Security
Data Resilience:
From Backup/Recovery to Resilience
Discussing cybercrime and its consequences for any organization has become a given. Yet, too many companies still limit themselves to deploying backup and disaster recovery measures, considering themselves sufficiently protected. While these are obviously essential, it is now crucial to envision a comprehensive data resilience strategy.
Protecting data against hacking, theft, or any incident (flooding, bad weather, fire, etc.) is certainly a priority, if not a necessity, for any organization today. Backup and disaster recovery solutions are widely deployed in organizations. Likewise, the cloud can offer a solution by offloading data and application storage outside the company’s walls, providing enhanced security.
Why?
According to various studies, nearly 75% of companies surveyed do not have an estimate of the hourly cost of downtime following a failure of their IT systems. Additionally, among companies affected by a work interruption, nearly 50% have lost data. Despite the growing success of the cloud in all its forms (private, public, or hybrid), about 75% of companies report not having high availability protection and disaster recovery for their cloud-stored data.
However, resilience solutions should address these issues. In practice, resilience refers to the ability of an IT system to continue functioning in the event of a failure, incident, hacking, or a surge in business activity. It involves implementing 'backup' measures to minimize the impact of an incident on IT.
Thus, it is not only about protecting data but also deploying measures and processes to resolve potential problems. Such measures must be defined proactively to be implemented quickly and effectively.
How?
While data protection/recovery is reactive, resilience is proactive. Initially, the company will define a comprehensive approach to cybersecurity and data protection. Organizations like NIST (National Institute of Standards and Technology) and ISO (International Organization for Standardization) offer various tools (standards, guides, best practices, etc.) to manage security risks. Beyond these measures, the company will focus on risk assessment, implementing access controls and encryption, raising staff awareness, and using classic security tools (firewalls, intrusion detection and prevention systems, etc.).
Additionally, a comprehensive disaster recovery plan will be developed to ensure that in the event of an incident, downtime is minimized, and recovery times are optimized within a backup and recovery solution. Beyond this plan, the company will ensure its effective deployment and regular updates. It is also essential to verify that backups are correctly performed and that data can be read and recovered in case of an incident.
As previously mentioned, the cloud can provide the scalability and flexibility often needed in modern enterprises. However, it is crucial to ensure that backups are effectively performed since contracts with cloud providers are not always transparent in this regard. In case of a problem, it may be too late to seek legal recourse against the service provider.
Benefits
Data resilience is not a 'one size fits all' approach. Beyond data recovery and IT system restoration, data segmentation will be a crucial element to prioritize and classify data based on its urgency and criticality.
Resilience offers numerous benefits, with the most obvious being optimal data protection, improved data storage reliability, and minimized unplanned downtime. Additionally, resilience allows the company to better manage its data and comply with data retention and security regulations.
Moreover, the company’s reputation and credibility with clients and suppliers will improve as concrete and effective measures are taken to counter cyberattacks and other potential incidents. Finally, a resilient IT approach enables better management of unforeseen situations and provides methods and techniques to mitigate risks, ensuring always-available IT systems.
