?
KATE MOLLETT,
REGIONAL
MANAGER FOR
AFRICA AT VEEAM
W
ith the average
number of
breached data
records topping
25,000 per
country, it is
not a matter
of ‘if’ but ‘when’ a business will get
compromised. Stealing sensitive data
has become big business and this is
where the importance of an effective
data management strategy is critical.
From backing up to the availability
of data following a crisis, decision-
makers need to continually evaluate
their strategies to ensure they mitigate
any potential risks when it comes to
data breaches.
Considering that the average cost in
time to resolve a malicious insider attack
is 51 days, can a business really afford
not to take protecting its data seriously?
On the positive side, the introduction
of legislation such as the General
Data Protection Regulation (GDPR) in
www.intelligentciso.com
|
Issue 18
Europe and the Protection of Personal
Information Act (POPIA) in South Africa,
has meant local organisations are more
aware of the implications and taking data
breaches more seriously.
This is not only in terms of the business
impact but also the reputational damage
and loss of consumer confidence as
a result. Depending on the nature
of the breach, fines associated with
compliance and regulatory standards
can be significant. Companies are very
focused on securing their business,
becoming more open with how they
approach technology solutions and
partnering with other organisations. But
as they expand their digital horizons, so
too does the potential threat landscape.
If ransomware is introduced, the only
choices are conscious loss of data
or restoring from a backup. An offsite
copy of customer data at a local cloud
provider, using different user credentials
adds another layer to the Backup-as-a-
Service (BaaS) and Disaster Recovery-
as-a-Service (DRaaS) solution. This also
complements the offsite copy strategy,
delivering many benefits. Some cloud
providers have enabled Veeam’s Insider
editor’s question
Protection Recycle Bin which assists
with internal and external threats.
We introduced the concept of a recycle
bin for customers sending offsite cloud
backups to cloud providers using Veeam
Cloud Connect. This deleted backup
protection or insider protection allows
the cloud provider to enable the deleted
backups protection option for specific
tenants and looks to add another level of
data security for cloud-based backups
in the case of a malicious user gaining
access to the backup and replication
console or in the case of accidental
deletion by an administrator.
Organisations must be more involved
in the solutions that bring cloud
data management into the business
and further ensure that ransomware
strategies include an educational aspect.
One key piece of advice that we have
been sharing with the industry for years
is the Veeam 3–2–1 rule. It states that
you need to have three copies of your
data, stored on two different media types,
with one being offsite. This can address
multiple failure scenarios and does not
require any specific technology.
29