By Mike Rees, Territory Account Manager for South Africa at Commvault
There has been a recent spate of large organisations experiencing data-related crises specifically related to breaches that may have exposed sensitive customer information. The repercussions of this could potentially be severe. Data breaches not only put customers at risk for things like identity and credit card theft, depending on the information businesses hold about them, they also contravene increasingly strict data regulations. While data security is typically in place, security alone is not enough. The inability to adequately protect and govern data is frequently due to lack of proper data management.
When a data breach occurs or data is somehow leaked, there is a cost involved in recovering. The magnitude of this cost depends on the severity of the breach and how quickly it was detected, amongst other factors. There is also a cost to notifying customers of a breach, not to mention the potential reputational damage a business faces. This damage to reputation is often more significant than it at first appears and could have long-term consequences such as loss of earnings, reduced profitability, a lower share price and a whole host of other issues.
The consequences for a data breach could potentially cripple a business. Take for example the recent security breaches at a large airline company. The organisation experienced incidents that compromised their customers’ personal data, which is a contravention of the European General Data Protection Regulation (GDPR). The UK Information Commissioner’s Office (ICO) has subsequently issued intentions to fine the organisation for the breach, potentially making them liable to pay over a hundred million pounds. This is simply the monetary cost alone. Long-term issues such as damage to reputation and customer distrust are harder to quantify.
Data loss prevention is about more than just data security. Businesses need data management to ensure proper protection and governance is in place. An example that perfectly illustrates this point is a ransomware attack. Ransomware encrypts your data so that you cannot access it unless you pay your attacker a fee. Many businesses assume that in order to counter such an attack, you can just restore your data from a backup. The reality though is that your backups can also become encrypted, especially if they are online. As a result, organisations need to have robust protection in place in order to prevent this and ensure recovery.
While organisations may have disaster recovery in place, this may lead to a false sense of security. If your data is being replicated to a DR site without being properly managed, corrupted data will also be replicated for example. This could cause widespread damage to the very data that is meant to be the backup copy. Data now also resides on a plethora of devices, from branches and remote offices to mobile endpoints. It is imperative to protect all sources of data from leakage, theft and misuse.
Adequate data protection requires information integrity, which in turn is dependent on a management layer to ensure that data is secure, protected and most importantly can be recovered when it is needed. The ultimate goal is an information safety net – essentially a backup of your data that will enable you to restore your data if something happens, whether this is ransomware or endpoint device theft. This can all be achieved by a single, easily managed solution that handles all aspects of data management for reduced cost, reduced complexity and vastly improved data integrity and recoverability.