This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Infinidat Field CTO Ken Steinhardt offers considerations for merging your firm’s data protection and cybersecurity strategies together.
Data and cyber resilient storage is a critical component for any enterprise’s corporate cybersecurity strategy. With the average number of days to identify and contain a data breach at 287 days, the era of separating storage and security are over. The lens through which to see data backup and disaster recovery (BUDR) must be widened to encompass cyber defense and data infrastructure in a more comprehensive fashion.
Vital to this broader view is the requirement for companies to be able to quickly restore data systems and applications after a cyber incident from trusted sources that are inherently protected from malicious corruption. This fact is not lost on the leaders of companies.
Considerations for Merging Data Protection and Cybersecurity Strategies
C-suite executives see this need very clearly and understand the implications. In short, it is not “if” their companies will suffer from a cyber-attack, but “when” and “how often.” The threat of cyber-attacks has reached such a din that in the Fortune 500 survey of CEOs in May 2021, 66 percent of Fortune CEOs said the number-one threat to their businesses in the next three years is cybersecurity. Similarly, in a KPMG CEO survey in March 2021, CEOs also said cybersecurity was their number-one concern.
Cyber-attacks against the data infrastructure and the backup systems themselves have inevitably created major problems for CIOs, CISOs, and IT teams who need to obtain best-in-class transparent protection of the entire storage and backup environments. Simple data backup by itself is no longer sufficient as adequate data protection.
An Example of Danger to Data Backup
Let’s consider one specific type of cyber-attack among a wide range of such threats: ransomware. IDC estimates that the cost of ransomware attacks on businesses will top $20 billion this year with damages related to cybercrime reaching $6 trillion.
When ransomware takes data hostage, it can potentially destroy backup, replica, and snapshot copies of data, steal administration credentials or leak stolen information. It has caused businesses of all sizes to shut down operations almost overnight. Even though not recommended, it is not unusual for a company to pay a large sum of money to attempt to restore their business, without any guarantee for success even if they pay a ransom.
Essentially, given the constant threat of cyber-attacks, every single touchpoint within a company faces the possibility of a significant data breach. The cybersecurity firm, Cybersecurity Ventures, has predicted that a cyber-attack is expected to affect a global business every 11 seconds by the end of this year.
Safeguarding your storage and backup infrastructure is imperative in the face of this danger. Every organization must now prepare for the unexpected. Preparing for the unexpected means that IT security teams need to be on constant alert for ever more sophisticated cyber-attack aggression and onslaughts.
Organizations need to ensure their IT infrastructure can establish an unbreachable line of defense for data backup that will protect their data – arguably the most important asset of an organization.
Attributes of Cyber Resiliency
A solution can only be effective if it forms the basis of an organization’s digital transformation and cyber defense plans. A cyber resilience solution is deemed effective when it provides guaranteed availability and a fully scaled data restoration for business continuity.
However, many solutions currently available on the market lack scalability, performance, and speed. They fail at making data restoration fast, efficient, and wide-ranging. Furthermore, not all storage-based solutions that address this issue are equal.
When looking for a cyber-resilient solution, enterprise CIOs need the most comprehensive end-to-end solution, spanning primary and secondary storage. This should also be coupled with industry-leading backup and recovery performance and the highest levels of cyber protection, resilience, air-gapping, and recovery. What is also important is the combination of high availability and elastic pricing models that offer seamless scaling in a cost-effective manner.
Fighting Off a Cyber Attack
As cyber-attacks grow more prolific and powerful in nature, there is a sense of urgency that businesses need to consistently protect their weak spots and their data integrity with air-gapping technology, as well as implement the recovery process after an attack as rapidly as possible. Businesses must gauge the vulnerability of their systems to potential harmful cyber damage. Can the integrity of their infrastructure fight off a cyber-attack with efficient data resilience capabilities?
If recovery is the last course of action, businesses need a protected, immutable, air-gapped, and verified copy of their data. By ensuring that copies of data cannot be deleted, encrypted, are separated from the host via a logical air-gap (be that local, remote, or both), and check their data in a “fenced” environment, businesses can verify the data before it goes back online in a business operational environment.
Ultimately, the CIO, the CISO, and the CEO can have the assurance that their critical business data is protected from cyber threats. They can also have confidence that customers will not experience a drop in customer experience. There does not need to be a compromise to service levels. Such a compromise is unacceptable, and this is why partnering with the right enterprise storage solution provider with best-in-class data and cyber resilience capabilities makes a real difference. Keeping a paranoid attitude is well-advised. Assume that your organization will eventually be attacked and breached, despite the best defenses. It’s then up to your recovery to keep you safe.
Hovering over the target, the savvy CIO seeks a solution for lightning-fast recovery for mission-critical operations, uninterrupted data access, and application availability. This starts with protecting your entire storage and backup environment with a robust, long-term data and cyber-resilient solution, which is an essential part of your cybersecurity strategy as an organization before it is too late.
- 3 Considerations for Merging Data Protection and Cybersecurity Strategies - December 21, 2021