Skip to main content

Keeping up with the growing data protection challenge – Is regulation working?

(Image credit: Shutterstock / whiteMocca)

Back in the mid-1990s, today’s highly networked and interconnected world was just a glimmer on the horizon. But the rise of the Internet, wearable tech, smartphones and IoT connected devices have all changed the rules of the game when it comes to obtaining and processing data. 

In response, governments and regulatory authorities have spent the last decade striving to adapt aging data protection laws in a bid to address the challenges posed by technology advances. That includes setting out minimum standards where data protection and recovery from malicious malware attacks are concerned. 

To date, more than 130 countries around the world have enacted privacy laws, with GDPR and the California Consumer Privacy Act (CCPA) setting the standard where data protection and privacy compliance requirements are concerned. For organizations without valid protections in place, a data breach risks both stringent fines and reputational damage.

At the heart of all this regulatory activity is a single core principle: the idea that data must always be kept safe and secure. No easy task as organizations continue to digitalize their operations in the wake of the pandemic crisis and become increasingly dependent on data for automated decision making or interacting with today's hyper-connected consumers and supply chains.

Between a rock and a hard place – the growing data protection dilemma 

If nothing else, regulation and data breach penalties have helped incentivize organizations to take their data protection responsibilities seriously. But the past 18 months have raised the data protection risk stakes as cybercriminals take advantage of recent digital shifts to unleash a slew of ransomware attacks that put data, and application availability, at risk.

Today, ransomware represents the single most serious threat facing organizations that need to protect critical data assets. And ransomware is growing in both severity and scale. According to a recent IDC report, 95 percent of organizations experienced a ransomware or malware attack in the past 12 months, with 43 percent suffering unrecoverable data loss. Meanwhile, the Harvard Business Review reports demands made by attackers now run as high as tens of millions of dollars. Indeed, estimates are that the worldwide cost of ransomware is predicted to exceed $265 billion by 2031, according to Cybersecurity Ventures.

As ransomware demands boom, insurance firms are now considering withdrawing – or making cover more difficult and expensive to obtain - the cyber insurance policies that previously provided a safety net when organizations were hit by a successful attack.

With so much at stake, today’s data-driven organizations need to rethink their data protection and resilience strategies fast. Because it’s only a matter of time before they become a target for hackers.

Ransomware mitigation: why it’s time to modernize backup and recovery

Quickly recovering their systems and data is the top challenge facing organizations on the receiving end of a ransomware attack. With files encrypted and normal operations disrupted, remediation is often a lengthy and expensive proposition, especially if existing backup processes mean that the latest snapshot is anything from a day to up to a month or more old. Little wonder that businesses choose to pay ransom demands, especially if their data loss stretches back days or even weeks.

The crux of the problem is that many organizations are still utilizing backup and data recovery strategies that were designed back in the days when ransomware wasn’t such a big issue. Plus, they’re still dependent on legacy data protection technologies that are only capable of recalling data from periodic snapshots.

For organizations operating in today’s 24/7 economy, this isn’t acceptable. modernizing data protection, including backup and disaster recovery, is a must-have for any business that needs to stay up-to-date with every changing detail in real-time.

Having the ability to recover data at a granular level and to a recent point of consistency doesn’t just help minimize data loss. It also speeds up database recovery and application restart. To achieve all this, organizations will need to implement a continuous data protection approach that makes it easy to achieve sub-minute recovery point objectives (RPOs).

Continuous data protection: the benefits 

Ransomware recovery has become the primary use case for initiating continuous data protection (CDP) that makes it possible to recover data to the point in time just prior to an attack. 

By constantly tracking and capturing each data modification and storing each piece of user-created data locally or in a target repository, CDP is an incremental process that continuously replicates data to a journal file. All of which enables IT teams to restore data to a point just prior to disruption – rather than minutes or hours before. So users can pick up right where they left off. There’s no need to rely on snapshot or backup copies that can be up to 24 hours old.

Enabling instant recovery isn’t the only benefit. As more organizations invest in more and more multi-cloud infrastructure and applications, the need for a ‘cloud native’ data protection layer that ensures data and applications remain available even if cloud services are disrupted is growing. It also means that data recovery becomes an ever more complex proposition. One that involves responding to multiple potential recovery needs: on-premises to cloud, cloud to cloud and even cloud to on-premises. Fortunately, today’s CDP technologies also simplify the protection, recovery and mobility of applications across private, public and hybrid clouds, enabling IT teams to close any potential data management gaps and recovery data from anywhere to any location.

CDP is also being used to modernize other backup tasks like the long-term retention of data that has to be stored for long periods of times in line with regulatory requirements.

The state of data protection in 2021 

Today’s organizations are under threat of constant attack from cybercriminals and any loss of data creates the potential for regulatory fines and loss of consumer or customer confidence. While tougher laws and regulations have served to focus the attention of organizations on the need to get – and stay – compliant where data protection responsibilities are concerned, falling foul of data protection regulations isn’t the only business risk that is facing organizations.

Fast shifting IT landscapes and digital transformation initiatives mean legacy backup and recovery technologies are no longer up to the task of protecting data or enabling the ‘always on enterprise’ - and the consequences of data loss can have a devastating impact that goes far beyond the payment of regulatory fines.

In response, organizations need to modernize their data protection, backup and disaster recovery strategies. utilizing the highly granular nature of CDP to reduce data loss and recover data more quickly in the most pragmatic and cost-effective ways possible.

Steve Blow, EMEA Sales Engineering Manager, Zerto, a Hewlett Packard Enterprise company

Steve Blow is the EMEA Sales Engineering Manager at Zerto, a Hewlett Packard Enterprise company.