In today's rapidly evolving digital landscape, data has emerged as the new cornerstone of success. You've likely encountered the phrase 'Data is the new oil' or some variation of it, and its prominence in discussions is no accident. Data is not just important; it's the lifeblood of modern businesses, often distinguishing between thriving in a fiercely competitive environment and merely surviving, or worse.
“Today’s businesses are reliant on data for informed decision-making,” Wee Tee Lim, Regional Vice President, at Cloudera, told Data & Storage ASEAN. “Data has become a strategic asset that needs to be protected, yet many businesses continue to grapple with the proper storage, management, control, governance, and security of their data. And just like oil, bad things can happen if there is a leak or spill, or in the case of data, a breach or loss.
Those Bad Things Can Be [Very] Costly
Given the increasingly primordial role of data in businesses, it makes sense to be vigilant with it because data loss or compromise—whether due to a data breach, hardware malfunction, human error, or any other cause—can have dire consequences. Acronis, for instance, found that small instances of data loss cost a business between USD $18,120 to USD $35,730 on average, while downtime caused by data loss or compromise can set organisations aback by as much as USD $7,900 per minute.
Taken all together, losses from data loss or compromise can rise meteorically when you factor in the six cost areas that need to be taken into account:
Loss of productivity. This pertains to an organisation’s inability to generate value from its core business offerings.
Response costs. This refers to the expenses the organisation incurs while managing the data compromise incident. These include labour costs and supplier fees.
Cost of replacement. This is the total spending required to replace or reacquire what has been lost in the first place.
Fines and judgment fees. These are the legal and/or regulatory fees that the organisation must pay for mishandling data.
Loss of competitive advantage. This pertains to the declining value of a company’s assets and/or offerings.
Reputational damage. This refers to the negative perceptions a company will receive due to data-related incidents.
Betting Big on Backups
Undoubtedly, safeguarding such a crucial asset is paramount, but it must also be reinforced through reliable backups. The challenge lies in the fact that certain organisations have lagged behind in this regard, primarily leaning on outdated legacy backup systems.
Unfortunately, the old ways of doing backups are hardly adequate in this digital-first world, said David Rajoo, ASEAN Systems Engineering Head, Cortex, Palo Alto Networks.
Legacy backup solutions were primarily designed for the era of physical data centres and may not effectively protect against modern network threats,” Rajoo pointed out to Data & Storage ASEAN. “These methods involve backup disks for individual users and data centres for larger enterprises. However, attitudes towards data and its security have changed, and the need for data protection is now recognised as a crucial aspect of safeguarding our well-being in the digital world.”
Lawrence Yeo, Enterprise Solutions Director, ASEAN, at Hitachi Vantara echoes Rajoo’s point.
“Traditional data backup and recovery methods are not built for today’s age of digital transformation and supercharged data growth. With the vast volumes of data generated now, traditional backup methods would struggle to cope,” explained Yeo. “They are also prone to failure, become unreadable, are hard to scale, time-consuming to manage, and have vendor lock-in and hardware compatibility issues. They also have slow system recoveries while costing more.”
Indeed, between the ever-increasing amount of data being produced today and the diverse ways data can be compromised, the old ways of creating backups are no longer adequate and are arguably unreliable. This only means organisations will need to explore newer, more modern means to back up their data—or risk data loss and/or compromise even with legacy “solutions” already in place.
Modern Data Needs Require Modern Solutions
We now find ourselves in the contemporary data age, and ensuring its protection calls for the adoption of cutting-edge solutions. Over time, backup technologies have undergone a transformative evolution, reaching a stage where they can effectively address the complexities of the digital era, offering organisations secure backups of their most vital data. One backup strategy, for instance, that is being used more and more is the cloud.
“Data backups have evolved over the years from using tapes, software, and media gateways to today’s more efficient cloud-based solutions,” Yeo noted. “With the arrival of cloud computing, organisations can now digitally retain their backups across several locations and access their data from any connected device at any time and from anywhere. The cloud also has the advantage of being scalable, thus enabling enterprises to save costs.”
Rajoo concurs, noting how “cloud storage offers advantages such as ease of use, increased security measures, scalability, accessibility, and reliability.” These factors, according to the Palo Alto Systems Engineering Head, have made cloud storage a popular choice with a strong emphasis on prioritising data protection.
David Lenz, Vice President, Asia Pacific, at Arcserve even credits the launch of the cloud as having ushered in the data storage and backup revolution—one that is giving organisations a host of advantages, including flexibility and scalability.
“[With the cloud], businesses can maintain all backups in multiple locations digitally, and they can access them anytime, anywhere, from any connected device. The capacity of a cloud can be increased by scaling out, or adding space as businesses need it, saving them money in the long run,” Lenz said about the advantages organisations can get by leveraging the cloud.
Every Advantage Counts
Increasing digitalisation has produced seemingly unintended consequences, like a stark reliance on digital technologies that can fail at any given time and an increase in cybersecurity risks. Among these risks that have proven detrimental to organisations worldwide is ransomware, which is specifically designed to deny access to data—or “hold it hostage” in effect. Exacerbating matters is the growing sophistication of ransomware today as it can also attack even backups, or at least render them useless.
