Given Today’s Data Complexity, a Platform Mindset is Crucial for Cyber Recovery
For too long, architecting for cyber recovery and resiliency was on the vision board for a distant future. Unfortunately, that “distant future” is here, but many companies have not started this critical effort.
There continues to be a disproportionate focus on keeping bad actors out. Fortifying the perimeter is important. However, very few organizations are equipped to respond if they are attacked. The strategies in place rely on the misguided notion that IT vendors can restore any lost business information.
Cyberattacks are inevitable — a fact of contemporary business life that C-suites must now acknowledge. Leadership must also recognize the growing impact of breaches, which are lasting longer and causing billions of dollars in financial damage. C-suites must start to work under the assumption that they will be breached; “hope for the best but prepare for the worst” is the new mantra.
In most IT environments, cyber recovery is challenging. The task of identifying, remediating and recovering from an attack is split across a number of different applications, adding considerable time and complexity to a process that often demands streamlined, fast action. Too often the over-abundance of IT security tools is actually making it more difficult for organizations to bounce back. With data trapped in each system, businesses can’t harness the power of collective intelligence to deliver more dynamic insights that improve the overall risk posture.
Creating siloed repositories is a natural, but unfortunate outcome of adding point solutions as a quick fix to a business requirement. That’s why many companies are shifting to a platform model — one where different end applications are grounded in a single, common IT foundation. With this architecture, technology supports holistic internal processes, rather than just individual tasks.
In a platform-based approach, systems work together on the back end to provide a more seamless experience for end users that is focused on business outcomes. This allows users to focus on fewer tools to get their jobs done. Organizations can take advantage of specialized capabilities without creating yet another operational silo that must be managed. And they’re able to more painlessly incorporate AI-enabled automation as it becomes available, improving efficiency and helping internal teams overcome key talent gaps.
Ultimately, this foundational IT shift transforms how the company prepares for a cyber incident. In today’s increasingly dangerous digital environment, businesses need more than just a strong defense; they need resiliency. With the platform mindset, recovery becomes a deeper part of the overall strategy.
Here’s why the platform approach is critical to building a recovery operation that’s ready when the organization inevitably needs it the most:
Protection in a Polycloud World
For all its virtues, the transition to the cloud over the past two decades has made IT environments extremely complex.
Many businesses are now direct customers of one or more infrastructure providers like AWS, Google Cloud and Microsoft Azure. And many of the third-party software programs that businesses use are running on those cloud providers’ networks. So, while customers may try to stay within one ecosystem, they inevitably find themselves with workloads in multiple cloud environments. And with new partnerships emerging between cloud providers, technology stacks are bound to become even more multifaceted.
Alongside the cloud, many organizations still operate on-premises legacy physical hardware, like an IBM AS/400, as well. And while that legacy equipment probably continues to provide robust performance, it’s another idiosyncratic link that must be managed within the broader security chain.
Given these complexities, companies can no longer risk trying to manage recovery in silos. With the right underlying platform, businesses can drive greater standardization across all their environments — spanning cloud and on-premises. This unified approach often results in more secure data protection strategies and seamless, faster recovery and resiliency.
Thinking Beyond SLAs
Service-level agreements, or SLAs, are a standard operating practice across both the software and hardware industries. They set a baseline expectation for continuity of services and remain critical in situations like a cyberattack. But the focus on resiliency is redefining traditional benchmarks.
Typically, companies incorporate into these contracts the maximum amount of time a recovery can take, as well as the max amount of data that can be lost. But increasingly, it’s no longer just about so-called Recovery Time Objectives (RTOs) or Recovery Point Objectives (RPOs). It’s expanded into “Maximum Sustainable Business Downtime,” a term that encompasses RTO and RPO, and reflects the people and broader processes involved in a successful cyber recovery.
As Sophos outlined in a March 2024 paper, malware now dwells longer in a company’s network. Increasingly, viruses are making their way to backup repositories, thus compromising an organization’s last line of defense. Once backup data is infected, organizations lose the ability to recover the most recently saved assets. Instead, they must recover data from several months earlier. Millions of dollars in investments go to waste, and critical business data and intelligence is impacted or lost forever.
The best way to defend against this growing trend is with a layered strategy, where there are several recent, clean versions of the data available to revert to. And the best way to do it is by regularly validating data from these versions. But the task of regularly scanning and updating the information becomes harder when security teams have to interact with many different systems. As a result, backup environments are not tended to as closely as they should.
A unified platform lets security teams be active participants in the architecture of the data protection landscape. During a cyber event, they’re able to provide the necessary guidance on forensics and data validation. And ultimately, it’s the only way to truly deploy a “defense-in-layers” approach to protecting key digital assets.
Better Intelligence, Better Security
With more operations managed through a single digital foundation, data recovery operations are centralized from a single pane of glass. With a holistic view of the security posture, companies become more confident in their ability to bounce back from IT incidents.
The holistic view makes it easier to extract accurate insights about the state of operations. And when combined with feeds from the other platforms managing other aspects of security, the data yields a higher level of intelligence and context that’s key to a more agile response to threats.
For example, a recovery platform might integrate with the SIM or SOAR system – two common cybersecurity solutions. When various types of security software are linked, organizations are able to cross-reference alerts and anomalies to better delineate between real signals and white noise, helping them triage efficiently. Only platform solutions that help distinguish raw data from actionable information can improve an organization’s security posture and maturity.
Increasingly, companies are experiencing first-hand the drawbacks of a digital-centric world. When systems are down for extended periods, the financial and reputational damage can be staggering, not to mention the impact on supply chain businesses as well.
Adopting a platform mindset helps ensure that recovery becomes a key component of the cybersecurity strategy. In the end, a prepared organization is a resilient one.
