This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Pure Storage CTO Andy Stone offers for data protection best practices to know for World Backup Day.
Cybersecurity sentiment has shifted dramatically – in fact, Gartner recently noted that 88 percent of board of directors now acknowledge that cybersecurity is a key business risk rather than simply just an IT problem, a 58 percent jump from five years ago. It’s clear that as our world becomes more digitally connected, the threat landscape will only continue to become more sophisticated. In fact, last year, we observed new cyber-attack tactics such as “cyber-espionage” in which hacktivists steal data to expose it publicly, and “intermittent encryption,” where hackers only encrypt alternate bundles of data in order to escape detection.
As the value of enterprise data continues to soar and the creativity and sophistication of hackers reach new heights, the recoverability of data has never been more important. That’s why it’s absolutely critical that organizations invest in a solid backup approach that is embedded in both their infrastructure and culture. But how do you achieve it? Here are a few best practices to consider when implementing a strong data protection strategy:
Implement an Active Threat and Vulnerability Management Program
Before an attack, the adversaries are doing their homework: learning about your organization to understand the size and scope of their opportunity. They will often try to discover cybersecurity insurance limits, critical operations your organization is running, and where and to whom services are provided, all in an effort to understand where an attack can do the worst damage.
Armed with that information, the attacker can plot a course to try to force a ransom payment. That’s why it’s critical that organizations do their homework too. Stay up to date on current cyber events disrupting different geographies, industries, and groups, as well as stay informed on the types of attacks most likely to impact your business. Armed with that background, it’s possible to prepare your internal or external cyber threat management team, educate your employees about what to look out for, and how to navigate it.
Focus on Security Attacks Before they Happen
With any security event, there’s a before, a during, and an after. To cushion and/or prevent the blow of the latter two, it’s vital to understand and be prepared for the events leading up to an attack. To proactively bolster your defenses and quickly respond to an attack, consider the following: ensure good systems hygiene using a well-defined, active patch management program, use multi-factor authentication and admin credential vaulting, provide consistent logging across environments, and implement a fast analytics platform for log data to help run fast searches and correlation events to identify signs of potential threat actors in your environment before they strike.
Attacks are Getting More Complex: Enhance the Protection of Data
When it comes to cybersecurity, attack prevention is only half the battle. Data protection strategies can’t just cover the before of an event, they must meet expectations after an event as well. Implementing a multi-tier data protection and resiliency architecture is an excellent way to build resilience and durability into a recovery strategy. Tiered backup architectures use different logical and geographic locations to meet diverse backup and recovery needs. They also help to ensure that the appropriate recovery time objectives are met by offering a host of features that help the business get back up and running as quickly as possible after an attack takes place.
Treat Data as a First-Class Citizen
If data is so valuable, why aren’t we working harder to keep it safe? Apparently, we’re on the way to getting better at it. As IDC notes, “By 2024, due to an explosion of edge data, 65 percent of G2000 will embed edge-first data stewardship, security, and network practices into data protection plans to integrate edge data into relevant processes.”
And why do we need to be smarter and more skilled stewards of our data? Ransomware attacks are becoming more common and targeted, so the possibility of becoming a victim is growing. But luckily so is our awareness of the importance of data protection and resiliency to prevent and efficiently remediate attacks. To protect valuable datasets and processes, organizations need better visibility into data, and fail-proof backup and recovery systems that keep business going even if attackers do get a foot in the door.
The Key to Organizational Success is Resilience and Agility
This World Backup Day casts a timely reminder for organizations to re-evaluate their security approach and tooling. But the positive impact of data resilience and protection spans much beyond a simple day. It’s critical that organizations double down on building resilience and agility across their organization – not only for data but for the business overall. By future-proofing critical IT infrastructure and implementing a modern data protection strategy with effective processes to safeguard application data, organizations can create a meaningful approach to backup and recovery.
- What is a Tiered Resiliency Architecture and Why Does it Matter? - November 4, 2022
- World Backup Day: Four Data Protection Best Practices to Know - March 31, 2022