Cloud Security and Governance – Mind the Security Gap
Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with…
We have seen over recent years the impacts of WannaCry and other ransomware has had on businesses. From the most severe (business closure and failure) to bottom line (financial) impacts in the event a ransom is paid to retrieve encrypted data. Globally it was a significant earn with some suggesting it costs some 4 Billion USD globally in 2017.
Data loss events be it internal or externally driven can be prevented or the most risks mitigated with a complete backup regime. However backup strategies are not a one size fits all across businesses.
Not all data within an organisation is the same, but it is all important in one way or another. To develop a Backup Strategy an organisation needs understand their data and the criticality of this data.
The priority of this data will then drive your organisations policies (risk acknowledgment and mitigating factors) around recovery times and acceptable data loss.
Once information is categorised an organisation is then able to determine the backup and continuity requirements around this data.
Questions that should be asked and answered:
Once information is categorised and prioritised, a business will often need to be able to answer two questions when considering backup planning and disaster recovery efforts.
This is referred to as Recovery Point Objective or RPO
…”A recovery point objective, or “RPO”, is defined by business continuity planning. It is the maximum tolerable period in which data might be lost from an IT service due to a major incident.[1] The RPO gives systems designers a limit to work to.”…
This is referred to as the Recovery Time Objective or RTO.
…”The recovery time objective (RTO) is the targeted duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity.”…
When looking at both of these, there is a trade-off between the timeframe and the investment required to meet each of the metrics. (I.e. if your RPO is 0, then the Investment is significantly more then and RPO of 1 week for instance).
There are a plethora of backup solutions within the marketplace. Each with their strengths and weaknesses that deliver against particular use cases and meet data recovery objectives. When evaluation a backup solution, consider the Total Cost of ownership (TCO) and consider:
These are often hidden overheads not considered during the purchasing phase. Company budgets will also play a part in.
We often get asked this question and in most cases, we would recommend that all data regardless of where it resides be backed up (to one extent or another). Most “as a service” providers will backup data to meet their SLAs to you, but often these do not meet an organisations requirements. This is often overlooked when evaluating a cloud strategy.
Secure-ISS can assist business with backup planning and strategy sessions, solution design, consultancy, overall business continuity planning or through fundamental risk assessment. We can also assist with testing of both Backup Strategies and Business Continuity planning to ensure that systems and solutions are effective when/ if they are needed.
As part of a larger (turn-key) offering or as a once off engagement our professionals are able assist your business build resiliency.
Cloud Security and Governance – Mind the Security Gap Workloads are migrating to the Cloud with…
Penetration Testing Penetration testing is essentially recreating malicious attacks in order to exploit and identify gaps…
Vulnerability Management – Assessment and Patching An effective Vulnerability Assessment (VA) approach Organisations are most likely…
Managed Detection and Response (MDR) What is a Managed Detection and Response service? Managed Detection and…
Endpoint Detection and Response Solutions – EDR / XDR / MDR Endpoint Protection Platforms (EPP) are…
SOAR – Security Operations, Analytics and Reporting Orchestration and Automation of incident response are key elements…