CISOs Playing a Bigger Role in Disaster Recovery and Backup
BY Stacy HayesCyber-attacks and in particular ransomware continue to be a major threat to all organizations. In some of the most recent developments, we’re seeing the emergence of new groups and increasing payment demands from ransomware gangs.
As the nature and risks presented by cyber-attacks continue to evolve, organizations must adjust and refine their processes, procedures and even re-examine roles and responsibilities to stay ahead of attackers. Even though they’re closely related, most organizations have traditionally treated security and data backup as separate environments, with CTOs and heads of IT typically overseeing backup functions and CISOs focusing on security. This delineation of responsibilities is changing, with CISOs starting to take much greater interest in data backup and recovery as the threat from ransomware remains ever present, making it a fixed item on the corporate agenda.
The expanding role of CISOs
One of the contributing factors to this shift is the constantly changing IT stack and the emergence of hybrid cloud architectures, microservices and cloud native applications. With these challenges to focus on, many CTOs are changing their thinking on how best to manage data security and backup functions, believing that in many situations, CISOs are best placed to manage backup and recovery functions, given they already have overall responsibility for data management.
This shift does make sense for many organizations, as CISOs can strengthen their defensive security posture by taking ownership of backup and disaster recovery functions. In doing so, they can expand their role to support business continuity besides threat mitigation and prevention.
When it comes to defeating a cyber-attack, there are essentially three courses of action – prevent attackers from gaining entry to the organization’s network, detect and then negate the attack if defences are breached. CISO’s understand this and look for cybersecurity partners that can deliver on each of these layers.
As disaster recovery and backup come onto the CISO’s agenda, many are actively looking for vendors that can deliver complementary services to shore up defences and recover data immediately in the event of an attack. Recognizing this, some backup and disaster recovery providers have made attempts to expand into the cyber security space in recent years, with mixed results.
How managed backup and disaster recovery services can assist CISOs
While backup and disaster recovery might have shifted to the CISO, it’s not one of their core specialisms, which makes managed services an attractive option. A partnership with an immutable backup provider can take the weight off the shoulders of the CISO and sec ops teams, whose primary focus is to deal with threats. This is especially the case when data and digital assets are strewn across hybrid cloud infrastructures and SaaS platforms. An ever-expanding cloud footprint is hard enough for the IT department to contend with, let alone the CISO’s office.
Considerations for CISOs in choosing an immutable data backup provider
CISOs need to adopt a cautious approach when considering options for an immutable backup provider as not all can offer the same guarantees and service levels. A key consideration should be whether the provider’s backup platform was built from the ground-up with immutability in mind, as is the case with Assured’s. This, combined with the fact that we work alongside data security specialists Rubrik to guarantee rapid restore of data and operations should provide real reassurance.
CISO’s should also closely examine the MSP capabilities of prospective immutable backup providers, such as their ability to integrate with hybrid and multi cloud platforms and architectures, syncing with public cloud vendors such as AWS, Azure and other providers. Cloud portability is crucial, so backup and DR specialists should also be selected based on their ability to scale workloads and applications in line with your organization’s cloud migration strategy. An equally important consideration should be their ability to host solutions in a customer’s data centre, on premises and in hybrid cloud environments. Assured can provide all of these services.