2017: The Year Risk Mitigation Determines IT Investments
The rapid acceleration of technological advancements, business requirements and user demand has underscored a fundamental shift in the world of computing and, likewise, data protection. In response, IT teams have evolved to keep pace, with many attempting to simplify by adopting virtualization or cloud-based solutions; however, these teams are often still required to support legacy systems.
Now, throw into the mix the reality that we live in an era besieged with reduced budgets and resources, more complex data, and growing threats to business-critical systems that necessitate organizations to adopt more stringent recovery time and point objectives, and it’s easy to see how delivering on the promise of always-available, let alone protected data, is more challenging than ever before.
Risks to Business Data have Never been Higher, and a Slow-down is Nowhere in Sight
From ransomware attacks and hardware failures to natural disasters and server outages, no organization today is immune. A new Beazley Breach Insights report revealed that, after quadrupling in 2016, ransomware attacks will double in 2017, with organizations most vulnerable during IT system freezes or end of financial quarters. But while it may be the Fortune 500s that make headlines, attacks are also growing quickly among small to mid-sized businesses that unfortunately are often unprepared and subsequently, resulting in unprecedented loss. In an independent survey of IT service providers, resellers and consultants commissioned by Arcserve, a whopping 65 percent said their customers have been the victim of a ransomware attack in the past year alone.
Malware’s success is, in part, due to the challenge of protecting business-critical data
Malware’s success is, in part, due to the challenge of protecting business-critical data. It’s widely accepted that the amount of data businesses generate nearly doubles every two years, resulting in growing storage footprints, costs and backup requirements. To complicate matters further, applications have been stacked over applications, making data exceedingly harder to manage, while backup methodologies and solutions have also multiplied.
The end result? Compatibility issues are on the rise; issues compounded by the need for highly-specialized skills which organizations may not have the budget to develop. This leaves mid-sized companies with a patchwork of solutions and processes that inevitably result in one predictable outcome–data loss or the inability to access business-critical data. Data protection providers are taking note with a new crop of technologies and solutions that mitigate this challenge by protecting across cloud, virtual and physical environments. These flexible, comprehensive solutions deliver on an organization’s unique uptime objectives more efficiently and cost-effectively than ever before, but a complete rip and replace alone won’t save your data. IT leaders must start shifting toward data availability strategies to ensure that when malware hits or downtime happens; they can remain “business as usual.”
Leverage Risk Management Strategies to Meet New Data Availability Requirements
Growing regulation, increasing corporate governance, rising non-compliance penalties and damage to reputation have changed the conversation in many boardrooms across every industry and business size. Organizations no longer need to be sold on data availability; instead, they want to understand the best approach and how to implement it economically. That begins with mapping out not only the entire IT ecosphere, but understanding the importance of each system and application to business operations.
In any organization, some will be mission-critical; they quite literally run the business or allow customers to transact. Meanwhile, some could withstand a few hours, or days, of downtime. By taking a business-first approach, organizations will be empowered to build the most resilient and economical data protection strategy that is unique to their needs.
To take it a step further, IT teams must measure system and application criticality against direct and indirect variables, such as: the inability of customers to transact, internal and external compliance requirements, employee productivity, industry regulations and associated penalties, lost visibility due to an absent online presence, and failure to meet key performance indicators and actualize business objectives.
Organizations should also realistically evaluate the length of time and the associated loss of sales or revenue they incur to get critical data back, with recovery point objectives (RPOs) and recovery time objectives (RTOs) being crucial to this process. While few people love calculating complicated metrics, they define precisely how long a business can run without available data and are a critical early step in architecting an effective backup and recovery solution. Without them, an organization could implement a solution that ultimately leaves them vulnerable to unrecoverable losses.
Assess System and Application Interdependence to Prioritize Areas of Risk
Mapping out tiers of system and application availability requirements is just the beginning, simply because they are increasingly interdependent–making their dependencies an area for careful evaluation. In the most fundamental approach, IT teams need to identify the impact of one system failing on the others. For example, how would the loss of an inventory management application affect the company’s ability to fulfill orders, thus transact sales? Further, the unique maintenance schedules and service level requirements of each system and application should undergo careful review, with all aspects tightly incorporated into a risk assessment plan.
Now, supported by a schematic of tiered data, application and system business requirements, organizations can identify gaps in their business continuity strategy. Armed with this information, they can then prioritize critical areas of weakness and risk, allocate investments accordingly, and cost-effectively apply the right level of protection to their diverse systems to strengthen their weakest links.
Business-first Approach for Business Continuity
Ultimately, the future success of an organization is largely dependent on its ability to both protect and quickly recover business-critical data. In fact, it is so vitally important that data availability can no longer be a “goal” of the IT organization, but a business challenge that must be realized. Of course, there will always be technical, procedural and financial roadblocks for most businesses to achieve true system resiliency; however, business leaders must commit to leveraging risk mitigation strategies to guarantee availability in the face of continuously evolving threats. Fundamentally, this comes down to answering two questions:
1. What RPO and RTO requirements must each system and application deliver?
2. What expenditures should be made to ensure those results while maximizing return on investment?
Without this resolution, a business could easily find itself attempting to resume operations with a three month-old copy of its website and a half-saved customer database, not to mention an unsupported legacy application that will never come back online, or the thousands of hours and dollars wasted.
That’s not business continuity–that’s barely doing business.