How understanding risk is making data safer

Clearly, the unprecedented technological advances – from virtualisation and cloud storage to instant recovery – have improved the service IT teams provide.

Without those developments it would be nearly impossible to keep up with the massive data growth and the need for always-available data experienced over the last decade.

So, rather than simply lament the loss of the old way of doing things, IT teams have risen to the challenge, looking for new ways to deal with the pressures.

At the heart of this is keeping crucial data safe and readily available – to do this many teams are turning to risk management strategies to deal with their data protection and recovery.

Prioritising risk

Instead of using a one-size-fits-all model for backup and recovery, IT teams are starting to prioritise the most critical areas of weakness and risk. This allows them to apply the right level of protection to and strengthen the weakest links of different parts of their diverse infrastructures.

>See also: Elevating data risk management to the board level

It also makes it much easier to implement a well-planned backup system with a focus on real-time recovery to provide as much availability as possible.

Adopting this approach, understanding which data is critical to the business and adding extra protection for the highest risk areas, as well as building a robust recovery plan with well-targeted RPOs and RTOs, means that teams can be much more confident that data will be recovered predictably and consistently, regardless of the downtime event.

And with this risk-based prioritisation comes the realisation that teams without an adequate schematic of what data exists, where it exists, and how it will get from point A to point B, leave the business open to a range of data vulnerabilities.

What’s the driver?

There are clear reasons why risk is taking centre-stage when it comes to data protection.

Top of the list is the fact that most organisations have very diverse, complex and interconnected infrastructures. For example, organisations that have adopted virtualisation or cloud-based solutions, may still need their IT teams to support legacy systems that work in the background.

This web of systems and applications – often operating independently of each other – multiplies the likelihood of compatibility issues, making it harder to manage data and increasing the risk of things going awry.

Add to that a proliferation of loosely integrated data protection solutions, leaving the modern infrastructure difficult to manage in its entirety, particularly when it comes to protecting data.

By pinpointing the areas of high risk, CIOs and their teams are able to navigate through the infrastructure’s different silos and target critical data with their strongest data protection.

>See also: Risk management challenges and trends facing enterprises today

Don’t forget too, that in today’s organisations there is less money available across the board. IT infrastructure is no exception. IT teams are charged with managing complex data protection and availability solutions – many of which were chosen by specialists in the era of big IT teams with big budgets.

Now, those teams simply don’t have the funds to spend on training to develop the highly-specialised skills needed to manage those solutions, or to provide a broad-brush approach to data protection.

And with data volumes increasing exponentially, IT teams are facing tough challenges: not only how to manage and store that data, but also how to make sure it’s safe and easily recoverable in case of an outage.

With real pressure to guarantee data availability, it’s never been more important to understand which data is critical, which needs the most protection and which needs to be recovered most quickly.

Developing protection strategies based on risk management means that backup and recovery can be targeted and tailored to what’s needed. Vital data is put under stringent RPOs and RTOs, while less crucial data that doesn’t need to be recovered so quickly can be protected in a more cost-efficient way.

Under attack

The challenge of protecting business data has never been greater either. It’s not just server outages that IT teams need to prepare for, organisations large and small are increasingly being targeted by malicious ransomware attacks.

The most exposed organisations are not the largest, as attackers are often outmatched by the well-oiled processes and resources of the big guys. But the reality is that every organisation is at risk from the reputational, financial and in some cases, legal consequences driven by data loss.

>See also: Big data can be dangerous despite its benefits

A recent survey by Malwarebytes found that more than half of all UK enterprises have been hit in some way in the last year, and the threat is not likely to dissipate any time soon.

With a well-targeted data protection strategy, this risk is mitigated. With data recovery as a service (DRaaS) and virtual systems equipped with full failover and fail back capabilities, systems can be back to life in minutes, thanks to replication to a public or private cloud.

This way, if lost or hijacked critical data is immediately recoverable, a ransomware attacker has no power. And any attempt to extort money from an organisation after an attack will be fruitless.

Protecting the bottom line

Ultimately, an organisation’s success is dependent on its ability to quickly recover business-critical data. Whether caused by natural disaster or human error, downtime can wreak havoc on the bottom line.

It’s simply not good enough to make data availability a “goal” of the IT organisation: it’s a business challenge that must be realised.

In the wake of a disaster, an organisation without a strong data recovery strategy could end up with a three month-old copy of its website and a half-saved user database, not to mention an unsupported legacy application or two that will never come back online again.

That’s not business continuity—that’s barely doing business.

Most organisations understand the urgency of maintaining system resilience and guaranteeing data availability in the face of continuously evolving threats.

Organisations that leverage strategies around risk mitigation can shift business continuity from being solely an IT concern, towards it becoming a business concern.


Sourced by Oussama El-Hilali, vice president of products at Arcserve

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...