plans.

"They've never run a joint recovery drill. They're wasting hours in an emergency just figuring out who owns the plan."

He urged boards and CISOs to mandate regular incident simulations, not just recovery tests.

Observability a missing layer in multi-cloud environments

Another blind spot: visibility.

"There's no great third-party tool today that unifies data protection signals across clouds, platforms, and vendors," said Young. Veeam is now pushing observability as a core capability, helping customers track data lineage and policy enforcement end to end.

Regulated industries and mid-market doubling down on automation

For sectors under compliance pressure, automation of recovery workflows is becoming non-negotiable.

But many organisations fail to revisit RPO and RTO goals as environments evolve.

"It's a set-and-forget mindset that doesn't work," Young said.

Meanwhile, younger, cloud-native firms are bypassing infrastructure management entirely, turning to fully managed backup-as-a-service to reduce operational drag.

AI will power the next leap in data resilience

Despite its challenges, AI also promises new defenses.

Veeam is embedding real-time AI into recovery, detection, and policy tooling to elevate resilience.

"This is the next internet-level wave," Young said.

"We're already using AI to spot early attack indicators and automate smarter backup strategies. It's not just hype - it's happening."

Related stories
Safe AI coaches staff to cut cyber attack errors
AI reshapes cyber threats as experts warn on automation
Tenable hack of Copilot AI agent exposes fraud risks
Exclusive: Media.com helps verify users amidst Australia’s U16 social media ban
Networking as a financial catalyst: Unlocking true cost efficiency

Top stories

Enterprises pivot to risk-aware, human-centric AI in 2026
Cyber leaders warn resilience gap as boards eye 2026
AI bubble cools as HR shifts to outcomes & new roles
Keeper links identity security alerts into ServiceNow
Precision Group unites IT & ESG for SGP+S Level 3