“Today, ransomware attacks are becoming more sophisticated. Threat actors target specific organisations, probing for vulnerabilities in current defences to find unguarded and weak points of entry,” explained Steve Stavridis, Director, APAC, at OpenText Cybersecurity. “Additionally, they seek to disrupt backup processes, delete backups, and compromise backup data with dormant ransomware to trigger another cycle of malicious encryption after recovery.
This problem underscores the criticality not only of having backups but also of keeping these protected from ransomware or any similar attack. And it appears cloud computing has taken the forefront in this regard, at least according to the experts Cybersecurity ASEAN interviewed.
“The modern backup solution has cloud computing in the driver's seat. Cloud migration, modern object storage, data protection, and backup strategies are necessary to keep data safe and safeguard against ransomware attacks,” Hitachi Vantara’s Yeo noted. “This is crucial as ransomware attacks have increased and become more complex to manage, especially considering that the APAC region was the hardest hit region in 2022.”
All these efforts—from more conventional data backup strategies to using the cloud—dovetail into one encompassing strategy: Developing cyber reliance, or an organisation’s ability to prevent, weather, and recover from cybersecurity incidents. To this end, organisations that cannot rapidly recover data from a high quality and recent backup are not cyber resilient, according to Sathish Murthy, Director of Systems Engineering, ASEAN/India, at Cohesity, and the repercussions of this, again, can be costly.
“Effective backup solutions and practices that establish cyber resilience must provide organisations with a recent, secure, clean, and immutable copy of their data—regardless of whether it’s stored on-premises, in cloud, or hybrid environments,” Murthy explained. “Having reliable backups and backup practices to recover data goes far beyond maintaining cyber resilience; it allows core business processes that support revenue generation to be restored when the worst occurs, and even allows organisations to refuse ransom demands in an age where cyber attacks are a 'when' and not 'if' reality.”
Best Backup Practices to Keep in Mind
And so, it all boils down to this crucial question: What is the best way to backup data?
Ben Lim, Senior Country Manager at Epicor Malaysia and a host of other experts agree on at least one thing and that is the need for a multipronged strategy to prevent data loss in any form. The first thing in this case, according to Lim is taking advantage of the ability to store backups offsite in various locations.
Lim explained that backup suites nowadays enable replication offsite to other data centres or even into the public cloud and even allow for ease of use in testing restores without causing any disruption. Testing restores, in turn, is key to fleshing out any issues in the system and your backups. Of course, protecting your data also means protecting your backups—and this necessitates the implementation of security or protection strategies, like limiting access to the backup software using multi-factor authentication, making data backup immutable, and controlling overall access.
Stavridis, for his part, offers these best practices:
Backup data in more than one location. Recovery requires multiple equally valid and independently strong alternate pathways to decrease the risk that any given pathway is compromised, inaccessible, or unusable. The 3-2-1 principle—3 copies of data, stored on 2 forms of media, with 1 copy offsite/off-network/air-gapped for disaster recovery—must be the bare minimum here.
Make data immutable and limit access to backup datasets. Data immutability ensures that information within a database cannot be deleted or changed. In immutable databases, data can only ever be added. Meaning the database will not overwrite or change an item when new information is made available. Even if a mistake is made, it is corrected with a subsequent entry and not overwritten.
Ensure hardened security controls over changing backup settings and erasing data. If threat actors can compromise the administrator’s backup system through credential phishing, they can change backup settings or erase backup data in advance of a ransomware attack. Change and erase requests should be difficult to execute without supplementary approval utilising controls such as strong multi-factor authentication, escalation workflows, and recycle bins.
As you may have already noticed, the idea of immutability keeps popping up, and it is critical because it means data is converted to a write-once, read many times format—and, therefore, can neither be deleted nor altered. This ensures that your backups are not compromised and is actually useful in case your main data sets are lost or damaged.
Arcserve's Lenz, recommends using immutable storage systems offering object-based scale-out storage architecture, which he says provides organisations “a seamless pool of capacity and effortlessly add drives and appliances as their data needs grow.”
Do note, though, that an ideal storage system is one that uses analytics to identify frequently used data that the organisation should always back up and seldom-used data that does not have to be backed up. This gives organisations an intelligent, tiered data architecture that provides rapid access to mission-critical information. It also enables organisations to save money on data storage while keeping their essential data safe from catastrophe.
A Final Thought
The sad reality today is that data is never truly safe, and no single technology can change that. But it is certainly part of the equation.
“Technology must be leveraged in tandem with other guiding principles and policies, and these strategies must be built on top of security and governance, not the other way around,” Lim advised. “Training teams and equipping employees with proper resources to handle the increasingly complex threats targeting today’s businesses can help mitigate the exposure. Organisations must also remain vigilant of the threats surrounding them and be prepared to manage any potential risks accordingly.”
In other words, backing data up goes beyond the actual act of making copies. It is a meticulous, ongoing process that needs buy-in from everyone in the organisation and an evolving strategy to keep up with the times.