Availability in the age of security risk

November 2017 Editor's Choice, Security Services & Risk Management

With ransomware attacks becoming increasingly prevalent, companies are more aware than ever for the need for effective cybersecurity measures. But despite this, not enough is being done to ensure the availability of data in the event of systems being compromised.

Claude Schuck.
Claude Schuck.

Enterprises are spending millions on disaster recovery (DR) and business continuity (BC) strategies but they do not invoke them nearly enough for the investment to be measured accurately. In fact, the 2017 Veeam Availability Report makes for sobering reading around the impact that security risks could have on availability.

The report has found that six out of seven organisations lack a high level of confidence in their ability to reliably protect and recover data within their virtual environments. To make matters worse, 85% of respondents rated themselves less than very confident in the current capabilities of their organisations regarding virtual machine backup and recovery. With virtualisation being part of the foundation of every modern IT environment, including on-premise and cloud-hosted, any response other than ‘very confident’ is unacceptable.

Think differently

Clearly, the old way of looking at DR and BC is still too complex. It needs to be simplified if organisations have any chance of effectively implementing these plans in the event of a disaster. One of the best ways to ensure that this happens is by conducting regular tests. This will provide real insight into how easy it is to manage (and recover) data in times of crisis and what the impact of non-availability could potentially be.

It will also show executives in a realistic manner, the amount of downtime the business can tolerate from its high-priority applications compared to those that are not as time-sensitive. According to the report, the median tolerable downtime among high-priority applications is 7.5 minutes. For normal applications this window opens to 90 minutes. So, ask yourself just how quickly you can access your mission-critical data. Realistically, anything longer than 20 minutes could spell potential disaster for the enterprise.

In this environment, it is still crucial to ensure good cybersecurity measures are put in place to mitigate the risk of any potential attacks. The problem is that many decision-makers equate this to simply installing the latest anti-virus software. Unfortunately, viruses and malicious software have evolved and need to be addressed differently. As with any security concern, the biggest threat often comes from the employees of a company. From disgruntled users to unsuspecting people clicking on suspicious links, a company must make sure that it provides the right level of data access to the various employees in the business.

Addressing security concerns

This is not only something that happens amongst private sector organisations. Governments must be aware of the risks that not effectively securing their data and testing their DR and BC strategies could have on operations. The impact could be significant not only in the running of a department, but also the operations of a country.

In South Africa, most public sector departments still store their data on legacy applications. In recent years, the government has started migrating to more centralised systems in an effort to improve accessibility of data and minimise the ‘sprawl’ occurring in their server architecture and information systems. However, they still need to ensure that availability remains the priority during the shift (just as with private sector organisations).

Ultimately, DR, BC and cybersecurity policies should not just be about a tick box approach. Instead, these need to be regularly tested (more than just once or twice per year). Many of these availability tests happen in either a simulated environment, over weekends or at night when there is not a peak load on the systems.

Disaster can strike at any time. It is therefore imperative to conduct testing during peak load times to experience first-hand what will happen in the event of a disaster. This requires a different way of thinking and one that executives in the digital world need to start embracing.

As is evident by the report, the significance of not having access to data when it matters most could potentially result in a company having to close its doors.

For more information, contact Veeam, www.veeam.com

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The same security assessment for different reasons
Issue 7 2020, Alwinco , Editor's Choice
Like everything else in life, a security risk assessment also has two sides: one is the proactive approach, and the other is the approach taken ‘after the fact’.

Risk intelligence the key to a sustainable future
Issue 7 2020 , Editor's Choice
Only by building risk intelligent organisations will leaders be able to overcome six distinct global threats identified by the Institute of Risk Management South Africa (IRMSA).

Profile D for access control peripherals
Issue 7 2020 , Editor's Choice
Profile D provides interoperability for devices such as locks, credential/biometric readers, PIN pads, LPR cameras, door phones, sensors and displays.

Security investments and culture
Issue 7 2020 , Editor's Choice
Organisations must embed security into the culture of the company and approach security investments with this culture in mind.

Elastic storage pricing
Issue 7 2020 , Editor's Choice
With elastic pricing, users can switch from one storage model to another without having to pay a premium or a penalty, and without having to physically move any data.

Use technology as a differentiator
Issue 7 2020 , Editor's Choice
Juni Yan, director of Transport, Logistics and Automotive at BT, shares her insights on how logistics companies can leverage digital transformation to become a real market differentiator – no matter the state of the pandemic.

Management of PPE allocation made simple
Issue 7 2020, Powell Tronics, Technews Publishing , Editor's Choice
Of all the roadblocks and challenges COVID-19 has introduced us to over the past few months, one of the tasks organisations have to manage is the issuing of PPE to staff.

Robots in warehousing and freight, a security perspective
Issue 7 2020, FSK Electronics , Editor's Choice
The logistics industry needs support from technology to meet its ongoing demands and ongoing security concerns.

The new training normal
Issue 7 2020, Leaderware , Editor's Choice
Insights from running my first CCTV Surveillance Skills and Body Language and Advanced courses at physical training venues since COVID-19 started.

An exciting journey in security
Issue 7 2020, Technews Publishing, BTC Training Africa , Editor's Choice
Errol Peace describes his 40-plus year career in the security industry where he was and is a great proponent of training as an “exceptionally exciting journey”.