Availability in the age of security risk

November 2017 Editor's Choice, Security Services & Risk Management

With ransomware attacks becoming increasingly prevalent, companies are more aware than ever for the need for effective cybersecurity measures. But despite this, not enough is being done to ensure the availability of data in the event of systems being compromised.

Claude Schuck.
Claude Schuck.

Enterprises are spending millions on disaster recovery (DR) and business continuity (BC) strategies but they do not invoke them nearly enough for the investment to be measured accurately. In fact, the 2017 Veeam Availability Report makes for sobering reading around the impact that security risks could have on availability.

The report has found that six out of seven organisations lack a high level of confidence in their ability to reliably protect and recover data within their virtual environments. To make matters worse, 85% of respondents rated themselves less than very confident in the current capabilities of their organisations regarding virtual machine backup and recovery. With virtualisation being part of the foundation of every modern IT environment, including on-premise and cloud-hosted, any response other than ‘very confident’ is unacceptable.

Think differently

Clearly, the old way of looking at DR and BC is still too complex. It needs to be simplified if organisations have any chance of effectively implementing these plans in the event of a disaster. One of the best ways to ensure that this happens is by conducting regular tests. This will provide real insight into how easy it is to manage (and recover) data in times of crisis and what the impact of non-availability could potentially be.

It will also show executives in a realistic manner, the amount of downtime the business can tolerate from its high-priority applications compared to those that are not as time-sensitive. According to the report, the median tolerable downtime among high-priority applications is 7.5 minutes. For normal applications this window opens to 90 minutes. So, ask yourself just how quickly you can access your mission-critical data. Realistically, anything longer than 20 minutes could spell potential disaster for the enterprise.

In this environment, it is still crucial to ensure good cybersecurity measures are put in place to mitigate the risk of any potential attacks. The problem is that many decision-makers equate this to simply installing the latest anti-virus software. Unfortunately, viruses and malicious software have evolved and need to be addressed differently. As with any security concern, the biggest threat often comes from the employees of a company. From disgruntled users to unsuspecting people clicking on suspicious links, a company must make sure that it provides the right level of data access to the various employees in the business.

Addressing security concerns

This is not only something that happens amongst private sector organisations. Governments must be aware of the risks that not effectively securing their data and testing their DR and BC strategies could have on operations. The impact could be significant not only in the running of a department, but also the operations of a country.

In South Africa, most public sector departments still store their data on legacy applications. In recent years, the government has started migrating to more centralised systems in an effort to improve accessibility of data and minimise the ‘sprawl’ occurring in their server architecture and information systems. However, they still need to ensure that availability remains the priority during the shift (just as with private sector organisations).

Ultimately, DR, BC and cybersecurity policies should not just be about a tick box approach. Instead, these need to be regularly tested (more than just once or twice per year). Many of these availability tests happen in either a simulated environment, over weekends or at night when there is not a peak load on the systems.

Disaster can strike at any time. It is therefore imperative to conduct testing during peak load times to experience first-hand what will happen in the event of a disaster. This requires a different way of thinking and one that executives in the digital world need to start embracing.

As is evident by the report, the significance of not having access to data when it matters most could potentially result in a company having to close its doors.

For more information, contact Veeam, www.veeam.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Winners of the 2025 Southern Africa OSPAs
Editor's Choice
The winners of the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs) were revealed on Wednesday, 4th June, at Securex South Africa. Winners from all categories (except the Lifetime Achievement) will be featured in the second Global OSPAs set to take place in 2026.

Read more...
Deepfakes and digital trust
Editor's Choice
By securing the video right from the specific camera that captured it, there is no need to prove the chain of custody for the video, you can verify the authenticity at every step.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Key design considerations for a control room
Leaderware Editor's Choice Surveillance Training & Education
If you are designing or upgrading a control room, or even reviewing or auditing an existing control room, there are a number of design factors that one would need to consider.

Read more...
CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.