Securing data and driving business resilience in the post-COVID world

istock 1197865054 dataops 100880499 orig 1200x800

​The last 18 months has involved the rapid digitalisation of IT environments, as enterprises have shifted to cloud-based platforms and enabled remote working. With employees unable to come into the office, this was a resiliency measure that allowed businesses to “keep the lights on,” but it also looks the disruption has been the catalyst for permanent change, with Gartner research showing that the majority (82 per cent​) of company leaders plan on allowing employees to work at least some of the time.

While the benefits of digitalisation cannot be denied, these changes have also exposed enterprises to unprecedented new levels of risk, particularly around the security of their data. TRA research shows​ 80 per cent of forecast data growth in 2021 will be data stored in the cloud, and therefore accessible via the network. Meanwhile, only 20 per cent of enterprises are able to successfully repel cyber security attacks, and 70 per cent of businesses agree that because data now resides in more places within the enterprise, it is becoming increasingly difficult to track and manage it.

The sum of all this research is that CIOs need to renew their focus on the integrity, security, and redundancy of their data, given that it is not in the enterprise’s interest to step back from the transformation that has occurred over the last year. Instead, the goal for CIOs needs to be finding solutions that prepare the enterprise for the inevitable cyber threats.

Data resilience strategy

The WannaCry ransomware attacks of 2017 helped to crystallise just how fragile corporate data can be, and the group behind the attack was able to cause billions of dollars’ worth of damage​ in terms of lost productivity and erased data files, across more than 150 countries. In 2018, another example of ransomware, NotPetya, crippled one of the world’s largest shipping companies​, and the only thing that saved their data was that a power outage in one of the small African subsidiaries meant that some computers were not connected to the company’s global network at the time the attack hit.

These attacks are going to increase in complexity and scale, and CIOs need to understand how to safeguard their company’s data against this kind of exposure and these kinds of threats.

One consequence of the disruption of the past year has been that many organisations have rapidly rolled out new applications, without proper consideration of backups at the time in which the application was adopted. Now they are finding that they need to scramble to try and get backup best practices into place.

Every organisation with data assets in the cloud should consider an “air gap” to be an essential defence against the impact of malware attacks. Air gaps are when backup systems and services are physically and logically kept separate from the impacted systems – in other words, they are a deliberate effort to create the kind of “buffer” that the shipping company mentioned above lucked into when its subsidiary was temporarily taken offline via a power outage. As a first priority, this strategy should be applied to all the new applications that the business might be using.

Another challenge that many CIOs face is a lack of dedicated resources to manage the backup solutions, meaning that they are often under-engineered, slow to respond to changes in the environment, and lacking in cloud readiness.

For many CIOs, the solution for both the structural issues and the skill challenge in delivering data resiliency in the cloud can be found through SaaS.

Just what needs to be secured?

An IDC white paper: SaaS Backup and Recovery: Simplified Data Protection Without Compromise​ suggests CIOs:

  • Establish service levels (SLAs) in alignment with business requirements and look for solutions designed to meet them.
  • Leverage the cloud for data survivability.
  • Consider "as a service" (SaaS and/or backup as a service [BaaS]) solutions to simplify infrastructure requirements and operations while leveraging "on demand" pricing with seamless scaling.
  • Calculate your cost of downtime and utilise cloud solutions to reduce downtime and yield a positive ROI.

Key to the IDC recommendations is the need to start building a robust and holistic approach to backups now. One of the great benefits of SaaS data backup solutions is that it can scale seamlessly as the data and application environment within the enterprise changes, meaning that CIOs can support their Kubernetes, Office 365, Salesforce, Endpoint devices, and other environments immediately, without needing to try and architect a solution that will be future proof. As the IDC white paper states, data is doubling every three years – there is no way to create a future-proof solution with such an exponential growth in data.

Commvault Backup-as-a-service offering​ has been developed to meet all these priorities with data backups. The solution is deployable within minutes, allowing enterprises to immediately begin protecting their environment with backups and at-rest or in-flight encryption. It is also highly scalable, with services available from 1TB to 10,000 (or more). Built-in anomaly detection provides CIOs with real-time monitoring of their environment, allowing for instant response to unusual behaviour, and the solution is fully compatible with both point-in-time and out-of-place restore options. Finally – and critically – the solution provides a robust data isolation, giving CIOs that “air gap” that is necessary for modern backups best practice and risk mitigation.

The same IDC research suggests that an outage costs an enterprise, on average, $250,000 per hour. Ransomware and other malicious attacks can cause permanent data loss and costs that are never recoverable. This level of risk is a board-level discussion point, and those CIOs that can address the risk, through scalable SaaS data backups and an effective air gapping strategy, will be able to deliver to their board assurances that even the most robust ransomware attacks are only a temporary inconvenience and the data being targeted is always protected.

Click here for 7 tips on how you can safeguard your company’s data.

Copyright © 2021 IDG Communications, Inc.