As data proliferates in the cloud and on-premise, data breaches and regulatory compliance are proving to be burdensome – financially or otherwise.
IDC predicts that the amount of data the world will be storing will grow from 33ZB in 2018 to 175ZB by 2025.
Unless your organization has effective ways to manage data, you are going to have a massive headache with data compliance and a sizeable hole in your pocket just trying to store these data – not to mention the fortune spent on protecting it.
According to Veritas’ Truth In Cloud 2019 Report, nearly 50% of businesses have almost half their organization’s infrastructure on the cloud, yet almost 85% of their cloud administrators are uncertain of who is liable for the integrity and recovery of their cloud assets.
In its Value of Data Study, Veritas found that organizations are losing millions of dollars annually as they struggle with data management challenges.
In this cloud era where threats to cybersecurity is prolific and data compliance becomes increasing onerous on businesses, how could we avert the brewing threats of cybercrime and penalties for non-compliance, and transform it into opportunity?
Justin Loh, Singapore Country Director, Veritas, shares some insights in a discussion with CybersecAsia.
Over the years, we’ve seen the proliferation of cybercrimes and how governments have tightened their grip on data governance in response. What’s your take on data management in such a climate?
Loh: I’d like to think that compliance and security share a symbiotic relationship and one cannot flourish without the other. This is especially so in today’s data-driven economy, where the failure to synergize both functions often leads to repercussions for businesses.
Let’s break down the discussion into two separate scenarios:
1. How cybersecurity requirements have shaped the digital compliance landscape
Globally, cyber incidents such as data breaches, ransomware and spoofing incidents, are ranked as the most important business risk. There are good and costly reasons why: the sky-high price to pay for data recovery, cost of information loss, and the intangible loss of consumer goodwill.
To put these costs into perspective, let’s take a look at ransomware attacks as an example.
Exorbitant ransoms sting the hardest in a ransomware attack. We’re talking about a whopping figure of US$11.5 billion annually, even before considering the cost of reputational damage to a company’s brand:
- Findings from our recent ransomware survey revealed how consumers demanded businesses to surrender an average of US$1,167 per user to criminals in the event that the customer’s own data is compromised.
- Additionally, 65% of consumers cited that they should be personally compensated if the company still can’t retrieve the information that’s been stolen.
- On top of this, there is the huge cost of getting a business back on track with downtime, loss of production, and challenges to deliver or bill for products.
In the past, ransomware was something that only affected a few unlucky people who were forced to pay a couple of hundred dollars to regain access to their locked-out laptops. However, it has since evolved into a lucrative crime – a multibillion-dollar-a-year industry – as cybercriminals increasingly target vulnerable organizations.
However, the costs don’t stop with the ransom payout; our survey also showed that people quickly lose patience with companies that continue to fall prey to ransomware attacks:
- Almost half of respondents (44%) would stop buying from a company that had been the victim of such a crime.
- As many as 40% of consumers held the leader of the organization personally responsible for the attacks.
How should businesses proactively safeguard and future-proof their IT infrastructure from such costly threats? Compliance answers this question.
2. Oiling the wheels of compliance
Suffice to say, businesses are operating in a climate of consumer distrust – with good reason. That is not to say no good came out of this. Authorities around the world have tightened their hold on industry data governance framework. However, compliance goes beyond complying with government regulations – companies need to review internal data hygiene standards and take into account challenges that are unique to their organizational structure and IT environments.
Undeniably, this is easier said than done – especially in today’s complex IT environment where data can reside on-premise, in the cloud, or the common hybrid state. Compounding the issue is the option of outsourcing the management of data in the cloud to third-party service providers.
With data expected to grow exponentially from 33ZB in 2018 to 175ZB by 2025, data management simply makes good business sense. In fact, Veritas’ Value of Data study concluded that 83% of businesses globally reported to have been blindsided by data silos, impacting their ability to prove regulatory compliance: globally, organizations hold on average 52% Dark Data, 33% Redundant, Obsolete, or Trivial (ROT) and 15% of identifiable business critical data.
As it stands, Singapore businesses are staring at losses of up to US$2.66 million annually, owing to data management challenges. This comes as no surprise because employees lose approximately two hours each day searching for data, resulting in a 16% drop in workforce efficiency.
Gaining visibility and insight into where data and sensitive information is stored, who has access to it and how long it is being retained is a critical first step in the pursuit of compliance.
What are some data management best practices for businesses today?
Loh: If cybersecurity and compliance is the goal, then an effective data management strategy is the blueprint for a profitable business.
At Veritas, we believe that an integrated approach to data management is key to helping organizations gain control of their data and manage its growth, reduce impact of ransomware, and improve compliance across on-premises and cloud environments.
At the core of such a data management platform would be a unified set of technologies designed to abstract the complexity of enterprise IT, underpinned by these three important pillars to help businesses take on tomorrow’s IT realities:
- Availability: Businesses need to ensure they can weather the storms of disruption, unplanned downtime or data breaches. Case in point: our Truth in Cloud 2019 Report found that over 50% of organizations today demand a cloud uptime target of more than 99.99%. Achieving that requires businesses to put in place consistent and reliable backup and recovery measures so that mission critical applications are always available during cloud or data center disruptions.
- Protection: Data protection goes beyond preventing and responding to cyberattacks. It extends to how businesses can efficiently recover from these attacks and how the impact of such breaches can be mitigated and minimized from the onset. While cyber hygiene is a priority for most organizations when it comes to data protection, the importance of data resiliency should not be undermined. Simply put, data resiliency measures the ability of a business’ IT infrastructure – encompassing server, network, storage system, or entire data center – to recover quickly and resume operations in the event of a data outage. Recovery solutions such as NetBackup 8.2 help businesses enhance their resiliency by integrating key protection, recovery procedures and single-click recovery orchestration, so that all data can be recovered ‘anywhere, anytime’.
- Insights: I cannot emphasize this enough, but data visibility is an absolute imperative in this equation. Without a clear understanding of where critical data resides or how it is used, businesses run the risk of failing to be accountable for the use, storage and protection of consumer data. For example, APTARE IT Analytics software offers users unified visibility and absolute control over backup and recovery policies, helping to reduce the exposure of unprotected data by automatically identifying clients and data sets that aren’t protected under a backup policy.
It’s time for data management to take the driver’s seat. More than 70% of businesses that have taken this path have reported reduced costs, and over two-thirds indicated that their employees are empowered to be more productive.