Know your data footprint to secure your data

Sheena Chin, Managing Director of ASEAN, Cohesity shares why existing data management is haphazard and inefficient.

EITN: Could you explain why the discipline of protecting, storing, identifying and provisioning organisation data is haphazard, inefficient and expensive? Why are these a challenge for organisations’ IT teams?   

Sheena: Managing data and its proliferation is a challenge that faces all organisations and continues to intensify through the acceleration of digital transformation, adoption of data-driven applications, and workforces operating remotely. This challenge is especially intense for organisations relying on legacy technology that was developed last century, which was not designed for the IT and technology environments of today, let alone cybersecurity challenges like ransomware.

Legacy technology is inefficient because it creates the added complexity of needing to take a ‘DIY’ approach to managing multiple products from multiple vendors. This results in time sinks for already stretched IT teams, and a much higher total cost of ownership. The closed nature of this old technology impacts efficiency and adds to the cost of managing data, as these legacy solutions are often designed to perform a single or siloed function, and not to run as part of an integrated technology environment. For example, integrating into modern orchestration and automation tools, or struggling to run critical external applications for analytics, compliance or reporting.

Dark data is a critical concern for organisations’ data management and compliance objectives because if you don’t know your data footprint, you can’t secure your data.

The haphazardness and cost of legacy systems goes beyond operational challenges, to how they stack up against the sophisticated cyberattack techniques of today. Attack surfaces of organisations are significantly extended by this isolated and old technology, which doesn’t share common security policies or provide visibility to IT teams of irregular behaviour and potential threats present within organisations’ technology ecosystem. This is a major issue, as ransomware can destroy a company’s reputation, operation and revenue stream in minutes, with the average cost of ransomware recovery in Asia-Pacific & Japan doubling in the past 12 months to $US2.34m (according to Sophos).

At Cohesity, we believe organisations need next-gen data management capabilities, and offer technology, which delivers the unique combination of: simplicity at scale, zero trust security principles, is powered by AI-insights, and offers 3rd-party extensibility. Together, the integration of these elements allows organisations to address the complexity, inefficiency, cost and risk of managing data with legacy solutions, and helps unlock limitless value from data. This is how Cohesity helps customers to reduce data silos, gain visibility and control of their data, protect data from ransomware, increase operational efficiency and agility, and derive greater value from data – such as making it usable for downstream applications like machine learning, analytics and DevOps.

EITN: Why is data management so crucial to helping mitigate against the ever-increasing number of ransomware attacks?  

Sheena : Organisations with unstructured and siloed data, who rely on complex legacy data management technology, have an increased vulnerability to cyberattacks like ransomware. This is where data flips from being a valuable asset to being a liability, and is why we are seeing data compliance, a key element of modern risk management, and data management collide. When data is scattered across a data center, the edge, remote offices, and multiple clouds, with no central visibility or control, we call this mass data fragmentation. Fragmented data usually means that you have ‘dark data’, which occurs when you don’t know what data you have, the types of data you have, where it is located, whether it’s secure and compliant, if it’s backed up and recoverable.

Organisations who simplify their data footprint, by consolidating where data is stored and maintained, reduce their attack surface.

Dark data is a critical concern for organisations’ data management and compliance objectives because if you don’t know your data footprint, you can’t secure your data.

Organisations who simplify their data footprint, by consolidating where data is stored and maintained, reduce their attack surface.

This relationship between securely managing both the data and the process that utilises the data, is why we are seeing not only data compliance and data management collide, but data management and InfoSec colliding. Knowing where data is by data classification and how that data is used to support operations, provides the visibility needed to manage data proliferation and access to the data, meeting both the operational and cyber security requirements.

This raises the concept of cyber resilience, a relatively new concept, which is based on the idea that an organisation is able to continuously deliver their intended outcomes despite adverse cyber events. When cyber resiliency is the objective, the focus shifts to conducting business securely, and that changes how problems are framed that a security posture needs to solve. Cohesity’s next-gen data management platforms support a zero-trust architecture and helps organisations to preserve business continuity and their reputation through effective data governance, management, and protection.

EITN: Ransomware attacks are happening every 11 seconds? Are these ransomware attempts? When are these ransomware attacks successful?

Sheena: According to Cybersecurity Ventures, ransomware attacks happen globally every 11 seconds and are expected to increase to every 2 seconds by 2031, which means ransomware is here to stay. Attackers are taking particular advantage of the data proliferation inspired by the pandemic and workforces operating remotely, who may also be using shadow IT or are simply outside the security parameters of their in-office network. While security is known to be a boardroom priority, we are now seeing data management move from an IT concern to a boardroom priority too, with ransomware a key influence in this shift.

In fact, Gartner predicts that approximately 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member by 2025.

