Stephen Manley, CTO, Druva on the importance of integrating data protection into data security
By Stephen Manley,
Customers need data protection vendors to integrate into their data security ecosystem. Organizations looking to “tighten the belt” on their IT budgets do not have the capital to invest in multiple siloed products for security posture, recovery, management, analytics, and integration with third-party tools. Even worse, siloed products leave gaps for cyber criminals to penetrate.
Since cyber criminals target the weakest part of your organization, as data centers become more secure, they are attacking cloud environments. Companies will be forced to extend their cyber resilience beyond the data center. With these additional requirements, the market will need to help customers do more with less — less money, less staff, and less experience. There will be a need for autonomous data resilience — in which the customers’ data is automatically secured and protected.
How should organizations integrate data protection into data security? First, executives must create a risk management strategy that incorporates cyber-insurance, security, and data protection. Second, data protection teams must work with security to ensure that their backups are secured. Finally, data protection teams should collaborate with the security team to understand what role they need to play in preparing for and recovering from an attack.
Risk management strategy
Every analyst and vendor says, “It’s not a matter of ‘if’ but ‘when’ a ransomware attack will succeed.” Therefore, you need to ask yourself, “When the attack happens, how will I recover?” Data is one of the most valuable resources for businesses, and it must be both accessible and clean. Many companies may not realize that legacy security strategies built on walling off the data center are no longer viable because, remember, “it’s not ‘if’, it’s ‘when’.”
It is time to reassess your current security posture. Across the “shared responsibility” models of the cloud, such as those offered with Microsoft 365 and other SaaS applications, as well as cloud-native applications running in AWS, Azure, and GCP, both internal IT teams and cloud providers play a role in protecting any data for any organization.
A robust cloud data security strategy should cover all data across data centers, SaaS applications, and other cloud environments. It should also include monitoring data access for all users and devices because attacks always start with users on the edge. It is critical that this be applied across all types of data, including “data in use” across all apps and endpoints, “data in motion” as it moves across the network, and “data at rest” stored in any location.
Ensure secured backups
IT organizations face a harsh reality: not only is data critical to business operations, but it’s also under constant threat and needs to be secured against ransomware. Following the pandemic, the remote workforce greatly increased workloads for IT professionals. These changes in the workforce have created a huge shortage of cybersecurity skills. With high demand and low staff supply, organizations are turning to cloud providers to fill the gap.
As companies seek to ease the burden on internal IT teams and refocus on strategic business initiatives, having access to an expert external support infrastructure can eliminate the expense and risk of building in-house solutions. Choosing the right solution provider is imperative to the success of any organization. Rather than trying to build a unified solution out of silos, it is time to leverage experts. Comprehensive data protection as a service allows you to radically simplify your backup and recovery experience, accelerate and protect cloud projects, and elevate cyber and data resilience.
Prepare for and recover from an attack
With the rise of ransomware attacks, IT teams are increasing their investment in detection and response capabilities because traditional methods are no longer sufficient. Unfortunately, the ability to simply recover backup data is not enough when an attack occurs. The crux of the issue for security and IT is a lack of integration between the backup environment and security operations that can enable response workflow and tooling. You should not have to wait for security to assess whether your backup environment has been compromised during the attack. This slows both response and data recovery times, resulting in greater downtime and lost revenue. You need a backup environment that is guaranteed to be safe and clean.
Then, to help the security team with incident response, the data protection solution should integrate with SIEM tools. The legacy product silos made integration almost impossible due to costs, timelines, and siloed ownership. While APIs have existed for years, integrations require consistent effort and attention. Despite efforts to share data, many organizations still lack a single comprehensive view of the security of their backup environment—one that provides insights into security controls, configurations, and abnormal changes. You need a modern backup solution that just integrates cleanly into your security tools.
Takeaway
There is a need for integrated, out-of-the-box capabilities for IT and security teams to easily understand their data security posture, observe backup changes without requiring analyst time or new integrations, and drill into the dashboards and alerts unique to their deployments. By simplifying both access and the use of posture and observability data, IT and SecOps teams can enable better preparedness, faster incident investigation and response, and better root cause analysis. As threats and ransomware continue to evolve, there will also be a need for autonomous data resilience, in which the customers’ data is automatically secured and protected.
The author is Chief Technology Officer at Druva.
Disclaimer: The views expressed are solely of the author and ETCIO.com does not necessarily subscribe to it. ETCIO.com shall not be responsible for any damage caused to any person/organization directly or indirectly.