How to Achieve Data Resiliency

When planning for data resiliency, one of the first steps is determining the role data plays in your business. While some companies may be able to function

When planning for data resiliency, one of the first steps is determining the role data plays in your business. While some companies may be able to function if they lose access to their data for an extended period of time, others could face debilitating repercussions with even a temporary loss or degradation of data.

So, for your business, what’s the value of your data? Could you operate without it? If so, for how long? And how well?

Next, it’s time to assess the risks your business faces. No doubt, it’s important to consider and plan for those risks and threats that no business is immune to — for example, natural disasters, power outages, and even, cyberattacks. However, to achieve more comprehensive data resiliency, you’ll have to dig deeper and broader to unearth risks that are more specific and relevant to your industry and unique business and operations.

To do so, you’ll not only need to identify any threats that could disrupt the availability, integrity, and accessibility of your data, but also determine their potential impact on your organization. Again, much will depend on the nature of your business. A financial institution will certainly mitigate against a different set of risks than a retail chain, a hospital, or a school.

Ask yourself the following question and run through the different scenarios. Without this data or that data, would you continue to operate, communicate, fulfill orders, or complete whatever activities are most crucial to your business and bottom line?

Data resiliency is a team effort: A combination of technology, people, and processes

Once you assign data value and identify relevant risks, you can start to develop your data resiliency plan. It should include steps to protect against threats and data disruptions as well as procedures for your organization to follow when disasters or disruptions occur. Specifically, you can adopt measures to backup data to multiple locations, such as on-premises storage, cloud storage, or physical media, while also implementing security controls to gain continuous data visibility and as possible, pre-empt cyberattacks.

For example, any organization can follow and incorporate the “3-2-1 Backup Rule” into their overall data resiliency strategy. It says you should have at least three (3) copies of your data stored on two (2) different types of media with at least one (1) copy located offsite. This helps ensure data redundancy and availability in the event of a failure or security incident. And as far as security controls for this strategy, you should focus on three primary ones:

    1. Access Control: Have strict access controls for all backup copies in place with multi-factor authentication (MFA) and limited access to the backup data and infrastructure (ideally, from a user account that’s not part of the organizational domain — for example, Active Directory).
    2. Encryption: Encrypt all backup copies, both at reset and in transit to protect against unauthorized access.
    3. Endpoint Protection Platform (EPP) / Endpoint Detection Response (EDR) Monitoring: Install EPP and EDR on every endpoint in the environment, including any systems where you store backups.

Of equal importance to your backup strategy and controls are your people and processes.

Your people are your most valuable source of input, and they will be instrumental in both assessing and addressing risk. So, be sure to establish clear roles and responsibilities for all stakeholders to help ensure that everyone is on the same page, knows their function, and is ready to act at a moment’s notice. At the same time, be sure to communicate with clients and partners so they are aware of the steps you are taking to protect data and maintain operations in the event of a disruption.

Finally, your processes. These should tie everything together, providing a clear path or playbook to follow. A data classification scheme, for instance, is crucial for determining the appropriate level of protection of different data types and will help with prioritization of resources and implementation of appropriate security controls.

As previously mentioned, backup and recovery is another key process to incorporate into your data resilience strategy. A backup and recovery plan entails creating copies of data and storing them securely to help ensure you can quickly recover critical data and resume operations after a disruptive event. Additionally, regular testing of backup and recovery procedures is essential for maintaining data resiliency.

A third process where data resilience should have a big footprint for an organization is incident response. The incident response process involves detecting, containing, and mitigating security incidents, like data breaches or cyberattacks. Data resilience is crucial here, as it enables organizations to recover and restore affected data, preventing further damage and reducing the impact of the incident.

Test and review — and then test and review again

The importance of regular review and testing of your data resiliency plan cannot be overstated.

By conducting tabletop exercises or incident response simulations, for example, you can test your organization’s ability to recognize and recover quickly from data disruptions. Likewise, regular reviews of your plan are crucial for pinpointing areas that need improvement.

Achieving data resiliency is not a set-it-and-forget-it process. You need to be constantly looking for gaps and making updates to help ensure that your data resiliency plan remains effective and quick to implement.

Share the Article

Recent Articles

New SIM Swapping Attacks

According to new research, eSIM cards are being hijacked for cyber attacks. eSIM cards are remotely programmable chips that are stored within phones and other wearable devices.

Read More »
Scroll to Top

This website uses cookies to improve your browsing experience. By clicking accept, you consent to the use of cookies. To learn more about the cookies we use, visit our Privacy & Cookie Policy.

Report a New Incident

Your incident report has been submitted.