The sophistication of cyberattacks and ransomware, along with the intent of malicious actors, is most alarming. Initially ransomware attackers focused solely on production environments, before realising that a company’s ability to recover from backups reduced the need for companies to pay the ransom in order to get their systems up and running. As a result, malicious attackers have shifted their approach to compromising backups first, to make it harder for companies to recover their operations without paying the ransom. Attackers now also see the value of data exfiltration, in addition to ransom payments, as data has immense value and where there is value there is a market for it. This means the blast radius of ransomware attacks has greatly increased beyond ransom payments to include impacts such as loss of brand equity and customer confidence, and the issuing of regulatory fines, all of which can exceed the cost of ransoms.

Organisations can enhance their cybersecurity posture and security foundation by timely patching of known vulnerabilities, ensuring data is encrypted in transit and at rest, aligning to zero trust security principle, securely backing up production data, and testing recovery from back-ups. In addition to these measures or ‘protect controls’, there should also be a focus on controls that limit the impact of ransomware attacks.

Ensuring recovery capabilities meet aggressive recovery time and point objectives will significantly reduce the impact of a ransomware attack, and the need to pay ransoms. Thinking about these controls holistically reduces the likelihood and impact of these breaches. Going beyond only backing up production data, to ensuring that these backups are encrypted and immutable, frequently occur, and can quickly be restored from, will have a big impact on an organisation’s security posture.

In fact, Gartner predicts that approximately 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member by 2025.

EITN: How can effective data management and protection amongst public and private organisations play a critical role in the national journey towards becoming a digitally resilient nation?

Sheena : The winners and losers of tomorrow will be decided by those who can gain better insights from data, protect against ransomware, and make data governance a priority. Through data governance and management, organisations can protect this most valuable asset in their data, ensure operational continuity, and stakeholder trust, which is what lies at the heart of digital and cyber resiliency. The ability to recover from data breaches or loss as quickly as possible, whether you are a business or government institution is imperative in the digital world of today, and tomorrow.

Public and private organisations can meet these objectives provided they implement a modern data management approach and move beyond the legacy solutions of yesteryear. Next-gen data management platforms clear the path to digital resilience and data trust because they are built to deliver the simplicity at scale, support zero trust security principles, provide AI-powered insights, and offer 3rd party extensibility, which are fundamental characteristics of a modern data management approach.

Whenever technology is used, valuable data is generated. The reality is that if the governance or protection of this data is brought into question, then not only will trust in organisations be undermined, trust in technology adoption and innovation will also be undermined. Nations and governments understand the necessity for trust in data, its governance, and protection, which is why there are regulations and legislation – like the PDPAs in Singapore and Malaysia – being enacted to encourage safe data management, mandate accountability, and instil stakeholder trust.

New technologies such as 5G, IoT, AI, and machine learning, all require effective data management to not only maximise their value to citizens and businesses, but to ensure trust in their deployment. The transformative potential of these technologies is well documented, which is why data management goes  beyond helping to create a digitally resilient nation and plays a key role in their technology evolution.

EITN: Please share the top 5 best practices/advice for enterprises

Sheena: Here are the top 5 practices:

1. Accept & embrace your data proliferation: Organisations had to shift rapidly to working from home as the pandemic set in and at short notice, resulting in greater data proliferation and the growth of local stores; in applications or on devices that may not be visible to IT teams. IT teams and organisations must now get a handle on all this data to adequately govern, protect, and benefit from it.

2. Review & revise your data policies and management approach: Consider how you are collecting, governing, managing, storing, protecting, and backing up data. With ongoing digital transformation, updates to regulations and legislation, and the integration of new technology, simply relying upon the way you’ve always managed data and your legacy data management technology isn’t enough. Working backwards from the outcome you are looking to achieve, and reviewing your data management technology based on its next-gen capabilities, is a great place to start.

3. Adopt the 3-2-1 rule to backups: Under this rule, you must have at least three copies of your data, store the copies on two different types of media, and keep one backup copy offline or offsite. This simple approach means you will always have an available and usable backup of your data and systems. Offsite and offline backups not only limit the effects of ransomware but help to maintain business continuity, when combined with the right security solutions and employee awareness training this rule may help prevent ransomware altogether.

4. Invest in immutable backup technology: Make sure you are investing in data management technology that has immutability baked in and not added as an afterthought. Immutable backups and their data cannot be modified, encrypted or deleted, making them one of the purest ways to tackle ransomware as they ensure the original back job is kept inaccessible. This means that while ransomware may be able to delete files in a mounted or read-write backup, these files are not able to be mounted on an external system and the immutable snapshot will be unaffected.

5. Test & test again: You may already have a backup schedule, you may have implemented the 3-2-1 rule, and even immutability, however, testing the implementation of these best practices and how long it will take to recover from your backup is vital. Do you have the ability to restore a certain file individually or do you need to do a full restore? How long does this take? How often do you test your backups to ensure they work? Being able to answer these questions is crucial because it will be too late when disasters like ransomware strike.