Cybersecurity continues to be a top concern in the C-suite of companies, but chief information officers (CIOs) and chief information security officers (CISOs) aren’t the only leaders who are concerned about cyber threats. The threat of cyberattacks has become so prevalent that in a Fortune 500 survey of CEOs in mid-2021, 66% of Fortune 500 CEOs said their #1 concern in the next three years is cybersecurity. Similarly, in a KPMG CEO survey in March 2021, CEOs also said cybersecurity is a top priority.
This surge in awareness and prioritization around protecting a company’s data is significant. Even as the digital threat landscape continues to expand, data itself is ever-increasing in its importance as a company’s most valuable asset (after its employees). The drive to modernize data protection capabilities speaks to the fact that every possession in a company’s data storage estate needs to be cyber resilient, designed to thwart ransomware, malware, internal cyber threats, and other potential attacks.
No organization wants to be hit by cyberattacks, which can cause costly damages. Yet, according to security analysts, the average number of days to identify and contain a data breach is 287 days. Enormous damage can be inflicted within 287 days. Too many enterprises are not truly equipped and prepared to deal with it. Nonetheless, companies need to ensure that data, which is the lifeblood of the business, is always available. This dichotomy creates a serious dilemma.
The security decision-makers in companies often equate security with firewalls, network, and edge protection and how to track the “bad guys” down if they breach the firewall. What they do not realize is that cybercriminals are altering, destroying, or stealing data. Industrial espionage could be underway, taking advantage of the company’s enterprise storage systems with any given company’s information.
Traditional data backup is no longer sufficient. The question is now: will the enterprise be attacked, when and how often? The cyberattacks have become increasingly sophisticated, pervasive, and aggressive, targeting both primary storage (file, block or object) and secondary/backup/disaster recovery storage. So, changing the paradigm from an overall corporate security perspective is needed. Security leaders need to think of storage as part of the holistic enterprise security strategy.
It is critical to increase the organization’s storage cyber resilience to safeguard against cyberattacks that could cripple the business. A cyber resilience solution is deemed effective when it provides guaranteed availability and a fully scaled data restoration for business continuity.
Security Meets Storage
CEOs, CIOs and CISOs will need to take an end-to-end approach to stay ahead of cybersecurity threats this year and beyond. This entails evaluating the relationship between cybersecurity, storage, and cyber resilience. Primary and secondary storage need to be protected, ranging from air gapping to real-time data encryption to immutable copies of data to instantaneous recovery. But what does it look like to have storage as part of the security strategy?
On the primary storage front, organizations should analyze the data and determine what data needs to be encrypted and what doesn’t. Next, figure out how the protection needs to keep the company in compliance, especially if the company is in a regulated market, such as financial services and pharmaceuticals/healthcare, or if the company is publicly traded.
On the secondary storage front, security leaders need to decide what to do for modern data protection and figure out what to do from a replication/snapshot perspective for disaster recovery and business continuity. Cybersecurity must go hand in hand with cyber resilience.
The costs of failing to incorporate data and cyber resilience into a comprehensive corporate cybersecurity strategy are huge. Reports in the media have highlighted some high-profile cases. In one case, cybercriminals held a high-profile university in California “hostage,” demanding $1.5 million to get the university’s data unransomed. The “WannaCry” attack cost was close to $4 billion globally. Some Fortune 500 companies have experienced attacks at multiple data centers from many different venues. The list goes on.
No doubt, the value of data just in the enterprise space is trillions of dollars, and organizations cannot allow it to fall into the wrong hands or will enable an attack on it to cripple the business. It’s no wonder why the World Economic Forum named cybersecurity as one of its top 5 priorities over the past couple of years.
Integrating modern data protection into the normal business cycle is one of the best things security leaders can do for the organization. Start by doing a data protection assessment of all the company’s data sources and profiling all of the data.
Security leaders need to figure out what to protect and how to protect it. Each dataset brings a different value to the company. Before making storage and protection decisions, understand which category each piece falls into ‒ and the value level it either provides or could cost the business. The right data protection and cyber resilience can mean the difference between staying in business and going bankrupt.
Data needs to be air-gapped, including logical local and remote air gapping. Logical air gapping creates a gap between the source storage and the immutable snapshots, while remote air gapping sends data to a remote system. Then, organizations need the capability to create a fenced network (or isolated network). The fenced/isolated network provides a safe location to provide forensic analysis of backup data sets to identify a copy of the data that is free from malware or ransomware and can be safely restored.
Because modern data protection improved testing, security leaders should determine how to use snapshots, replicas, and backup for DevOps and software developers, while keeping control. To maintain control, map out all of your processes and understand how to handle compliance, especially with archived data.
When a security incident happens, it is recommended to look at it holistically. The following are some simple steps to keep in mind:
Make sure the primary storage is clean.
Pinpoint a known good copy of the data and your backup data sets, which is easier said than done, but it’s important.
Set up a fenced network.
Do recovery into that fenced network.
Ensure there is no ransomware or malware on the data before executing recovery.
Recover the data.
Then continue the process for all appropriate datasets.
Since a company’s datasets have differing levels of value, many turn to scalable data protection to protect their most valuable assets at the appropriate level, which keeps storage more affordable. Because properly protecting and backing up data falls under operating expenses (OPEX), businesses must always be mindful of costs.
Furthermore, immutable snapshots allow for rapid recovery from cyberattacks. Immutable snapshots ensure that the copies of the data cannot be altered, deleted, or edited in any way, assuring the integrity of the data. At the same time, security leaders should use a system that can accelerate the recovery time to a matter of minutes, not hours or days. Together, immutable snapshots, air gapping, fenced/isolated networks, and rapid recovery time bring an organization a much-needed new level of enterprise-grade cyber resilience.
It all starts with making storage a part of the corporate cybersecurity strategy.
Editor: IPR Daily-Rene