IBM Storage pushes the cyber resilience of its Spectrum software even further

IBM has improved its world-beating storage system security even further with its latest software releases announced last week. Its strategy is to protect corporate data from:

  • User errors, hardware failures and other random threats,
  • Ransomware and other targeted criminal attacks,

While widening the use of automated backup procedures and orchestrated data recovery. Its enhancements are targeted at Chief Information Security Officers, IT architects, data protection operators and application owners.
In this post I look at these enhancements by area, where I’ve abbreviated the names in most places, removing ‘IBM Spectrum’ – as in IBM Spectrum Scale, etc.

IBM Storage

  • Scale v5.1.5 – now supports up to 256 Safeguarded Copy immutable snapshots (production data with policy-based control); adds isolated data offline ‘by design’, separated from other files; allows the to copy files to a different immutable file system (tape-based or an S3 bucket); separates administrator, super user or security administration duties; protects against modification or deletion of point-in-time copy data through user error, malicious destruction or ransomware attack; has a single command restore with integrated GUI.
  • Virtualize v8.5.2 – adds asynchronous policy-based replication for automating cyber resilience.
  • Fusion v2.3 – the software now supports metro synchronous replication for DR and adds Red Hat OpenShift on AWS (ROSA) via a ‘bring your own license’ model; IBM has validated the use of Pega, Mulesoft, Turbonomic, Instana, Microsoft SQL and Maximo applications and has added Software-Defined Storage licensing to hyper-Converged Infrastructure (HCI) hardware. The Fusion HCI build adds validation for 64 core node servers, the ability to add Fusion from a private Artifactory (dark site) image, recovery groups (including erasure coding) and templates for RHEL8-based Cloud Satellite. Fusion HCI users can now adopt Cloud Pak for Data for protecting their data.

Spectrum Protect

  • Protect v8.1.16 – enables Protect Server backup repository to be a direct target for Spectrum Protect Plus Vmware workloads (other types coming later); adds production support for common data repositories; users no longer have to use Vmware vSnap; adds replication of Vmware snapshots including Instant Access Restore from the replica; adds immutable object storage for Protect backup data, enhancing cyber resilience in Cloud Object Storage; adds user-defined complex password support.
  • Protect Plus v10.1.12 – adds SAP HANA databases, including SLA management and instant access.
  • Copy Data Management v2.2.17 – now supports Spectrum Sentinel for SAP HANA; allows users to create and orchestrate Safeguarded Copies; adds cyber protection for application-integrated hardware snapshots; improves RTO and RPO through speedier restoration of immutable snapshots.

SAP HANA and Salesforce SaaS

  • Sentinel for SAP HANA v1.1 – adds ransomware anomaly analysis of immutable Safeguarded Copy snapshots, created via Copy Data Management and using AI/ML, and automated recovery orchestration for SAP users following its coverage of Epic healthcare systems.
  • Protect Plus Online Services for Salesforce – adds Salesforce to SaaS extended data protection services (currently available for Microsoft Office 365); users can improve limited inbuilt SaaS security with easier backup and restoration procedures including mass restore of backups held in Azure and other clouds.

Beyond the details


I’ve summarized the new software in my Figure above. In addition the new Fusion HCI v2.3 extends container-native data storage and management to 64-node servers for the first time.
I don’t expect any of my less technical readers to absorb all the details of these new features; enough to say that, from experience, IBM continues to take cyber security, resilience and speedy data restoration very seriously. Storage is just one dimension of its strategic and tactical approaches. It is extending beyond its own hardware platforms to other systems running modern code in hybrid multi-cloud configurations. Validation of its approach will come from the reduction in costs and the length of time it takes for its customers to recover from their future accidental and criminal data breaches.