Organisations need a multi-layered approach to solve data vulnerabilities

Data is at greater risk than ever, as ransomware attacks continue to impact Australian firms. There is a greater need to adopt data resilience, which can be defined as a mindset for companies to meet their business continuity plans and keep their operations up and running.

A solid data resilience plan is essential as organisations move to hybrid IT and work environments. When performance needs arise or a catastrophic failure occurs, organisations must have a well-thought-out and battle-tested plan for recovering their data.

How are firms securing data amidst hybrid workforce?

IT executives of several large organisations were interviewed by Arcserve. All participants had a budget or technical decision-making responsibility for data management, data protection, and storage solutions at a company with 500 to 5,000 employees and at least 100 TB of data. The survey was fielded in North America, the United Kingdom, and Australia.

Arcserve’s survey unearthed significant data vulnerability gaps within large firms as they standardise on a hybrid workforce strategy. Findings showed that 69% are not re-evaluating and updating disaster recovery plans and ransomware defence as the workforce moves to a remote work model and the increased use of mobile devices on the data perimeter.

Additionally, the survey also emphasised the lack of awareness of the need for an end-to-end data protection plan. Only 38% of respondents replied that edge and remote site data protection is critically important for their data recovery solution. Businesses must take a new approach to data resilience, by strengthening their disaster-recovery strategies, backup systems, and immutable storage solutions to prevent the loss of mission-critical data.

How can firms develop a robust data resilience strategy?

With ransomware attacks increasing, data backup and recovery should be at the very top of every firm’s priority list. Here are three steps to developing a robust data resilience strategy:

Create a plan and test it often

The strength of any data resilience strategy depends on the regular testing and adjustment of all its parts. To be reactive is not good enough. The business can’t wait for an attack to occur, then scramble to implement a strategy and find out if it’s good enough or not. Planning and testing are indispensable to success. A well-devised and continuously tested data resilience strategy can mean the difference between having a business and having no business.

It is critical that businesses continuously review and update their disaster recovery plans and incorporate data backup and recovery solutions and immutable storage as the foundation of their data resilience plan. Arcserve’s survey also emphasised the lack of awareness of the need for an end-to-end data protection plan. Only 38% of respondents replied that edge and remote site data protection is critically important for their data recovery solution.

Firms should consider the challenges that come with a hybrid workforce as an opportunity for improving backup and disaster recovery (DR) plans and ensuring overall business continuity. That means making sure recovery time objectives (RTO) and recovery point objectives (RPO) are up to date and can be achieved with their existing backup and recovery tech.

If a ransomware attack is successful or a hardware failure occurs, the most important thing is recovering data to ensure business continuity. The best way to make that happen is by implementing the right backup and recovery strategy—one that includes off-site replication.

Get executive buy-in

A successful data resilience initiative starts at the top, with buy-in from C-level executives and the board of directors. Data resilience initiatives face slow adoption precisely because they lack champions at the top. Like any investment, a data resilience initiative needs support from the whole company, from the corner office to the cubicles, across every department.

It also requires buy-in from external partners and service providers. For an initiative to work, all participants must know their role in operations and in the time of a disruptive event.

Take a multi-layered approach

The key to achieving data resilience is a “multi-layered approach” and deploying an infrastructure that supports all data resilience requirements. One vital layer is doing frequent backups and creating copies that can be stored in a digital immutable vault. During this process, storage snapshots should be secured in a vault. When a disaster or attack happens and data is compromised, the business has these snapshots available for instant recovery.

Automation and orchestration are two other important parts of a multi-layered approach. These parts should include processes and automated workflows that instill consistency and minimise complexity when time is of the essence and quick thinking is required. That way, the business can bring back its data fast and get back to business as usual without damage.

Another critical element of a multi-layered approach is 3-2-1-1 data protection. It means maintaining three backup copies of data on two different media – tape and disk, with one of the copies placed offsite to enable quick recovery. Immutable object storage is critical as it continuously protects data by taking a snapshot at 90-second intervals. Even if disaster strikes, those data snapshots enable the business to return to a recent file state.

While the evolution of the IT and work environment comes with security, productivity, and efficiency risks, it is also an opportunity for companies to demonstrate their ability to adapt to fast-changing market forces and successfully meet the challenges in our future.

A good data resilience strategy does a lot for the business. It enables the management of rapid data growth and handle various workloads, data recovery to quickly get back up and running after any event that compromises data. It brings many other benefits to the organisation, including enhanced performance, reduced costs, reliable and efficient business operations, minimised risk, and strong protection in every part of the company.

David Lenz is the Vice President, Asia Pacific at Arcserve.

David Lenz, Vice President, Asia Pacific at Arcserve