A massive 86% of EMEA businesses have a protection gap between how much data they can afford to lose after an outage and how frequently data is backed up, and 84% plan to increase their data protection budgets this year
By Chris Norton, regional director for Africa at Veeam Software
This is according to the Veeam Data Protection Trends Report 2022, which points to a broader concern around cyber resilience and businesses being able to recover effectively and ensure continuity in the event of a disaster.
As IT budgets are continually under pressure, teams will be required to re-evaluate their priorities and balance capex/opex against transformation plans and security considerations, among others. One thing that is for certain, is that enterprises that cut costs on data protection should be wary. In many business cases, the number of strategic workloads and applications that are considered ‘mission critical’ are growing, however businesses’ ability to protect these workloads, in the event of a disaster, is not at the same scale.
There is still a misconception that cyber resilience is only about security and safeguarding data from compromise. While these are important aspects, being resilient also entails how effectively a company can respond to disasters and invoke a Modern Data Protection strategy to keep them operational. Resilience must therefore be built into all aspects of business operations.
Defining disaster
But how does one define a disaster, especially in the South African context? The recent floodings in KwaZulu-Natal notwithstanding, the country is not known for high instances of natural disasters. However, looking at the definition of a disaster, it extends far beyond natural occurrences.
The term disaster can mean the unplanned disruption of normal business processes resulting from the interruption of the IT infrastructure components used to support them. If one takes this definition, then this can include virtually anything from fire or explosion in a data centre, to flooding, damage caused by ground instability, even cyberattacks. Perceptions around disasters must therefore change and expand if local companies are to effectively protect themselves and ensure resilience.
Effectively, a disaster therefore means all the things people do not plan for and the resultant risks companies face because of that. Furthermore, how businesses can quantify the risk in the event of suffering such a calamity will provide significant guidance in terms of how best to manage the resilience plan.
People and black swans
What many decision-makers do not consider when it comes to cyber resilience is the impact of people. Skills shortages and how companies augment skills when staff leave can also be significant ‘disasters.’ The elephant in the room is how concerning the brain drain is. Remote work has only exacerbated this as people can now be employed by any business in the world while still sitting at home.
In recent years, we have seen tenders spotlighting the succession planning and skills augmentation vendors must have in place. This provides the peace of mind that the companies awarding the tenders do not have to carry any risk around plugging the skills gap.
The pandemic has been another example of a disaster. At the time, it was seen to be a black swan event, but similar disasters will likely occur more frequently in the future. The question is, have local companies learnt from what happened over the past few years and incorporated the human aspect into their cyber resilience plans? Only time will tell.
Always planning ahead
The secret to a successful cyber resilience plan is applying forward thinking around disasters – both traditional and otherwise. Take the chip shortage as an example. It started off as a knee-jerk reaction by companies to Covid-19 with employees reliant on mobile devices. Virtually overnight, the number of computers needed to work doubled globally as people needed a laptop and a traditional desktop to be able to work from home. The chip shortage has snowballed into other industries as well with even car manufacturers struggling to keep up with demand.
The war in Ukraine is another example of how disasters in other countries have global repercussions. Food shortages, fuel price hikes, and geo-economic instability are affecting every aspect of our lives. Organisations must remember that the more they have, the more they stand to lose. It is therefore critical to put things in place to become more resilient, before disaster strikes.
Against the backdrop of an economic downturn and other socio-political issues, it’s becoming even more crucial to ensure that investment in data protection is going to the right places. If any savings or optimisation is found, there should be re-investment straight back into the Modern Data Protection strategy. Further to this, enterprises need to determine what is the right data to protect and back up in the first place. Ultimately, it all comes down to knowing what to protect.
Ideally, business leaders would say that they want to protect and back up everything all the time, but in reality, it comes down to knowing what is mission-critical and what isn’t. In the event of an outage or attack what are the things that need to be recovered in order to get back up and running as quickly as possible with minimal operational disruption?
It is not about being lucky, but all about preparation and planning. The adage that ‘luck is when preparedness means opportunity’ could not be more relevant today. It comes down to working hard, doing proper business resilience planning, and building solid foundations instead of just hoping for the best in the event of a disaster.
Despite uncertain economic times across South Africa and the rest of the world, enterprises’ digital transformation plans must continue. Businesses cannot stand still, particularly in times of crisis. IT and data protection teams have a big task ahead keeping up with ramping workloads and ensuring they close the gap between technology and how well it is backed up and protected.
So, as budgets constrict, enterprises need to optimise every percent and make sure the right workloads and applications are prioritised and protected, and a simple, flexible, reliable and powerful backup solution is in place to prepare for any eventuality. Only then can enterprises ensure they’re sufficiently protected and ready for turbulent times ahead.