Availability in the age of security risk
November 2017, This Week's Editor's Pick, Security Services & Risk Management
With ransomware attacks becoming increasingly prevalent, companies are more aware than ever for the need for effective cybersecurity measures. But despite this, not enough is being done to ensure the availability of data in the event of systems being compromised.
Enterprises are spending millions on disaster recovery (DR) and business continuity (BC) strategies but they do not invoke them nearly enough for the investment to be measured accurately. In fact, the 2017 Veeam Availability Report makes for sobering reading around the impact that security risks could have on availability.
The report has found that six out of seven organisations lack a high level of confidence in their ability to reliably protect and recover data within their virtual environments. To make matters worse, 85% of respondents rated themselves less than very confident in the current capabilities of their organisations regarding virtual machine backup and recovery. With virtualisation being part of the foundation of every modern IT environment, including on-premise and cloud-hosted, any response other than ‘very confident’ is unacceptable.
Clearly, the old way of looking at DR and BC is still too complex. It needs to be simplified if organisations have any chance of effectively implementing these plans in the event of a disaster. One of the best ways to ensure that this happens is by conducting regular tests. This will provide real insight into how easy it is to manage (and recover) data in times of crisis and what the impact of non-availability could potentially be.
It will also show executives in a realistic manner, the amount of downtime the business can tolerate from its high-priority applications compared to those that are not as time-sensitive. According to the report, the median tolerable downtime among high-priority applications is 7.5 minutes. For normal applications this window opens to 90 minutes. So, ask yourself just how quickly you can access your mission-critical data. Realistically, anything longer than 20 minutes could spell potential disaster for the enterprise.
In this environment, it is still crucial to ensure good cybersecurity measures are put in place to mitigate the risk of any potential attacks. The problem is that many decision-makers equate this to simply installing the latest anti-virus software. Unfortunately, viruses and malicious software have evolved and need to be addressed differently. As with any security concern, the biggest threat often comes from the employees of a company. From disgruntled users to unsuspecting people clicking on suspicious links, a company must make sure that it provides the right level of data access to the various employees in the business.
Addressing security concerns
This is not only something that happens amongst private sector organisations. Governments must be aware of the risks that not effectively securing their data and testing their DR and BC strategies could have on operations. The impact could be significant not only in the running of a department, but also the operations of a country.
In South Africa, most public sector departments still store their data on legacy applications. In recent years, the government has started migrating to more centralised systems in an effort to improve accessibility of data and minimise the ‘sprawl’ occurring in their server architecture and information systems. However, they still need to ensure that availability remains the priority during the shift (just as with private sector organisations).
Ultimately, DR, BC and cybersecurity policies should not just be about a tick box approach. Instead, these need to be regularly tested (more than just once or twice per year). Many of these availability tests happen in either a simulated environment, over weekends or at night when there is not a peak load on the systems.
Disaster can strike at any time. It is therefore imperative to conduct testing during peak load times to experience first-hand what will happen in the event of a disaster. This requires a different way of thinking and one that executives in the digital world need to start embracing.
As is evident by the report, the significance of not having access to data when it matters most could potentially result in a company having to close its doors.
For more information, contact Veeam, www.veeam.com
- A trailblazing quarter century in 2018
May 2018, Specialised Exhibitions Montgomery, This Week's Editor's Pick, Conferences & Events
Specialised Exhibitions Montgomery is proud to present the 25th edition of Securex South Africa 2018, Africa’s leading security and fire trade show, taking place at Gallagher Convention Centre in Midrand from 22 to 24 May 2018.
- The human factor in decision making
May 2018, Leaderware, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring
Dr Craig Donald discusses the role of human analysis and decision-making in security technology systems.
- Combating the evolving threat of fraud
May 2018, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management
It is impossible to pin an exact number on how much fraud costs the South African economy, but analysis of leading research reports on the subject puts it easily in the billions of Rands per year.
- Making cents out of the security mix
May 2018, Cathexis Technologies, Panasonic South Africa, Xone Integrated Security, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions, Financial (Industry)
Hi-Tech Security Solutions chats to industry specialists about the security mix, cybercrime and the onslaught of artificial intelligence in the financial sector.
- More of the same, but more sophisticated
May 2018, Duxbury Networking, This Week's Editor's Pick, Cyber Security, Integrated Solutions, IT infrastructure
We’ve been protecting networks from criminals for many years, but as soon as the defences improve, the attacks get more sophisticated.
- Make sure the channels are safe
May 2018, This Week's Editor's Pick, Cyber Security, IT infrastructure
Companies should be aware of how many possible data leakage sources they have: e-mail, phone calls, instant messengers and social networks, cloud storage, external storage devices – to name a few.
- Trust, but verify
May 2018, iFacts, LexisNexis, Managed Integrity Evaluation, This Week's Editor's Pick, Security Services & Risk Management
Employee screening is not a new discipline, but the options have grown to assist HR in making the right hiring decision.
- Hikvision shapes intelligence
May 2018, Hikvision South Africa, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, News, Integrated Solutions, IT infrastructure
Hikvision holds ‘Shaping Intelligence’ AI Cloud World Summit to discuss building an Artificial Intelligence (AI) ecosystem through open collaboration.
- Do more with security
May 2018, Johnson Controls, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management
Current trends predict that companies do more with their security solutions than just secure their people, assets or data in the near future.
- Active Track
Securex 2018 Preview, Active Track, Asset Management, EAS, RFID, Security Services & Risk Management
Active Track is a workforce management and reduction of payroll specialist. Its products optimise clients’ security services by ensuring that patrols and duties are carried out on time, every time. The ...
- Martin Electronics
Securex 2018 Preview, CCTV, Surveillance & Remote Monitoring, Perimeter Security, Alarms & Intruder Detection, Security Services & Risk Management
Martin Electronics will be showcasing a number of new products and solutions under the Sentry brand at Securex 2018. The company will also have some value-added additions and integrations on display, ...
- HISSCO International
Securex 2018 Preview, Hissco, Access Control & Identity Management, Asset Management, EAS, RFID, Security Services & Risk Management
HISSCO International will be showcasing its range of security X-ray and detection systems at this year’s Securex. The company is currently seeking potential partners, distributors and representatives ...