The cybersecurity industry has a people problem. IT has become disconnected from the C-Suite, and vice-versa. A distinct gap exists in the upper echelon of business. The IT team knows the threats, vulnerabilities, and security strategy well. Meanwhile, executives have a good grasp of the big picture of business and which areas they should invest in, but may not understand cybersecurity’s nuance. Being rightfully risk averse as business leaders, it’s not uncommon for them to be wary of spending more on protecting the organization if they believe an attack is unlikely. However, the barrage of ransomware attacks and outage headlines shows it’s not a question of if or when an organization gets attacked, but how many times. With the C-Suite holding the purse strings, IT needs to work with them to properly modernize infrastructure.
Defining data resiliency
The most important piece of any modernization strategy is data resiliency, which includes data backup, recovery, freedom, security, and intelligence The ultimate insurance policy, data resilience is a business’s ability to recover from data disruptions, attacks, or other failures. By focusing on bouncing back to how things were before the attack, organizations can minimize the risk of losing important data, reduce uptime, and get back to helping customers quickly with minimal downtime. Without data resiliency, organizations are wide open to lost data, corrupt files, ransomware attacks, software failures, natural disasters, and human error. Plan for the loss and be ready for disruption, and you’ll be ready for even the worst possible scenarios.
As stated previously, data resiliency can be distilled into five pillars: data backup, data recovery, data freedom, data security, and data intelligence. Backup and recovery are the foundation of data resiliency, ensuring data can be quickly restored in the event of an emergency. Data freedom means no matter where your data is, it will be kept safe regardless of environment. Security is part of data resiliency, too. Firewalls, antivirus, and intrusion detection all have a necessary place here, acting as the first line of defense against would-be attackers. None of these components will matter if not regularly tested and maintained, however. Keeping your systems and strategy up to date by testing backups and running simulations is important. Finally, data intelligence provides key insights into your environment, utilizing AI to automatically detect malware and ransomware, stopping them before disaster strikes.
Why start from the top
In the event of a ransomware attack, a report indicated that 48 percent of data wouldn’t be recoverable. Aligning the C-Suite and IT team is the most critical step in adopting a data resiliency strategy. More than half of organizations believe that there is either a “significant improvement” or “complete overhaul” needed for their organizations to be aligned between their backup and cybersecurity teams. With so much disconnect within IT, it stands to reason the C-Suite may be just as detached from the need for data resiliency. By sitting down together and creating a joint approach to achieving data resiliency, the C-Suite and IT team break the mentality of “us vs. them” and “not my problem.”
IT teams know how to protect their organization. Yet there are still frequent holes in IT infrastructure. It all comes down to obtaining mission-critical resources. IT teams need access to the people and resources required to modernize their systems and create a truly data-resilient organization. Those resources require a substantial budget, and only getting halfway there is not enough. The key lies in breaking open the “black box” of IT for the C-Suite. Break it down in table stakes and communicate the real business value of data resiliency, moving away from jargon and taking a more accessible approach to explaining security and infrastructure. For example, compare the financial loss of 24 hours’ worth of downtime versus only one hour of downtime. With a data resiliency strategy in place, IT can push a button and reset the organization’s data before the attack or outage. This means getting back online and operating in the turn of a dime, so organizations can instantly turn their attention to customers and determine what went wrong.
Getting C-Suite buy-in
In the pursuit of data resiliency, buy-in from the executive team can change the entire fate of a company when an attack or outage happens. Without it, IT modernization efforts run the risk of being half-baked. While it appears to be a smart cost-cutting move to only modernize certain aspects like security, which executives are perhaps more familiar with, this is a fallacy. Leaving any one part of the IT stack out opens businesses to a great deal of risk and creates unnecessary vulnerabilities in the event of a cyberattack. This means more affected customers, downtime, money lost, and lasting fallout. Data resiliency is not IT’s problem, nor is it the C-suite’s problem. In a healthy organization, it is everyone’s problem.
Executives have plenty of reasons to get on board with data resiliency and fully modernize the infrastructure. It is a massive de-risking initiative, protecting the business and customers well before any kind of attack and safeguarding data, the most important asset for modern businesses. Those who fail to protect their customers in this way have faced not just lost revenue and legal action, but public outcry and outright dismissals of organizations. In our interconnected world, companies cannot hide any longer. Engage with your C-suite early and often, explaining the business value of data resiliency and the mounting list of potential consequences facing those who fail to adapt.
There has long been a gap between what business leaders expect as resiliency and the experience of IT teams. Aligning the C-Suite and team leaders on a data resiliency strategy is an essential derisking initiative ensuring companies are well protected when disaster strikes. Establishing backup and recovery, having a plan, and regularly testing systems can go a long way towards true data resiliency – but without getting both sides on board, modernizing efforts may not be effective. This risks opening the organization to attack, creating needless vulnerabilities, and endangering the business. Putting data resiliency in terms of its business value and engaging with executives ensures businesses will be ready for not if, but when the next attack comes.
Dave Russell is Senior Vice President and Head of Strategy, Veeam.
In my current role as the Senior Vice President, Head of Strategy at Veeam Software, I have the privilege of interacting with data center professionals, IT alliance partner, reseller and channel partners, industry influencers and press from all over the world.
Now 35 years in backup/recovery and storage management software as a developer, strategist or industry analyst, I still am passionate about backup. Backup, availability overall and storage management in general are challenges that are universal. Every organization seeks more capable, easier to use and most cost effective solutions. I’m very fortunate to be part of an outstanding organization at Veeam that is committed to delivering a platform to address those issues.
TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.