This should not come as a surprise. Given the amount of data companies have come to rely on, a data centre provides an attractive target for malicious users. And while many threats come from external sources, disgruntled employees leaving the organisation can never be discounted.
An organisation has to contend with a large surface area when it comes to effective cyber security implementation. And while implementing a traffic light system (red, yellow, and green) to identify risks, might be a good initial strategy, it is by no means a silver bullet. This especially comes into play when looking at disaster recovery. In theory, making backups and having access to them should indicate a green light. Yet, what controls have the company put in place to govern the person who has access to the backups and who can restore them?
Given how the data centre has become a very targeted way to cripple an organisation, decision-makers need to scrutinise their disaster recovery and business continuity policies even further. Having the restore activities go through an internal IT security team is one way of dealing with the potential problem, any cyber security policy needs to be judged by the way it is implemented.
It is a never-ending enablement journey. Cyber security, especially in how it forms part of the modern data centre, does not simply entail a fire-and-forget approach. Organisations need to invest in proper techniques, systems, policies, and even broader forms of availability to keep them more secure. This is one part of a digital transformation effecting every organisation around the world.
The organisation needs to ask itself what the expectations are around availability and in which situations it becomes necessary. Yes, most companies have high demands of the continuity of their data centre but it is in the way data is restored that becomes the challenge. Consider the implications if the person who restores the data has access to the files. Opening the CEO’s email and going through sensitive information becomes so much simpler this way if care is not taken around permissions and policies.
While the temptation is there to over permission, companies need to take role-based access to backup files very seriously. If not, the data is there for all to access and do with what they want. When it comes to cyber security, decision-makers need to work closely with their IT departments to align business needs with the right level of protective measures.
Only then will the modern data centre and the associated backups be on the way to be better protected. Cyber security is a global issue and one that no organisation, irrespective of size and industry, can afford to ignore. However, it is not just about protecting systems but also about securing backups to maintain operations in the event of a disaster.
