Availability in the age of security risk
November 2017, This Week's Editor's Pick, Security Services & Risk Management
With ransomware attacks becoming increasingly prevalent, companies are more aware than ever for the need for effective cybersecurity measures. But despite this, not enough is being done to ensure the availability of data in the event of systems being compromised.
Enterprises are spending millions on disaster recovery (DR) and business continuity (BC) strategies but they do not invoke them nearly enough for the investment to be measured accurately. In fact, the 2017 Veeam Availability Report makes for sobering reading around the impact that security risks could have on availability.
The report has found that six out of seven organisations lack a high level of confidence in their ability to reliably protect and recover data within their virtual environments. To make matters worse, 85% of respondents rated themselves less than very confident in the current capabilities of their organisations regarding virtual machine backup and recovery. With virtualisation being part of the foundation of every modern IT environment, including on-premise and cloud-hosted, any response other than ‘very confident’ is unacceptable.
Clearly, the old way of looking at DR and BC is still too complex. It needs to be simplified if organisations have any chance of effectively implementing these plans in the event of a disaster. One of the best ways to ensure that this happens is by conducting regular tests. This will provide real insight into how easy it is to manage (and recover) data in times of crisis and what the impact of non-availability could potentially be.
It will also show executives in a realistic manner, the amount of downtime the business can tolerate from its high-priority applications compared to those that are not as time-sensitive. According to the report, the median tolerable downtime among high-priority applications is 7.5 minutes. For normal applications this window opens to 90 minutes. So, ask yourself just how quickly you can access your mission-critical data. Realistically, anything longer than 20 minutes could spell potential disaster for the enterprise.
In this environment, it is still crucial to ensure good cybersecurity measures are put in place to mitigate the risk of any potential attacks. The problem is that many decision-makers equate this to simply installing the latest anti-virus software. Unfortunately, viruses and malicious software have evolved and need to be addressed differently. As with any security concern, the biggest threat often comes from the employees of a company. From disgruntled users to unsuspecting people clicking on suspicious links, a company must make sure that it provides the right level of data access to the various employees in the business.
Addressing security concerns
This is not only something that happens amongst private sector organisations. Governments must be aware of the risks that not effectively securing their data and testing their DR and BC strategies could have on operations. The impact could be significant not only in the running of a department, but also the operations of a country.
In South Africa, most public sector departments still store their data on legacy applications. In recent years, the government has started migrating to more centralised systems in an effort to improve accessibility of data and minimise the ‘sprawl’ occurring in their server architecture and information systems. However, they still need to ensure that availability remains the priority during the shift (just as with private sector organisations).
Ultimately, DR, BC and cybersecurity policies should not just be about a tick box approach. Instead, these need to be regularly tested (more than just once or twice per year). Many of these availability tests happen in either a simulated environment, over weekends or at night when there is not a peak load on the systems.
Disaster can strike at any time. It is therefore imperative to conduct testing during peak load times to experience first-hand what will happen in the event of a disaster. This requires a different way of thinking and one that executives in the digital world need to start embracing.
As is evident by the report, the significance of not having access to data when it matters most could potentially result in a company having to close its doors.
For more information, contact Veeam, www.veeam.com
- Awareness and trust in context
November 2017, CA Southern Africa, Access Control & Identity Management, Security Services & Risk Management
Markus Krauss, senior director, Digital Identity and Security, CA Technologies, spoke to Hi-Tech Security Solutions about making identity work for people and things.
- People on the move
November 2017, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, IT infrastructure
Sanjay Dharwadker looks at some of the changes that have been enacted to better manage Europe’s borders.
- Access and identity: looking ahead
November 2017, neaMetrics, ZKTeco, Powell Tronics, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
Access and identity is more important than ever with more options than ever for companies looking for solutions that go beyond mere entry and exit.
- Trusting your privilege
November 2017, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
Privileged access management is the starting point for effective enterprise identity and access management, whichever device you're logging in from.
- The access edge
November 2017, Johnson Controls, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, Security Services & Risk Management
With the common denominator of IP networks as their backbone, building automation, security and, in particular, access control systems are increasingly providing opportunities to both security integrators and building managers.
- Facing the future
November 2017, neaMetrics, Virdi Distribution SA, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure
Facial biometrics is coming into its own today, but is it a 100% reliable means of identity verification and authentication?
- Key management in 2018
November 2017, Zonke Monitoring Systems, Access Control & Identity Management, Security Services & Risk Management
With all the technology available today, you would think we were past using old-fashioned keys for security, but far from it.
- Securing your access security
November 2017, G4S South Africa, Impro Technologies, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security
While one may not consider access control solutions a prime hacking target, any connected device is a target in today’s world.
- Ding dong, it’s IP
November 2017, Elvey, TOA Electronics, Zhejiang Dahua Technology, CAME BPT South Africa, This Week's Editor's Pick, Access Control & Identity Management
IP and open standards have taken the security technology world to a new level where proprietary systems and customer lock-in are no longer the global standard.
- Access a mobile-first world
November 2017, Axis Communications SA, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure
Mobile access control enables mobile devices – such as smartphones and wearables – to function as credentials in providing access to secured buildings, rooms and areas.
- Why own when you can rent?
November 2017, EOH Security & Building Technologies, Access Control & Identity Management, Security Services & Risk Management
In a rapid changing environment, business is moving away from owning security equipment to a model of serviced rentals.
- Smart cities are built on smart thinking
November 2017, Technews Publishing, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
The smart city concept integrates ICT and various physical devices connected to the network to optimise the efficiency of city operations and services and connect to citizens.