Since data is an organisation’s most valuable asset, most enterprises aim to activate their data to offer insights and value to their business.
However, to do this effectively, they must be able to access, manage, mobilise protect, and secure the data, writes Graham Brown, country manager for South Africa/SADC at Commvault.
In a very legacy-heavy IT world, data lives everywhere, with vast quantities of data spread across an increasingly complex sprawl of public and private clouds, endpoints and applications.
This is mainly the result of the hybrid enterprise model that most modern organisations have adopted. Considering issues such as data sovereignty, local and global regulations and the fact that most organisations choose a cloud-smart approach, the hybrid enterprise model is likely to remain for the foreseeable future.
While the move to the cloud is unstoppable, it certainly is not without its challenges. While organisations need the flexibility and optionality of the cloud, the journey comes with significant complexity. For instance, overlapping solutions and the need to develop new sets of skills can be chaotic – and ransomware thrives in complexity and chaos.
According to Cybersecurity Ventures, cybercrime is predicted to cost the world $9,5-trillion (R171,5-trillion) in 2024. So, what started as a business and economic nuisance has turned into a full-frontal attack on global business, and its impact can be devastating and far-reaching.
Top priority
Unsurprisingly, many enterprises consider their ability to recover their data and business operations following an attack as their top priority. This is no longer a nice-to-have but an absolute must-have. Yet, the status quo in the data protection space is no longer adequate.
Changes to data protection laws across Europe, the UK and the USA are not only requiring organisations to have a robust plan for recovery in place but also the ability to test and practice this recovery to prove that they are ready. In this respect, the status quo falls massively short.
As a consequence, there is a growing gap between organisations’ recovery plans and their readiness or ability to execute them. In many instances, the most a business can hope for is to be able to test one workload or one application at a time which does not constitute readiness.
Bold and radical approach
It is becoming clear that the cyber resilience required to combat today’s and tomorrow’s threats requires a bold and radical new approach. As such, organisations must adopt a cyber resilience platform that can meet the complexity and demands of the hybrid enterprise. This platform must have four key capabilities or design principles to combat cyber threats:
Firstly, it must be a true cloud-based solution. In a cloud world, one size does not fit all. Many large enterprises are choosing a cloud-smart approach – a hybrid environment that best suits their business needs. A cloud-based solution will not only support cloud workloads but also the 75% of on-premises workloads that power most organisations today.
Secondly, security and recovery need to come together in equal parts. Most cyberattacks target the tools for recovery, as well as the tools for security, thus the two cannot be segregated. The general acceptance is that organisations will be breached, so it comes down to how they recover and how they prepare for recovery. To be resilient, they need a recovery plan and the ability to test this plan.
Thirdly, the cyber resilience solution must be powered by AI, which must be leveraged across the platform. The rapid adoption of AI has created a double-edged sword – while there is no doubt about the good that it does, AI also arms bad actors with a new tool kit to breach defences.
Lastly, the cyber resilience solution must be delivered at a cost that makes sense. At the end of the day, businesses must be able to operate in a tough economic climate without being crippled by the costs of their cyber resilience solutions.
The increasing threat and sophistication of cybercrime are forcing organisations to take action as bad actors are intent on holding their data and entire business ransom to stop them from operating. To effectively combat today’s threats, enterprises must make the shift towards cyber resilience.