Although welcome sentiment, it simply doesn’t go far enough for 24/7 modern business uptime requirements. An improved day would instead encourage organisations to test the resilience of their backups and service providers, business continuity procedures and crisis planning for a cybersecurity attack.
A huge reason for this is that more businesses than ever before are moving applications and data to the cloud. Cloud solutions offer more flexibility, adaptability and elasticity, which is especially important in areas like cybersecurity, where the threat landscape evolves at such a rapid pace that new updates and features need to be deployed immediately.
However, while the cloud offers many benefits, there is always a risk of being hit by an outage. Even the largest providers, including Microsoft, AWS and Google, cannot fully protect against disruption, security threats and data loss. Any single cloud environment is at risk of data loss from malicious action, human or technical error.
Also as a result of an outage, critical services like email can be disrupted. 205 billion emails are sent and received per day and is the number one business communication tool. Nearly all organisational information passing through email at some point. Sales can also be affected and brands that are increasingly focused on customer experience are vulnerable to becoming tarnished.
This issue is that many businesses rely solely on recovery and protection provided by SaaS or cloud app providers, some of which are simply not geared up to defend against outages or ever-evolving attacks. If data is also only backed-up once a year, businesses risk losing out on a lot of important information.
As more organisations rely on cloud-based systems to run critical systems like email and store key information, the risk increases – especially if multiple organisations in the supply chain are relying on the same cloud service.
How to prevent potential disruption to your business
Data recovery needs to be high on leadership and department head’s radars and shouldn’t just be a one-day consideration. They need to plan for the inevitability that cloud services will go down – just as they would with business continuity solutions on their own infrastructure. Rather than maintain LAN tethers, this should be done through a secondary cloud service, that can work seamlessly with primary providers to ensure business continuity and maintain data access.
In addition, to mitigate the effects of an outage if it does occur, there needs to be a risk mitigation strategy in place for key systems and data moved to the cloud, and that plan needs to be tested regularly.
By staging a cloud outage, organisations can fully understand how the business will cope if this does occur. Taking a cyber resilience approach, IT teams should ensure critical infrastructure like email continue to operate during a primary cloud system outage with key data backed-up and remaining available to search and access. Importantly, security layers should also remain active in order to protect the organisation. Early detection and visibility of any issues, together with the right technology and well-tested processes, can help mitigate the impact of an outage and get businesses running more quickly when primary systems come back online.
Backing-up data every day – not just once a year
It is inevitable that organisations will be hit by a cloud outage that will result in data loss. As such, data back-up must be part of a wider cyber resilience strategy that also includes cyber protection and business continuity. This should be regularly reviewed to ensure data is safely secured and backed-up, should the worst happen.
This article is from the CBROnline archive: some formatting and images may not be present.