Story image

The importance of knowing your data to be secure

20 Mar 18

Security is a complex business. Last year, we witnessed a number of highly disruptive cyberattacks that impacted business operations, resulted in financial loss, and even harm (or continue to harm) the reputations of affected organisations. These high profile incidents, alongside increasing government legislation, highlight the need for organisations today to put security at the top of the business agenda in order to protect their most valuable asset – data.

The reality is, all enterprises have a responsibility toward their data – they have to be able to protect it, at all times, from all risk. Risk comes from a range of different places; internal, external and increasingly through technologies like cloud. But it’s impossible for businesses to protect themselves if they don’t know what they are protecting, and that’s not always as simple as it sounds.

Understanding where data is stored, and for what purpose, has therefore quickly become essential for businesses to bolster their security. Organisations must seek to understand what data they have – be it in the cloud or elsewhere – in order to better plan their cybersecurity strategies.

Where to start? Backup?

Businesses will often find themselves preoccupied with implementing security measures in a bid to keep attackers out, but it should not be their sole concern. While security is critical, it is widely acknowledged that attacks will occur and organisations will be breached. Therefore preventative security measures are only part of the picture. Being able to recover from a seemingly inevitable breach, or minimise the damage, is actually the mission critical part.

Data back-ups are able to protect businesses against internal and external threats by ensuring the minimisation of data loss scenarios. Having a secondary copy of data empowers information-driven organisations to strengthen their business continuity plans, minimises down-time, and enables a quick and fast recovery that provides businesses with a competitive edge when battling cyber threats today.

Don’t keep all your eggs in one basket

With 93 per cent of organisations using cloud services in some form, it is evident that the cloud has made a positive impact on businesses in today’s digital economy. However, business leaders should not rely on a single data storage type, or a single provider.

When an organisation’s cloud provider is targeted, attackers may choose to focus on the business’ administration control and quickly cut the victim off from their data in the cloud. This gives attackers the option to delete snapshots and backup copies of data at their leisure, eliminating all critical information and disrupting the business.

Business must take the additional step to keep data protected – that includes storing data in both on-premise and in the cloud. However, having multiple copies of data with good practices, still needs to be managed. Organisations that employ exceptional data management hygiene will always know where their data lives – across public or private cloud(s), on-premises or co-location sites – and will have specific data backups and processes in place to protect it. When an emergency occurs, data recovery for these organisations is fast and automated.

Last thoughts

Organisations must know everything about their data in order to keep it secure. Taking the time to understand the ins and outs of their data; including its whereabouts, uses and characteristics, whilst adhering to good data practices, is the only way organisations can avoid the long-term consequences of cyber attacks. At the same time, these practices have added benefits including improving redundancy, and assisting in developing a clear and automated disaster recovery plan.

Article by Commvault principal architect - APAC, Chris Gondek.

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.