Some companies understand the importance of concepts such as shadow IT, availability, sandboxing, and backup, and yet, in the digital business environment, these have become critical to ensure the integrity of operations, especially in the event of a disaster or a cyberattack occurring.
“With technology evolving at such a rapid rate, it has been difficult for even IT-focused organisations to keep track of how these concepts are changing and how businesses can keep up. However, if a business is to mitigate against the risk of data loss, its decision-makers need to be able to leverage these approaches and safeguard their data,” says Trent Odgers, cloud and hosting manager: Africa at Veeam.
Alphabet soup
Shadow IT, also referred to as stealth IT, is when users want more out of their IT departments than they are enabled to do using the tools at their disposal.
In other words, this entails going ‘off book’ and using non-approved tools or solutions to accelerate business IT. Just consider many of the freely available cloud-driven consumer tools and applications available. And, while these might enable IT to be done faster, there is significant risk when it comes to sharing company or personal information using these solutions.
Shadow IT must be about balance and bringing everything back to the traditional IT department or the organisation risks losing control and exposing their data to significant risk and legal ramifications due to compliance.
Sandboxing, on the other hand, is a proven method of reducing risk when it comes to implementing everything from testing new solutions to software patches, to reducing risk with ransomware by patching the operating system whenever vulnerabilities are discovered. Sandboxing is a mechanism where you can run a copy of a workload in an isolated environment to perform many functions.
First objective is to ensure that the system that the workload is running on can boot up. This ensures that you have a recoverable backup and assists in ensuring compliance. The second objective is to mitigate risk against system updates or patches.
Patching is a vital methodology of protecting against malware such as ransomware, and by checking if new patches work (in the sandbox environment) and then rolling these out to the live environment if no errors or compromises occur.
Patching also ensures that the workload is running as optimally as possible and can take advantage of the latest updates and capabilities. The third objective is to increase speed of development whereby the backup team can present an exact copy of production to the Dev Ops team in minutes, for them to develop the latest update or enhancement with speed and agility. failures or software vulnerabilities from spreading.
Data availability forms the building blocks for any successful business in the connected world. These solutions, complement the availability strategy to ensure that data is continuously available at the required level of performance irrespective of the situation. It comes down to the ability of decision-makers and company stakeholders (think customers) to have access to data when there is power failures, malicious attacks, or even natural disasters happening.
The final key concept is that of backup. If availability is the house, then backups provide the foundation on which the connected business is built. Without it, there is simply no fall-back plan or restore point in place when data is lost or otherwise compromised. Backups significantly reduces the risk of data loss or compromise that can greatly assist the business after disaster strikes.
Welcoming concepts
“And while many traditional IT-focused companies have embraced some, if not all, these concepts, the challenge revolves around making it an integral part of the strategy of more non-IT organisations,” says Odgers.
“When it comes to data, everything is fine until it is not. An employee might lose their laptop, server hard drives might crash, a user could delete a critical file, or the company might be compromised by ransomware. What happens then if data is not backed up and available?”
Doing business today, irrespective of the industry, requires companies to protect its most valuable asset, its data, first before even considering anything else.
“Of course, it is also too simplistic to think the business can install anti-virus software, have a firewall and a backup solution and everything will be fine. Like so many IT concepts, availability is all about the layers, and it entails rigorous testing of the process.
“Yes, public cloud providers have highly available hardware, replication and security mechanisms in place when companies transfer their data there, but this means very little if the organisation itself has no data protection in place. Similarly, if the customer is on-premise, the best hardware in the world matters little if there is a power failure and no alternative arrangements are in place.”
Odgers believes a shift in approach is required especially by non-IT businesses.
“Data backup and availability today is not about just focusing on Plan A. Instead it should be about what is Plan B when systems fail, and data gets compromised,” he concludes.