Many high availability (HA) systems and disaster recovery (DR) strategies are designed to help you recover from physical IT impacts, such as an earthquake or hardware failure. But a data disaster – where a cyber-attack results in the loss or corruption of your critical data – can be even more damaging.
Businesses need to safeguard against a data disaster, which is why modern storage solutions today include smart “cyber resilience” features. This post gives you an introduction to cyber-resilient storage, and why your business might need it.
Dangers of a data disaster
What I’m calling a “data disaster” in this post is any data loss that results from a cyber-attack or data breach. It could be an attack from ransomware or malware, an insider attack, or a vulnerability exploit.
Why is this often more damaging than data loss caused by a natural disaster? Because of the loss of reputation, loss of business and regulatory penalties that come with a data disaster.
In the latest Ponemon Institute “Cost of a Data Breach Report”, the global average cost was found to be US $3.92 million or US $150 per record lost. Costs in the Middle East were among the highest of the countries and regions polled. Costs also have a “long tail”, meaning they can continue for 2 or more years after the disaster takes place.
There’s another reason a data disaster is more harmful than physical damage. If an earthquake knocks out your data center, you will know about it immediately and you can start fixing the damage. But with a data disaster, businesses usually don’t know straight away – on average, it takes 279 days to discover a data breach according to Ponemon 2019.
Is your business cyber-resilient?
These risks have been around for a while and a range of approaches to mitigating them – i.e., to being more cyber-resilient – have been developed. But not every business knows about them.
Some of the key concepts behind cyber-resilience include:
- Air gap – A way of making sure a network you need to protect is physically separated from unsecure networks. The “air gap” is the physical space between the protected data/storage/network and the unsecured network.
- Safeguarded Copy – A backup copy that is completely disconnected from the system it backs up. Even if a cybercriminal accesses the original data, they will not be able to access the safeguarded copy.
- Data bunker – A portable backup that is held in an extremely secure location, which is completely insulated from cyber-attacks and can be moved to a new location when needed.
If your business stores sensitive data and you were not already familiar with these methods, then please – make this the moment you start to learn more about cyber-resilience.
Making storage cyber-resilient
Choosing the right storage is at the heart of cyber resilience and preventing a data disaster. Networking and security are obviously important too. But in today’s IT, many cyber-resilience features are built into storage solutions.
So, the right modern storage will give you the capability to…
- Detect attacks, e.g. from ransomware, faster
- Make safeguarded and air-gapped copies via cloud integration and data replication
- Improve copy data management
- Improve data security by building in best practices and encrypting data
A handful of enterprise storage solutions can do all of the above. IBM Spectrum Protect is a good example. As well as providing analytics to detect the warning signs of an infection, it integrates with cloud storage services to reduce the cost of keeping resilient backups. Better yet, IBM Spectrum software can virtualize and manage storage systems from many different vendors – which means it can backup and increase resiliency for data across the enterprise, not just data kept on IBM storage hardware.
Find out more
The risk of a data disaster is too great to ignore, but traditional DR isn’t enough to defend your business. With cyberattacks on the rise in Gulf countries, cyber-resilience should be a key focus for businesses.
The GBM team have deep expertise in cyber-resilience, having delivered many solutions for some of the region’s biggest enterprises. If you’d like to know more about the topics introduced in this post, please contact me.