SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
World Backup Day – expert panel provides insights
Sun, 31st Mar 2019
FYI, this story is more than a year old

Sunday the 31st of March marks an occasion of increasing importance as businesses become increasingly fuelled by data – World Backup Day.

In light of this, we have gathered commentary from some experts in the field to garner an idea of the current IT environment and what businesses should be doing.

KCOM information security consultant David Francis

“This World Backup Day, it's vital that businesses track data movement.

“It takes companies an average of 206 days to discover a breach, so generally, they are not aware when they have been attacked. The scary thing is, the threat doesn't have to be external as insiders pose just as much of a threat to your data. Research from Veriato shows that 90 percent of organisations feel vulnerable to insider threats. It could be a developer with a grudge placing a time bomb in the system to erase crucial intellectual property, or even an outgoing executive quietly deleting things in the background.

“If done quietly over a period of time, you could lose your data and even your backups, with no way of tracing the culprit. This is in addition to the huge GDPR fines you would face.

“With that in mind, companies need to ensure that they have a clear understanding of their IT infrastructure – if they're in the cloud, do they understand how data is proliferating across it, and what essential data is being stored where? An ongoing cloud optimisation programme can help to guide data backup projects, providing an up-to-date map of your cloud resources and which business units are using resource where.

“Companies need to have measures in place to track data movement to prevent this kind of insider threat. Businesses should take World Backup Day as an opportunity to check whether your security system is tracking data movement – if not, your backups may be at risk…

Aruba head of engineering Lorenzo Giuntini

“The level of awareness around data protection has certainly increased in recent years, although there are still companies that are afraid of outsourcing their data, thinking that keeping it on their hard drives is safer. Days like World Backup Day must make it clear that this is not the case.

“We know that data is the most valuable asset of any company and for this reason, it must be entrusted to professionals and secured appropriately. We want to make it clear that there are high-level security services and solutions available, such as Cloud, Backup and Disaster Recovery tools, with customers able to choose anything from storing specific data sets, to the protection of entire processes and of business infrastructure.

“Our advice is to rely on a team of experts and specialists who have the right know-how to implement and suggest the ideal solution for each case, but also to rely on a provider that can guarantee the total security of the data. Those that can demonstrate their capabilities with advanced infrastructures, certifications and guarantees will have the greatest impact."

Quest product management senior consultant Adrian Moir

“While individual users may still need reminding to back up their files, we're at a point in 2019 where most businesses have seen the impact of ransomware or data loss, often first hand, and understand the importance of backing up business critical data.

“The real problem we see all too often though is that organisational backup strategies aren't evolving quickly enough. Data volumes continue to grow exponentially, and the past 12 months have seen previously-hyped technologies such as containers and IoT becoming more mainstream with widespread adoption.

“With this new structure of an organisations computing assets and new types of data needing to be protected, it is no longer a case of just backing up everything in the same way. There is no ‘one size fits all' when it comes to backup and businesses need to take a smarter approach.

“Customers and employees continue to demand seamless access to data, and internal stakeholders want the business to achieve this while being cost-conscious. Therefore, businesses need to take a long hard look at their current backup strategy and decide whether it can not only ensure the level of service internally and externally in the event of a disaster, but that it is as streamlined as possible and able to keep up with the scale of growing data volumes.

“If businesses take one thing into consideration this World Backup Day, it should be a fundamental switch in thinking. Don't view backup as an afterthought. Build comprehensive data protection into every new development in the business.

Veritas Technologies Northern Europe senior director Jasmit Sagoo

“Data may have become the new oil, but many consistently fail to protect such a valuable resource.

“Over a thousand mobile phones, laptops and hard drives are lost or stolen each day. Stored within these lost devices are sensitive intellectual property, customer and employee details, and business-critical information. In many cases, the data has never been backed up, which means it's gone forever.

“World Backup Day is a good reminder for us all to back up our treasured data. Businesses should also take the opportunity to declutter their digital data and educate their employees on best practice when it comes to data etiquette.

“Here's how you can take back control of your data:

1. Back up at regular intervals – setting up a regular schedule to make multiple copies of your data may sound obvious but is one step that many organisations forget to take.

2. Apply data protection across all workloads – data is growing rapidly and becoming more fragmented across clouds, virtual environments and application platforms. Unified data protection is the only way your IT organisation can deliver required service levels while limited costing and risk – whether data resides on-premises or in the cloud.

3. Isolate your backups – it's crucial that the technology you use to store backup data is not part of your network. This is especially relevant for ransomware attacks.

4. The 3-2-1 rule – keep at least three copies of your data, on at least two devices, with at least one copy offsite.

5. Test your recovery process – this may involve checking that a secondary site will go live if the main site fails, or it can be as simple as recovering an arbitrary file to a PC and checking it is identical to the original.