Make Cybersecurity Resiliency a Top Priority at Your Organization
“What are your interests and top priorities as CIO?” I often ask this question when invited to meet with C-Level teams to discuss topics such as the data center of the future, operational data storage efficiencies, or the technology roadmap. In response, I often hear, “There are so many mission critical aspects of the job, but my number one priority is cybersecurity.”
Aside from cybersecurity having the potential of impacting every government, business, and individual, the reasons most organizations make cybersecurity a top priority are increasingly clear. While things like agile development, DevOps, and Enterprise Mobility Management are vital for improving operations and remaining competitive, a cybersecurity failure not only has the potential of shutting organizations down, requiring significant cost to address, but also creates a loss of trust, and introduces the threat of exposed data. In fact, the average initial costs of a cybersecurity breach are now about 4 million dollar per incident.
Cybersecurity resiliency, a relatively new concept and recent trend, has critical implications for the CIO and all organizations. It is best defined as the ability of an organization or business process to withstand, recover from, and evolve in the face of attacks, adverse conditions, or stresses on the supporting IT resources the organization needs to conduct operations.
An intelligent data storage architecture that has, at its core, Confidentiality, Integrity and Availability (CIA) enables a proactive, data-driven cybersecurity capability
In dealing with cybersecurity challenges, while perimeter security and intrusion detection are key elements of a defense in depth strategy, they are insufficient to keep the attackers out. Therefore, the concept of making systems more resilient to attacks is gaining momentum–organizations now understand that cybersecurity resiliency is their best bet at protecting data.
Integrating cybersecurity resiliency into the design and operation of a modern data center is actually quite a simple process. Some of the basics include steps CIOs and IT departments can take to:
► Upgrade or modernize the information technology infrastructure–adding resiliency enhancements to legacy systems and traditional applications as well as new cloud native applications
► When possible, leverage software and cloud capabilities to automate systems to deliver more self-service capabilities and “X” as a Service (XaaS) to support the evolution of IT from a provider of infrastructure to a services provider
► Lead the transformation of roles and responsibilities that support the delivery of IT as a Service (ITaaS)–learning and adopting the new skills as needed to support transformation efforts
The Director of Architecture and Integration from a U.S. Military Service CIO Office recently spoke at a Big Data and Predictive Analytics Symposium in Washington DC. The Director placed particular emphasis on many of these same cybersecurity topics and also highlighted the importance of the key data center modernization concept of the “Data Lake.” She noted the special utility of the data lake for eliminating data silos and facilitating big data analytics–which could more effectively be conducted across the entire enterprise by using the data lake architecture.
Cybersecurity resiliency is on the critical path to mission resiliency–it is a key component of the IT infrastructure that needs to be addressed. Dealing with massive data growth and the persistent wave of cyber threats has changed the landscape forever. But one thing that remains the same is that the attackers are not simply trying to get through your firewalls and into your network–they are trying to get your data.
Since it is all about the data, it makes sense to have a cybersecurity resiliency design that focuses on data storage and protection. An intelligent data storage architecture that has, at its core, Confidentiality, Integrity and Availability (CIA) enables a proactive, data-driven cybersecurity capability. Designing and developing a modern protection storage architecture is a key step in the journey to mission resiliency. Additionally, it bridges the three vital components for advancing data protection– storage, data source integration, and data management services.
Advanced architectures accelerate the delivery of services and applications, facilitating scalable operations and enhancing organizational innovation. This type of modern protection storage architecture also supports the latest in cloud computing, hybrid storage, virtualization, and innovations in mobility technology. These technologies not only provide the foundation for transformation through cost savings and efficiencies, but also include the essential elements for greater mission and business system resiliency.
Systems designed to provide greater cybersecurity resiliency are inherently more operationally flexible, and may be adapted to support service delivery options in the future–such as Data Protection-as-a-Service (DPaaS). This type of flexibility could also provide organizations with choices for enhanced speed, security and revenue. Overall, it’s about simplicity–resiliency must not only be transparent, but trustworthy and secure as well.
Ultimately, it’s best to address the cybersecurity matters up front. Otherwise, the challenges of dealing with massive amounts of data will not only seem overwhelming from a data integration, storage, and management perspective, but may also prove to be irrecoverable from a data trustworthiness or user confidence perspective.
Fortunately, several innovative solutions, such as intelligent data storage and software-defined storage, have significant automation and resiliency features designed into their core architectures, enabling organizations to avoid many pitfalls and become more proactive, data-driven enterprises.