Preventing the Fall of Goliaths

Photo credit: iStockphoto/Mikhail Seleznev

After the Twitter hack, you would think that all large enterprises would be eventual victims of preying hackers.

Yet, the problem is mindset. Large enterprises need to stop thinking like when they were smaller.

“Once your organization gets to a point where it has many operating units in different locations, your needs become complicated as compared to a one-location business with one IT department,” said Justin Loh, Singapore country director at Veritas.

What large enterprises need to realize is that size is a double-edged sword for security.

“Large organizations often have the means and resources to invest in the most advanced and comprehensive security systems and software to safeguard their digital assets. However, the double-edged nature of technology also means that sometimes, it doesn’t take a formidable opponent to bring down even the most established players,” said Loh.

Data blind spots

One major issue that large enterprises face is the sheer growth of data. “As the scale of an organization grows, so will the volume of business data residing within,” said Loh.

From internal employee data and proprietary business intelligence to confidential information, data assets multiply. Various regulations also mean that larger enterprises hoard the data for longer periods.

As a result, IDC forecasted that the amount of stored data in the world will grow exponentially from 33ZB in 2018 to 175ZB by 2025.

“While data provides organizations with competitive insights that will fuel growth, they need to be wary of the pitfalls of the same gift — sometimes, size gets in the way and businesses can be overwhelmed by the sheer volume of data that needs to be managed,” said Loh.

This creates data blind spots. And it only takes a single employee to become compromised, privileged access information leaked or an unprotected server attacked.

“Our Value of Data study found that organizations hold on average 52% Dark Data, 33% Redundant, Obsolete, or Trivial (ROT) and 15% of identifiable business critical data,” said Loh.

The data blind spots not only create vulnerabilities but make larger enterprises more susceptible to compliance headaches. 

“Globally, 83% of businesses reported that data silos affected their ability to prove regulatory compliance,” said Loh, citing the same report.

This implies that larger enterprises are not adequately scanning and tagging all their data so that sensitive data can be properly managed and protected.

Cloud complexity is no help

Cloud adoption creates another issue.

When COVID-19 struck, companies of all sizes were grappling for ways to cloud-ify the businesses. This results in more data and workloads in the cloud as companies looked to become more agile.

But the adoption was rapid out of necessity, resulting in data residing on-premises, in public or private cloud servers, or a combination of all of these locations.

“Without a centralized system governing the storage and protection of all digital assets, large organizations with distributed data centers, hybrid cloud operations, and multiple storage and data protection suppliers, are dealing with the most difficult ransomware attack recovery procedure of all,” said Loh. 

This would have been easier if there was a clear data management and protection strategy before the cloud migration. Most times, there weren’t.

“Many organizations are still struggling to define best practices in data protection to accommodate the cloud,” said Loh.

The multi-cloud model makes the picture murkier as it becomes more difficult to know who should be responsible for managing and protecting cloud data.

“Our Truth in Cloud 2019 report discovered that despite nearly 50% of businesses hosting almost half their organization’s infrastructure on the cloud, close to 85% of the respondents globally operated under the false assumption that the cloud provider is responsible for backing up cloud data,” said Loh. 

It is no surprise that many large enterprises do not even know how to safeguard their assets. 

Data transparency rules

“The truth is, you simply can’t manage what you can’t see. Eradicating these blind spots would require organizations to tackle the challenges of ineffective data management,” said Loh.

This means all organizations, whether large or small, should strive to build a single data management platform that offers “absolute visibility and control over their data estate.”

Loh points to solutions like his company’s Enterprise Data Services Platform (EDSP), which spotlights a unified platform controller NetBackup 8.3 to strengthen ransomware resiliency across applications and infrastructure and manage multi-cloud environments at scale — from edge, to core to cloud. 

Large enterprises need to study their data resiliency. It measures “the ability of a business’s IT infrastructure — encompassing server, network, storage system, or entire data center — to recover quickly and resume operations in the event of a data outage,” explained Loh.

A continuous data protection policy is a good start, allowing enterprises to maximize the amount of data that can be recovered by reducing Recovery Point Objectives (RPO) for virtual machines to near zero. A single unified solution and a robust system recovery policy can help enterprises to recover from downtime in minutes by leveraging a superior backup and disaster recovery system across servers, desktops, and laptops.

Lastly, large enterprises cannot slump on enterprise-class risk analytics tools. “By triangulating content classification, metadata attributes and user behavior forensics, risk analytics tools empower businesses with actionable intelligence that permeates and helps them to illuminate the darkest corners of their file environment — no matter how large or complicated the data landscape is,” said Loh.

Seeing it differently

The biggest problem is the narrow view towards cybersecurity that large enterprises have. This leads to a reactive approach to security breaches. 

Loh suggested enterprises look at it in reverse: proactively minimizing the impact of security breaches from the get-go. This, he felt, prepares them to recover from the breaches and attacks that are inevitable.  

“As cliche as it sounds, defense is the best offense — this is the way to ensure no tech goliaths fall prey to the antics of ill-intentioned ‘Davids’ again,” said Loh. 

Photo credit: iStockphoto/Mikhail Seleznev