The year 2020 saw a spike in cybercrimes across the world. Rising unemployment forced many to turn to criminal activities. Cyberattacks increased exponentially, especially business email compromise (BEC) attacks like phishing, spear phishing, and whaling – and ransomware attacks. These attacks have resulted in data and financial losses. With most employees working from home, the threat of data theft and data exfiltration looms high.
Today, the risk of storing data on-premise or on endpoints is higher than ever. That’s why organisations are taking a cloud-first approach to data protection. This article discusses the inadequacies of on-premise, legacy infrastructure for data protection and explains why more organisations are adopting modern cloud architectures.
Threat vectors looming large
According to a report by the Group-IB, there were more than 500 successful ransomware attacks in over 45 countries between late 2019 and H1 2020, which means at least one ransomware attack occurring every day, somewhere in the world. By Group-IB’s conservative estimates, the total financial damage from ransomware operations amounted to over $1 billion ($1,005,186,000), but the actual damage is likely to be much higher.
Similarly, in the final week of the US Elections, healthcare institutions and hospitals in the US were impacted by Ryuk ransomware. The affected institutions could not access their systems and had to resort to pen and paper operations. Life was at risk as necessary surgeries and medical treatments were postponed; patient medical records were inaccessible. Healthcare is a regulated sector and hackers know healthcare data’s value: this includes X-ray scans, medical scans, diagnostic reports, medical prescriptions, ECG reports, and lab test reports.
Today, employees across industries work remotely and log in to enterprise servers to access data. In this scenario, data exfiltration is becoming a massive challenge for organisations. A study by IBM Security says the cost of a data breach has risen 12% over the past five years and now costs $3.92 million on an average.
The crux of the issue is that data exfiltration and data theft can severely tarnish an organisation’s reputation, erode its share price, breach customer and shareholder trust, and even result in customer churn. Stringent regulatory standards and acts like HIPAA, GDPR, CCPA, Brazilian LGPD impose stiff fines and penalties that have historically made companies bankrupt or put them in the red.
Indian companies doing business with organizations in the US, Europe or elsewhere, will need to comply with the regulations defined by those nations, at an industry level. And if customer data is breached, they will be liable to pay the penalties imposed by those regulatory bodies.
India’s forthcoming Personal Data Protection Bill 2019 (which is close to being passed into law) is expected to impose similar fines as GDPR. The bill aims to protect the privacy of individuals relating to the flow and usage of their personal data.
Legacy infrastructure may not be able to comply with new regulations being introduced in an increasingly digital world. In fact, legacy could up the risk for data loss, and hence, organisations must move away from legacy infrastructure and take a cloud-first approach to data protection.
Legacy infrastructure is expensive, insecure
An organisation needs scale to succeed in today’s highly competitive business environment. Adding new customers, introducing new products and services, and timely response to market demand requires agility – to support all these the infrastructure should be able to scale up on demand.
Scaling infrastructure on-premise requires colossal investments and the TCO may not be viable in the long term. The shortage of in-house skills is another challenge. CIOs are under tremendous pressure to deliver value. The only way to scale is to embrace disruptive technologies like Cloud, Big Data Analytics, Artificial Intelligence, Machine Learning, and Blockchain.
Traditional data protection tools offered by legacy infrastructure are inadequate to protect data in distributed environments, where employees work outside the perimeter, and to secure it from sophisticated attacks like ransomware.
At the same time, the introduction of new services and innovation by enterprises results in an exponential increase in data that gets generated from multiple sources like customers, partners, employees, supply chains, and other places. And much of this data is unstructured, which poses additional data governance and management challenges. Industry regulations mandate that this data be stored for a certain period, and copies of it need to be maintained.
Some governments insist that data must be stored on servers in their country (data residency). For instance, the Indian Personal Data Protection Bill will regulate how entities process personal data and create a framework for organisational and technical measures in processing of data, laying down norms for social media intermediary, cross-border transfer, accountability of entities processing personal data, remedies for unauthorised and harmful processing.
In such a scenario, it would be expensive for an organisation to store its growing data on-premise, as legacy infrastructure is inadequate to protect this data and comply with new data protection laws. Cloud environments are more suitable as cloud service providers ensure compliance.
For all these reasons, businesses want to break free from the shackles of captive data centers and embrace a cloud-first approach for rising data protection needs. To do that, they are moving away from the investment-heavy and legacy approach to a cloud-first approach for data storage and protection.
A cloud-first approach
Forrester predicts that 80 percent of organisations are extremely likely to adopt a cloud data protection solution, as more and more businesses are going in for cloud-first strategies. This is due to critical data loss with on-premises infrastructure, lack of security and scalability, and increased spending in legacy hardware and software altogether.
As enterprises face increasingly stringent compliance regulation, cloud data protection solutions help deliver enhanced privacy capabilities for them to keep pace with all of today’s dynamic business demands and needs.
For instance, enterprises scale up their operations globally, their infrastructure can extend to multiple clouds. This results in server sprawl and siloed data, posing additional data management solutions. This is where, they need to adopt Cloud Data Protection and Management solutions that can manage and protect these sprawling environments. These cloud solutions can also secure an increasingly remote workforce and bypass stalled supply chains and traditional data centers’ limitations considering the unprecedented pandemic situation.
The cloud also offers robust resiliency and business continuity – with backup and recovery tools. Storage-as-a-Service provides a flexible, scalable, and reliable storage environment based on various storage technologies like file, block, and object — with guaranteed SLAs. Furthermore, it allows end-users to subscribe to an appropriate combination of storage policies for availability, durability and security of data that can meet various expectations on data resiliency and retention.
Backup & Recovery as a service offers an end-to-end flexible, scalable, and reliable backup and recovery environment for all kinds of physical, virtual, file system, databases, and application data. This solution further extends the richness of backup capability by using agents to interface with and do data transfer or image-based method with a combination of full and incremental backups. This combination provides an extremely high level of protection against data loss as well as simplified recovery.
Today, organisations understand the value of cloud data protection solutions, which is much more secure than traditional hardware-based architectures. They are adopting platforms to protect data where it is being created — in the cloud — from anywhere with on-demand scalability (object storage), robust compliance capabilities, and industry-leading security standards.
While cloud migration efforts have been underway for several years, it has been dramatically accelerated this year. A remote workforce, growing ransomware threats, and questions about data governance have significantly accelerated the demand for a cloud-first approach to data protection.