Weather the Security Storms Ahead by Knowing your Data

Shaun McLagan, Senior Vice President, Asia Pacific and Japan, Veeam Software

Shaun McLagan, Senior Vice President, Asia Pacific and Japan, Veeam Software

Whether you’re a government, bank, airline, telecoms or retail company, no-one is safe in today’s world of omnipresent cyber threats. Which means your data has never been at more risk. From data privacy, cyberattacks to insider threats, getting breached and compromised is simply an inevitable fact that people must accept.

You will get hacked. You may or may not get fined. But your reputation may never recover. Your customers, partners and stakeholders will accept that security breaches can and will occur. What they cannot accept is the inability to detect, to know the impact and to immediately respond and protect their data.

Knowing your data, where it resides, how it’s being managed and when integrity is compromised is the best possible way to being prepared to weather the inevitable storm of a data breach or cyberattack. But this is particularly difficult in an age of rapid growth in volume and sprawl of data.

The importance of data visibility

The rise of IoT and interconnected systems means that today’s data is drastically different from yesterday’s data. Every interaction, be it internal or external leaves a trail of data that could potentially be traced and exploited. Large and successful businesses hold a vast amount of third-party data, resulting in far higher stakes for their data management solutions.

Should this third-party data such as credit card, passport or ID card numbers be compromised. This information could be used on the “dark web” as fake identification and compromise customer security.

It is pertinent for organizations to learn how to intelligently manage vast amounts of data. Unified visibility and control into usage, performance issues and operations minimize gaps in management. Investing in dashboard visibility is one method that enables IT teams to immediately pinpoint where and when a data breach occurs.

Attack prevention cannot stand alone

Preventing attacks in the first place is only the initial line of defence, but a breach is inevitable.

IT is pertinent for organizations to learn how to intelligently manage vast amounts of data

Beyond great perimeter security, enterprises need to provide assurances to customers and stakeholders that applications will return to service soon and be informed as soon as their data has been compromised.

The only way to do that is by knowing the data you store inside and out.

Careful treatment of privileged accounts and control of permissions, ensuring regularly updated antivirus and anti-malware scans, and awareness training for employees are important aspects of cybersecurity. However, if you know exactly where all your data is, what its purpose is and how it can be used, you can act quicker to analyse the impact of a breach, begin a targeted recovery process as well as inform all affected parties. This ensures minimal downtime as well as the ability to assure your customers and stakeholders as to whether their data has been affected.

Responsible reaction

In the event that despite best efforts, malicious users still manage to navigate through your best defences and leave you at a loss to assess the damage, a public admission months after a data breach is no longer acceptable. Aside from falling foul of new regulations across the world (particularly in Europe with GDPR), users deserve to know when their data has been accessed.

Under EU law, breaches should be reported within 72 hours, and corporate lawyers globally should be aware of this since the enactment if GDPR on May 25 this year. So while businesses in Asia may not all need to comply, any business with dealings in Europe, have customers or hold data that is located in Europe should all be seeking clarification with lawyers to ensure they avoid the hefty penalties in case of non-compliance. The question arises again – do you know your data well enough to identify these risks and be able to act on them immediately?

Own your data, control the problem

Veeam’s work with different banks for example have shown how knowing your data means that you can be on top of your business. They valued the ability to recover individually deleted emails to customer requests for data that has been buried in terabytes of other data. They were able to leverage application item recovery for security and compliance purposes as well. So that if an employee or partner claimed their security privileges have been changed our client can easily browse the backups and verify their claims.

On top of this, our clients found that a good data management solution allowed them to track trends and pre-empt the need to adjust resources according to fact-based forecasting which helps maintain hyper-availability of their data no matter the demand or scenario or risk.

The constant stream of recent high-profile security incidents around the world serve to remind us all of the importance of data visibility, security, and the need to respond – in raising alerts for suspicious activity, in understanding and mitigating situations and in updating affected users on the situation. Organizations need to take the proper steps to ensure they own their data and are not being owned by data.