Steve Blow at Zerto, a Hewlett Packard Enterprise company, explains why it’s time to rewrite the rules on resilient infrastructure
What is the first thing that comes to mind when you think of a resilient infrastructure? Maybe it is well-built roads and bridges – or an electrical grid that is designed to withstand major storms. These would all be good suggestions. After all, an infrastructure’s resiliency level has a direct connection to the economic impact of a crisis such as a natural disaster for example.
But there is another important foundational piece of infrastructure that is potentially vulnerable to attack or compromise: IT systems and data centre operations.
It’s an important consideration for two reasons. Firstly, rising cyber threat levels mean organisations now face ransomware attacks that are growing both in severity and frequency. Secondly, with hybrid and remote working a permanent feature of the post-COVID workplace landscape, organisations can no longer ignore the need to address the potential vulnerabilities that could impact the ability of their infrastructure to maintain and support resilient operations.
So, why should organisations ensure their IT infrastructures are appropriately prepared for any potential disaster on the horizon?
Why it pays to focus on enabling resilience
Recent research has found that last year a staggering 61% of companies were impacted by some form of ransomware, up 20% compared to 2019. This unprecedented jump in attack volumes, stimulated by the pandemic-driven digital transformation efforts of organisations around the globe, highlights how the cyber-security risk stakes are now well and truly elevated.
Noting that poor cyber-security preparedness and a lack of user training were among the reasons why so many organisations succumbed to a ransomware attack, the report’s findings on the impact of these attacks is compelling reading.
Over one-third of the firms hit by ransomware confirm the resultant downtime that was experienced lasted one week or more, with most organisations losing on average six working days due to system downtime. Worryingly, while 52% admit having paid a threat actor’s ransomware demands, only two-thirds of these recovered their data – leaving one-third who never saw their data again, despite having paid the ransom.
Without a trusted backup and disaster recovery plan in place, surviving the fallout that results in the aftermath of a ransomware attack proves costly in more ways than one. Despite having paid a reported $2.3 million to its attackers, Travelex never fully recovered from the financial and reputational losses experienced following a ransomware attack that took place on 31 December 2019. By August 2020 Travelex finally had to finally call it a day and went into administration, with the loss of 1,300 jobs.
This explains why many organisations are now rethinking what resilience looks like to bolster how they withstand and survive the aftermath of catastrophic events such as natural disasters or criminal attack. Indeed, according to Gartner, worldwide spending on information security and risk management technology and services is set to grow 12.4% to $150.4 billion this year.
However, spending on cyber-security solutions alone isn’t going to deliver the resilience that’s needed to enable a truly rapid recovery in the aftermath of an IT disruption or unforeseen event.
Adopting a holistic approach
In the past, IT teams responsible for cyber-security, business continuity and disaster recovery typically operated in silos. However, there is a growing recognition that this is a flawed and highly disjointed strategy that potentially creates serious blind spots in the organisation’s defences.
What is needed instead is a much more holistic approach. One that brings cyber, business and infrastructure resilience together. Which in turn enables a much more coordinated response to risk and facilitates a more unified prevention and mitigation effort.
In today’s data-driven world, losing even 24 hours of data can have catastrophic commercial and operational consequences. That means ensuring that backup and recovery processes are able to stay up to date with every changing detail in real-time.
To achieve this, organisations are initiating Continuous Data Protection (CDP) platforms that make it possible to track and capture each data modification in real-time. Storing each piece of user-created data locally or at a target repository, CDP uses an incremental process to continuously replicate data to a journal file.
This means that when data needs to be recovered, IT teams can restore data on a much more recent and granular level – right up to the time when a system went offline. It’s the equivalent of being able to rewind a video clip and picking up from the last frame you viewed.
A new way to protect data and business continuity
CDP is changing how IT organisations protect data. As well as offering sub minute or near zero recovery point objects (RPOs), CDP platforms make it possible to restore data and applications directly into production. Even better, there is no need to implement a separate backup or DR infrastructure.
Delivering converged data protection and disaster recovery, enabled by continuous data protection technologies, organisations can drive the highest possible levels of business availability – and recover faster, with less data loss, should the unthinkable happen.
In a world where a ransomware attack or any number of other risks have the potential to cripple operations and compromise data security and availability, CDP makes it possible to keep data backed up in real time. Protecting systems with minimal data loss and downtime in the event of a malware attack or other data-related business disruption.
Steve Blow is EMEA Sales Engineering Manager at Zerto, a Hewlett Packard Enterprise company
Main image courtesy of iStockPhoto.com