The best practice
approach to data
protection for
modern organisations
Organisations which do not employ robust data protection schemes
put themselves at serious risk of suffering a data breach and causing
potentially fatal damage to the business. Florian Malecki, International
Product Marketing Senior Director of StorageCraft, explains how
organisations can better protect themselves by assessing and testing
their recovery plans for ransomware prevention.
W
Why is constant data availability so
crucial for modern organisations?
Data is the lifeblood of any modern
organisation. It provides the foundation for
understanding where a business is positioned
and is essential to analysing customer
behaviour, navigating markets and assessing
a business’ performance. Many successful
business leaders are dependent on the insight
provided by data to make informed decisions
about the business’ future.
If the data is breached, subject to a
ransomware attack or unavailable for a given
period of time, it can prove catastrophic to
a business. Lack of access to critical data
can lead to malfunctions across the entire
business, from significant revenue loss as
a result of system downtime, to remote
workers being unable to access shared files.
Unquestionably, the constant availability
of data is fundamental to the longevity and
success of any modern organisation.
What is driving the need for
businesses to re-assess data
protection strategies?
Companies are generating oceans of data –
and not all of that data is equally important
36
to their function. Organisations that know
this and know which pieces of data are more
critical to their success than others will be in
a position to better manage their storage and
better leverage their data. Think about it.
As organisations deal with a data deluge,
they are trying hard to maximise their storage
pools. As a result, they can inadvertently end
up putting critical data on less critical servers.
Doing so is a problem, because it typically
takes longer to access slower, secondary
machines and leverage that critical data. It’s
this lack of speed and agility, that can have a
detrimental impact on business.
Traditionally organisations take a server-
based approach to their data backup and
recovery deployments. Their priority is to
back up their most critical machines rather
than focusing on their most business-
critical data.
So rather than having backup and
recovery policies based on the criticality of
each server, we will start to see organisations
match their most critical servers with their
most important data. In essence, the actual
content of the data will become more of
a decision-driver from a backup point of
view. The most successful companies in the
digital economy will be those that implement
storage policies based not on their server
hierarchy but the value of their data.
What are the implications for
organisations which do not employ
robust data protection schemes?
Organisations that fail to implement
a robust data protection scheme put
themselves at serious risk of suffering a
data breach and causing potentially fatal
damage to the business. When it comes
to system downtime, businesses risk
both reputational damage and the cost
associated with downtime.
If customer data is stolen, clients
will lose trust in the business and may
look to competitors. In addition, if
employees aren’t able to access critical
files, productivity will plummet. Companies
without a robust data protection scheme
should look to implement one as a matter
of urgency.
What best practice approach
should organisations take to
data protection?
StorageCraft recommends organisations
assess and test their recovery plans for
ransomware prevention, remediation,
systems failures, any type of natural
disaster, on a regular basis, being once a
year, twice a year, etc. It is the only way to
know whether they can meet their Recovery
Point Objectives (RPO) and Recovery Time
Objectives (RTO).
In the event of a ransomware attack,
businesses should first identify and locate
their business-critical data and take steps to
protect it. This step includes email security
systems, firewalls, regular software updates,
clearly audited administrative and access
policies and user education.
Prevention is not foolproof, which
is why a ransomware-specific plan for
remediation and recovery is essential.
Thwarting ransomware is dependent on an
organisation’s data locality (i.e., on-premises,
in the cloud or in cloud-based applications
such as G Suite and O365) and preferred