Next Gen Data Protection
Why organisations must go beyond data backup in a hybrid working world Performing data backups will be a regular occurrence for most IT teams, ensuring crucial data is safe and can be called upon in an emergency. But from here, you may feel like you’ve done your bit to minimise the risk of business disruption, should there be a cyberattack or another event that causes downtime. But in today’s reality, where people, data and applications are more distributed than ever, and efficiency and cost management are vital, is this really enough? The answer is no, because treating backups and data protection as a tick-box exercise leaves so many questions unanswered:
- Where does the backed-up data reside?
- How easy is it to access and deploy it, if required?
- Is the data encrypted and if so, is effective key management in place?
- How can you prevent the data being duplicated multiple time in a public cloud environment?
- Do you have a clean copy of data that’s still accessible in the event of a ransomware attack?
Data backups only play one part of a data protection strategy that’s fit for purpose, rather than representing all of it, and there are many reasons why businesses all over the world need to do much more. Why is data protection so important? Some of the demands around data protection are clear. Keeping data safe from the rising threats of cyberattacks and ransomware is one. Ensuring compliance with legal requirements such as GDPR is another, as is ensuring that data can be restored quickly – as part of a tried and tested Business Continuity and Disaster Recovery (BCDR) plan – should an incident occur. But the relevance of data protection to a wider business goes much further than this. One area that is often overlooked is just how far the ramifications of a GDPR breach can spread. Imagine, for example, that personal data has been breached due to the IT team not following correct procedures. The consequences of this will be severe: not only will the IT team be under financial and reputational pressure, but ultimately the FISO, CTO and even the CEO will be scrutinised for not making the right decisions around adequate data protection. Highlighting that the time to think about managing supply chain risk and partner risk is prior to, not during, a breach. Ultimately, data protection has to look at the bigger picture, and take into account an element of war-gaming that considers and mitigates all the potential impact of a breach. Often overlooked but crucial during events where data is at risk are initiatives such as having a Cyber Security Incident Response Team (CSIRT) in place, either as a ‘break glass’ outsourced arrangement or a highly skilled internal resource. It isn’t just data that’s vulnerable: bottom lines, brand reputations and even people’s careers are just as much at risk. What should good data protection cover? So how should a data protection strategy move beyond a sole focus on backups? There are three key areas that should be incorporated:
- Ransomware resiliency: this is the role that the data backup plays within the wider strategy. A recent and clean backup of data ensures that your organisation isn’t significantly impacted by downtime as you restore from the backup. Ways of building in resiliency can include immutable file systems that safeguard backups, rapid recovery mechanisms that reduce downtime, and more detailed visibility of affected files to cut the impact of data loss. There are also measures that should be taken to prevent and detect activity before a ransomware payload is deployed by the advisory. During the attack process security tools can identify and protect against; reconnaissance, lateral movement and privilege escalation techniques which attackers leverage.
- Governance and data control: it’s vital to have a solid understanding of the nature of data, and how to access it. This includes being able to manage and manipulate data quickly and efficiently, and to be able to easily and consistently demonstrate compliance where necessary. A clear data governance strategy that has buy-in from senior management is especially important here.
- Data growth and cost optimisation: data can quickly become needlessly expensive to manage. Using economically efficient solutions can reduce your data storage overheads, and make sure that data duplication doesn’t lead to storage overspending. Simplifying and streamlining data architectures and consumption are two useful ways of achieving this without compromising business growth as data volumes get bigger over time.
How SCC can help SCC’s support for data protection comprises many strands: design and deployment capability, a hosted data protection service run from our custom-build data centre, and a strong human skill base located in the UK and abroad. Companies that work with us also benefit from working with an established solution advisor, and a top-tier partner for data protection vendors in Gartner’s Magic Quadrant. Over our years of assisting organisations in many industries with data protection, one trend that we’ve seen emerge is a greater understanding of the value that a data protection investment represents. In the past, the tick-box approach to data backups was largely inspired by procurement demands, where a budget would be presented to decision-makers, and the cheapest option would be signed off on, ignoring the potential cost if an incident were to occur. Where we have been able to add value is by demonstrating the consequences of data protection that may seem adequate on paper, but aren’t robust enough to deal with real-world challenges. This means many of our customers commit to greater investment in data protection, but they understand the value and benefits it gives them. Whatever your current data protection strategy, and wherever you want to get to, SCC has the skills, solutions and experience to guide the way forward. Our next-generation approach to data protection allows customers to evolve and innovate with new services without compromise, thanks to a focus on managing data sources, security and applications deployed in new hybrid environments.
Get in touch for more information |