3 Things Cyber Resiliency Clients Will Be Asking for in 2021
As we prepare to head into a new year, major strides in resiliency innovation will be dictated by the impact of COVID-19 and how this will set the standard for how businesses maintain continuity and emerge smarter following these challenging times.
Organizations are rethinking about how to move forward. In this new reality, IT and business leaders are under enormous pressure to step up their security and resiliency practices, products, and services. As a result, they are asking different kinds of questions and looking for different solutions than they were one year ago. They will work in tandem to make sure all controls and solutions are in place to meet their regulatory requirements and long-term business strategy.
As part of the IBM Business Resiliency Services team, my colleagues and I are prepared to help enterprises maintain mission-critical business operations and rapidly recover IT in the event of a cyber-attack. The IBM cyber resiliency approach uses advanced technologies and best practices to help assess risks, prioritize and protect business-critical applications and data, and rapidly recover IT during and after a cyber incident. Keeping these things in mind, here are three of the most pressing questions I think our clients will be asking us as we move into 2021.
How can I increase my cyber resiliency but decrease my overall costs?
While there is a monetary cost factor to be considered when it comes to increasing resiliency, this should not be the main consideration for IT and business leaders when guaranteeing the protection and recoverability of their business. What is more important is the cost of data loss and how that impacts the business overall. According to this year’s IBM Cost of a Data Breach report, IBM, the global average total cost of a data breach is $3.86 million, and leveraging security automation technology — including AI, analytics, and orchestrated automation — helped reduce that cost substantially.
Traditional disaster recovery programs and practices do not properly address cyber or the ability to restore normal business operations following an incident. In the past, with natural disasters or weather events, simply having a business continuity plan, using your backup files from yesterday to restore your IT infrastructure, or using an alternate work area for your people was enough. With the overall impact from COVID-19 and other ongoing considerations, including digitization and customers’ expectations for businesses to be “always online,” organizations need to be thinking about automating and orchestrating their disaster recovery and running it as a Service. This is not only a cost-saving measure but a best business practice to be a strong competitor and increase their market share.
If I change my business model to be “always online,” should I expand my high availability and disaster recovery (HA/DR) coverage?
The answer to this question is a definitive “yes.” Any form of data loss is unacceptable, and customers need to develop different strategies to protect themselves from cyber-attacks. For example, in the HA approach, ransomware and malware will propagate to all sites if the production environment becomes compromised. When transitioning to an “always online” business model, the two leading causes of downtime become amplified — human error and software bugs. This brings automation to the forefront. Ideally, a solution that simplifies HA/DR operations with minimal human intervention, along with being able to test regularly, will help IT and business leaders be prepared for any outage.
If I move to the cloud, do I automatically get disaster recovery (DR) capabilities, or do I need to make a separate investment?
It is important to remember that with all the benefits of migrating to a cloud environment, DR and cyber resiliency do not come automatically when transitioning your workloads. A separate investment needs to be made, and the capabilities of any implemented strategy should not be different no matter what type of cloud environment there is — whether it be private, public, and/or hybrid. This new investment should also work to simplify disaster recovery operations, maintain DR readiness in the cloud, save time with smarter automation; and enable a lifecycle approach to recovery.
Any cyber incident, including a minor outage, can put a business at a competitive disadvantage. As we begin to think about what a post-COVID world looks like, lagging behind in DR and resiliency investments is a critical error. Businesses need to be ready with a business continuity plan that includes cloud backup, and disaster recovery for your critical IT systems. Looking within IBM as a reference, IBM Cloud Resiliency Orchestration provides intelligent automation of data protection and disaster recovery workflows — enabling recovery testing, monitoring, management, and reporting across hybrid multi-cloud environments.