Ransomware resiliency in a multicloud era
IT organisations are supporting a decentralised working model with cloud as the backbone; standardisation is critical in closing the resiliency gap.
The IT environment is increasingly becoming siloed and highly complex, yet not enough enterprises have done robust resiliency planning. According to a recently released Ransomware Resiliency Report, 66% of all respondents – whether their company had suffered an attack or not – estimate that it would take at least five days to fully recover from a ransomware attack. Furthermore, 64% said the security measures they had in place had not kept pace with IT complexity.
“There is a disconnect between how resilient top level executives think their organisation is to ransomware attacks compared to those leaders on the frontline within IT,” says Geoff Greenlaw, Veritas Technologies’ Vice-President, EMEA Channel. “This oversight has opened the resiliency gap as companies struggle to keep pace with their IT complexity driven by digital transformation.”
The resiliency gap is not just a physical gap that exists between today’s data protection technologies and ransomware. According to Greenlaw, most companies are not ready to run their business on a cloud platform. Many still choose to retain their mission-critical data and workloads in their own data centres or on-premises, only migrating archival data or lesser workloads such as R&D and DevOps to the cloud.
“This report shows that within many companies, executives believe they are resilient but IT are saying the exact opposite,” adds Greenlaw. “Due to legislation and compliance, they need to maintain some centralised control and governance over their data. Hybrid multicloud is often the safer, middle-ground approach.”
The benefits of hybrid multicloud are increasingly recognised globally to drive the best experience at the best price, but businesses require a better data protection strategy in order to keep pace with the levels of complexity they're introducing.
“Organisations are choosing best-of-breed cloud solutions in their production environments. The research showed that the average company today is now using nearly 12 different cloud service providers to drive digital transformation,” says Greenlaw. “Just think of the complexity involved in managing 12 different cloud service providers and your own infrastructure on-premises.”
In order to insulate themselves from the financial and reputational damage of ransomware, organisations need to look at data protection solutions that can span an increasingly heterogenous infrastructure. We are seeing the same threats that organisations have faced for years, now evolving with tactics that capitalise on world events to facilitate their effectiveness.
“Standardisation is critical. How can you run multiple different tools, point solutions and products across numerous different environments?” questions Greenlaw. “I think of the use of infrastructure as a service, platform as a service, software as a service… these technologies are becoming pervasive in IT infrastructure. As organisations spread their applications and data across these heterogeneous environments – whether it's AWS and Azure or even their own public or private cloud, between the cloud and their own data centres – it's created more integration, more orchestration and more data protection challenges.”
The coronavirus pandemic rapidly accelerated the digital transformation into the cloud simply because many organisations needed to empower remote workers across a wide portfolio of applications (with limited access to their own, on-premises IT infrastructure). Protecting, managing and governing all of this data in one single pane of glass is close to impossible – ensuring the continued availability of data and applications is a massive challenge.
“They had to turn to cloud as a way to drive scale at pace to meet the demands of these work-from-home policies that have been implemented. There’s a lag between the high-velocity expansion of threat that comes with increased multicloud adoption,” says Greenlaw.
As enterprises pursue hybrid multicloud strategies, deploying more data and workloads to the cloud to take advantage of its perceived flexibility and scalability, they often forget about protecting data and applications which leaves vulnerability gaps. It’s important to ask whether a company is making their IT infrastructure resilient enough to enable quick recovery from a crippling ransomware attack.
“Enterprises are creating more data and they're facing a business imperative to move their applications out of their own data centres, which is why adopting a platform for resiliency is crucial. The most dynamic enterprises in the market want to standardise on a data management platform to support the whole digital transformation process,” he says.
Nearly half of businesses, 46%, in the survey shared that they had increased their budget for security since the advent of the COVID pandemic. There's a direct correlation between this elevated level of investment in security and the ability to restore data in the wake of an attack.
“Companies need to immediately assess their resiliency approach and close the resiliency gap by making their backup and disaster recovery processes far more robust no matter where the data or application is hosted, be it on-premises, in the cloud or hybrid strategy. The more you spend on data management, the more likely you are to be able to recover your data,” ends Greenlaw. “As malicious hackers continue to deploy more effective and potentially devastating means of holding companies’ data to ransom, the time for enterprises to act is now.”