Two tactics to protect data now that turning back time no longer viable

For decades, IT departments have set their data backup strategies around metrics for recovery point objective and recovery time objective: RPO and RTO. The idea being that you could roll back a system to just prior to an interruption and restart normally with minimal data lost and disruption.

That approach, of course, presupposes an acceptable level of data or transaction loss over a prescribed time period.

But in the age of ransomware and sophisticated phishing for launching attacks — as well as distributed data across hybrid environments — entire databases are at risk, said Aaron Lewis, vice president of U.S. sales and engineering at Rubrik. Therefore, while RPO and RTO remain important specifications for designing backup systems, it’s time to expand on them by taking a more comprehensive view of data protection.

“Traditionally, organizations really looked at two things,” Lewis said during Federal News Network’s Industry Exchange Cyber. “How much data am I willing to lose? That’s RPO. And how long can I wait until I get my data back? The recovery time objective. That just doesn’t encompass the whole picture.”

Not in an age when cyber espionage and wholesale theft of data are the primary objectives of malicious actors, he said. IT and cyber teams must ask themselves whether they can recover 100% of their organizations’ data and, once having recovered it, ensure the data’s integrity.

Creating a single source of truth for data security

This capability starts with what Lewis called data observability, having a complete picture of the data that needs to be protected. Observability augments the traditional cybersecurity practice of “let’s protect the moat.” Without observability, Lewis said, IT teams often find themselves rolling systems further and further back in time, seeking a safe spot at which to restart. Suddenly, a 10-minute RTO ends up being hours, even days, he said.

To get to total data protection, Lewis recommends that IT and cyber staffs do a couple of things:

• Establish a single platform for data security: With this approach, each component agency or group of related agencies has a single source of truth, which “minimizes risks around lack of visibility into separate point products,” he said, adding, “It also minimizes the complexity around enablement for administrators.”

A single, shared platform helps ensure proficiency for the people interacting with it because they no longer must deal with multiple tools, Lewis said.

• Design the system around data security from the get-go: Every system should include a trusted data storage platform that administrators can invoke following a corruption incident or the loss of operational data, he said.

“What’s important is a solution built from the beginning, with data security in mind, and an immutable data storage platform with observability built into the system,” Lewis said.

What’s more, the datacentric protection application — the single platform — is best acquired as a cloud-hosted, software as a service product, he added.

SaaS applications “have the ability to reach in not only to physical, on-premises applications and workloads but also manage cloud workloads as well by their very nature of also being in the cloud,” Lewis said.

A single platform solution must include automation for adding new workloads and data sets too. Lewis recalled an incident, when as a junior IT backup and recovery administrator, he overlooked a server that became corrupted.

“I realized I had not added it manually to the protection policy,” he recalled. Today, administrators need to designate workloads for protection by type so that their security management automatically aligns to the organization’s protection policies. “As new workloads get added, I think that’s absolutely crucial,” Lewis said.

Learn about more security best practices and technologies shared during Federal News Network’s Industry Exchange Cyber.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.