You need to back up your company’s data. Then again, unless you have been living under a rock all these years, you already know that.
Making backups of your data is critical as these backups protect against hardware failure, human error, cyber attacks, power outages and natural disasters—all of which can result in data loss. Backups can help save time and money if these failures occur.
And, as we have explained time and again here on Data&Storage ASEAN (DSA), the impact of critical data loss can be severe. It can obviously result in revenue losses, damage your brand’s reputation and possibly subject you to legal action or stiff penalties from government watchdogs. To this point, Dell Technologies’ 2022 GDPI snapshot research found that the average cost of data loss faced by organisations in Asia Pacific and Japan, including China (APJC), amounted to USD $977k in the year it was conducted, and this finding only underscores the criticality of making backups.
Too Many Organisations Aren’t Ready Yet
Worryingly, the same research found that 59% of its APJC respondents are not very confident that all business-critical data can be reliably recovered in the event of a destructive cyber attack. Additionally, 70% of APJC respondents are concerned their organisation’s existing data protection measures may not be sufficient to cope with malware and ransomware threats.
“As organisations across the region continue to digitally transform their operations and adopt transformative technologies, they need to ensure that their IT infrastructure remains resilient and can keep pace with change,” explained Lucas Salter, General Manager, Data Protection Solutions, Dell Technologies, Asia Pacific, Japan & Greater China, in an exclusive email interview with DSA. “Performing regular, complete, and robust backups is essential for the resilience and recovery posture of organisations.”
There is just one problem: One too many organisations—worldwide and in the region—have weak or inadequate backup strategies.
Salter attributes this critical inadequacy to a variety of factors, like fragmented implementation of backup strategies, poor planning, complexity and reliance on too many data protection vendors that only make the process of making backups more complex than it is already.
Light at the End of the [Data] Tunnel
The good news is that the aforementioned problems weakening companies’ backup strategies can be addressed with the right backup strategy guided by long-term planning and leveraging the right solutions.
“When organisations look to develop a holistic backup strategy, they must plan for the IT skill sets and long-term costs across key inter-related areas including cybersecurity, data protection, and cloud infrastructure management,” explained Salter. “They should also strive for simplicity and scale across their data protection and cyber recovery capabilities.”
Simplifying data protection and cyber recovery efforts in this case means working with a single data protection partner that can help businesses manage their technology when they need it most. This arrangement also helps in the standardisation and simplification of technology operations—something companies in the region appear to be recognising already. In fact, according to Dell Technologies’ 2022 GDPI snapshot research, 82% of APJC respondents using multiple data protection vendors believe they would benefit from reducing the number of vendors they use.
For the most part, just one data protection vendor will suffice as long as that vendor can offer the necessary solutions to protect and back up an organisation’s data. Take, for instance, Dell Technologies’ software-defined data protection portfolio, whose offerings can be consumed through public clouds or via the company’s extensive partner ecosystem.
More than that, Dell Technologies’ offerings, which include zero-trust solutions, can be specifically tailored to meet organisations’ needs and unique requirements. This helps in streamlining an organisation’s IT infrastructure so that its IT talent can focus on other crucial initiatives—including strengthening the company’s backup strategy.
Plenty of Work Goes into Backing Up Data
Choosing the right partner is just part of the battle. In addition to that, Salter advises businesses to tighten the collaboration between their security and IT infrastructure teams to develop a robust recovery capability and build a comprehensive view of risk. Salter also emphasises the need for application, cloud and backup teams to work closely together “to ensure that data and systems are protected in a cost-effective manner and that the insights from recovery can be effectively leveraged.”
These tips, also from Salter, will prove useful as well:
- Protect everything. Organisations must understand where all their data is stored so they can do what is necessary to protect everything.
- Modernise your backup. Companies need to investigate the options for performing backups to see which ones are appropriate. Additionally, organisations must ensure that the data written to the backup storage device is recoverable as it is written to ensure data integrity.
- Safeguard your backup environment. Organisations need to regularly patch their operating systems, follow the backup tool hardening guides and enable encryption in flight and/or at rest to ensure that the backup data is immutable.
- Secure access to your backup environment. This can be done by enabling multi-factor authentication (MFA), role-based access control (RBAC), Transport Layer Security (TLS) certificates and API credentials.
- Plan for anomaly detection. In the event of destructive malware, organisations should be able to use their backup data to identify data corruption. This helps in detecting breaches early and in ensuring that only non-corrupted data is restored after a cyber event.
- Leverage automation. Organisations must proactively think of how built-in capabilities can help reduce risk, enable scalability and validate the company’s ability to recover. For instance, when new virtual machines are created, they can automatically be added to a backup policy.
- Create a network-isolated (air-gapped) recovery capability. Companies need to establish a trusted recovery environment that keeps data safe from tampering. This can be done by creating a system that incorporates network isolation with the use of an air-gapped cyber vault that would isolate immutable copies of backup data.
Necessary Hard Work
It goes without saying that backing up data is lots of hard work and all sorts of daunting and challenging—especially now.
“The acceleration of data growth has increased data management complexity and data silos in the region. This combined with an unprecedented rise in cyber attacks, limited budgets, and constrained operational staff is making it crucial for organisations to do more to efficiently store, protect and back up their data,” Salter concluded.
But for something as valuable as data, doing more seems like a natural trade-off in order to keep it protected—and to make sure the business is uninterrupted by unforeseen circumstances.
So, yes, it is time to do more.