The global ransomware epidemic and the increasing levels of cyber-risk have resulted in a ripple effect on various technology markets. This has led to the emergence of a new market dynamic.
In the face of ransomware, traditional backup and recovery options are no longer enough to protect data assets. The market is rapidly changing. Backup and recovery vendors have made critical bets in data and cybersecurity by developing broader capabilities through technology developments, integrations, acquisitions and partnerships. Rather than just backing up essential data assets, they now look at data more holistically.
In the past few years, backup vendors have gotten much better at defending against “traditional” ransomware, in which data is unavailable or corrupted. In these cases, bad actors enter an environment and prevent the attacked organization from using its data until the attackers are paid. This disrupts operations and can have incalculable consequences. Luckily, with capabilities like immutable backups, ransomware attackers can’t destroy the backups, which improves recovery possibilities. But now ransomware actors take a second bite at the apple before interrupting operations by exfiltrating, or stealing, data.
Even if the attacked organization has a backup and hence refuses to pay the first denial-of-service ransom, the cybercriminals might then threaten to expose the data externally. This second extortion attempt is akin to a hostage situation.
So, the nature of the threat has changed. That’s why the focus should be placed on data assets vs. processes: Understanding what data your organization has and what access, security, retention and recoverability attributes it might be lacking are all critical elements. Against a backdrop of constant data growth, this is a challenging task.
At the organizational level, we see that there are overlapping concerns both on the technical side and the executive level. The CIO, the chief information security officer (CISO) and the chief data officer (CDO) all have problems with this vast and continually growing pile of data that the company is trying to manage and protect.
The following are key questions every IT or security leader should ask themselves:
- What data do we have?
- Where is it stored?
- How is it stored?
- What type of data is it?
- What are the correct security and management policies for backup and recovery policies?
Operating in the cloud at scale adds to the complexity. Many organizations are left with this very weird pile of data. They don’t know what it is, where it is, who’s using it, what its lineage is or what its history is.
Build a more robust resilience strategy for your data
Applying consistent data policies across the organization is needed at scale. This is easier said than done.
TechTarget’s Enterprise Strategy Group recently researched the topic of cloud data security. One of the findings is that CISOs have a large volume of data they’re chartered with protecting regardless of where it lives.
Our research data showed that IT leaders have this huge overconfidence in tools and abilities to do things. We asked organizations how confident they are in their ability to find all the data they need to secure and how confident they are in correctly classifying that data. Surprisingly, more than 90% reported being very confident or confident about both.
However, upon closer examination, 19% of organizations lost data through what Enterprise Strategy Group calls shadow data, or data they did not know existed. It’s easy to make copies of data in modern infrastructures and just as easy to lose track of it. Another common occurrence is that a program makes a copy and crashes, and that data is left somewhere and gets exposed.
We also saw that despite being confident in their ability to classify data correctly, 33% of organizations lost data through misclassification — essentially, a misunderstanding of the data and incorrectly tagging it.
This means that IT professionals must revisit their data security posture management (DSPM) strategy, which is crucial for ensuring security and running efficient backup and recovery processes. The first step in DSPM is discovering all the data that the organization must protect and back up. A thorough understanding of the metadata and actual data enables users to assign appropriate security profiles and determine how the data should be managed from a security perspective. Then, classifying the data into coherent data types and applying different security attributes becomes easier.
Beyond essential data management and security, a better understanding of data and metadata also ensures that critical files are backed up and recoverable in case of mishaps. Moreover, a similar approach is vital to ensure the data is compliant and can be reused without risk. The perfect, though maybe unrealistic, picture of data management is 100% classification, no gaps, no disconnects wherever the data lives.
Let’s take the example of personally identifiable information (PII). PII must be protected whether on a laptop or phone or in a data center, such as a database running on premises or in the cloud. As an organization, the bar for properly managing PII is high. You must know where all your PII is and protect it from theft or leaks. You must ensure that PII is only used by authorized users or applications and that it is both recoverable and archived as dictated by data governance and compliance policies.
Resilience: The convergence of data protection and security
In many ways, we see the slow but sure convergence of data security, data loss prevention and backup and recovery. Enterprise Strategy Group has termed this broader focus on data as data resilience, which involves a combination of data classification, data security (often marketed as data security “posture”) and backup and recovery technologies. Data resilience aims to meet the needs of all data stakeholders — CISO, CIO, CDO — by ensuring operational resilience in the face of physical- and security-related disruptions. Where are you on your journey to data resilience?
Enterprise Strategy Group is a division of TechTarget. Its analysts have business relationships with technology vendors.