Availability in the age of security risk

Prioritise keeping your bitcoin safe, secure, and available
Claude Schuck, regional manager for Africa at Veeam.
Availability in the age of security risk
Claude Schuck, regional manager for Africa at Veeam.

With ransomware attacks becoming increasingly prevalent, companies are more aware than ever of the need for effective cybersecurity measures. But despite this, not enough is being done to ensure the availability of data in the event of systems being compromised.
Enterprises are spending millions on disaster recovery (DR) and business continuity (BC) strategies but they do not invoke them nearly enough for the investment to be measured accurately. In fact, the 2017 Veeam Availability Report makes for sobering reading around the impact that security risks could have on availability.

The report has found that six out of seven organisations lack a high level of confidence in their ability to reliably protect and recover data within their virtual environments. To make matters worse, 85 percent of respondents rated themselves less than very confident in the current capabilities of their organisations regarding virtual machine backup and recovery. With virtualisation being part of the foundation of every modern IT environment, including on-premise and cloud-hosted, any response other than “very confident” is unacceptable.

Think differently
Clearly, the old way of looking at DR and BC is still too complex. It needs to be simplified if organisations have any chance of effectively implementing these plans in the event of a disaster. One of the best ways to ensure that this happens is by conducting regular tests. This will provide real insight into how easy it is to manage (and recover) data in times of crisis and what the impact of non-availability could potentially be.

It will also show executives in a realistic manner, the amount of downtime the business can tolerate from its high-priority applications compared to those that are not as time-sensitive. According to the report, the median tolerable downtime among high-priority applications is 7.5 minutes. For normal applications this window opens to 90 minutes. So, ask yourself just how quickly you can access your mission-critical data. Realistically, anything longer than 20 minutes could spell potential disaster for the enterprise.

In this environment, it is still crucial to ensure good cybersecurity measures are put in place to mitigate the risk of any potential attacks. The problem is that many decision-makers equate this to simply installing the latest anti-virus software. Unfortunately, viruses and malicious software have evolved and need to be addressed differently. As with any security concern, the biggest threat often comes from the employees of a company. From disgruntled users to unsuspecting people clicking on suspicious links, a company must make sure that it provides the right level of data access to the various employees in the business.

Addressing security concerns
This is not only something that happens amongst private sector organisations. Governments must be aware of the risks, that not effectively securing their data and testing their DR and BC strategies could have on operations. The impact could be significant not only in the running of a department but also the operations of a country.

In South Africa, most public sector departments still store their data on legacy applications. In recent years, the government has started migrating to more centralised systems in an effort to improve accessibility of data and minimise the ‘sprawl’ occurring in their server architecture and information systems. However, they still need to ensure that availability remains the priority during the shift (just as with private sector organisations).

Ultimately, DR, BC and cybersecurity policies should not just be about a tick box approach. Instead, these need to be regularly tested (more than just once or twice per year). Many of these availability tests happen in either a simulated environment, over weekends or at night when there is not a peak load on the systems.

Disaster can strike at any time. It is therefore imperative to conduct testing during peak load times to experience first-hand what will happen in the event of a disaster. This requires a different way of thinking and one that executives in the digital world need to start embracing.

As is evident by the Report, the significance of not having access to data when it matters most could potentially result in a company having to close its doors.

By Claude Schuck, regional manager for Africa at Veeam