• United States

Skimping on business data protection could be a costly mistake

Jun 28, 20185 mins
Cloud ComputingCloud Security

A look at the importance of rapid data recoverability and high availability to mitigate the potentially negative business impact of taking shortcuts and relying on cloud partners too much.

data loss running water faucet costly mistake waste
Credit: Getty Images

Data is essential to the smooth operation of any organization. Whether it’s data on your products, customers, or competition, you need it to do business. Your software and systems are dependent on the data that’s fed into them.

Big data may be gathered by IoT sensors in vehicles and buildings, smartphones, and from countless other data points to inform big decisions. But at a granular level you also need small pieces of data to function. Without credentials you can’t gain access to the big data, contact suppliers, or even tweak the air conditioning system.

Our dependence on data is profound, you might say it’s your business DNA because it’s crucial for survival and growth.

Of course, none of this is apparent until something goes wrong. It’s when you lose access to data that you realize just how much you need it and how easy it is to take automated access for granted.

The cost of data loss

The potential cost of a data breach is enormous. The global average is $3.6 million, or $141 per data record, according to the IBM-sponsored, 2017 Cost of Data Breach Study from the Ponemon Institute. Those figures were calculated before the General Data Protection Regulation (GDPR) came into effect with non-compliance potentially leading to fines of up to 20 million euros ($23.3 million) or 4 percent of the total worldwide annual turnover of the preceding financial year, whichever is higher.

When data is stolen or lost, companies often struggle to get back on track. Downtime is disastrous for any business – it can’t take orders, customers are up in arms, and nothing can be shipped. Not only is there the cost of any punitive fines for regulatory breaches to consider, the data still has to be recovered and the threat that led to the incident must be mitigated. Only then can the hard work of repairing damaged reputations begin.

Consider that 56 data records are lost or stolen every second, according to the Breach Level Index, and you have some idea of the scale of the problem.

Concealed in the cloud

There are lots of sound business reasons to embrace the cloud. It offers rapid scalability and flexibility enabling organizations to focus on what truly differentiates them in the marketplace, but the rush to migrate has led to some dangerous shortcuts.

Shadow IT – things that go beyond the watchful eye or direct control of IT departments – represents a serious security risk. We’re talking about more than 50 percent of IT spending for many large enterprises, says the Everest Group.

If you are keen to leverage the potential of the cloud, it’s crucial that you’re aware of the potential pitfalls of cloud data management. Take the time to plan your migration properly, assess what is critical data to your operations, and take steps to protect it and make it highly available and rapidly recoverable.

Understand that you can’t rely solely on cloud vendors to safeguard your data and application availability.

The race to recover

The per day, hour or even minute cost of downtime varies from company to company, but what we can say with confidence is that every organization that suffers an incident wants to get back up and running as fast as it possibly can. If there’s no storage snapshots to clone and quickly bring back online nor a recent backup that can be swiftly accessed, then there’s a very real risk that you’re going to lose valuable data permanently.

Even if you have an older backup and decide to recover that, you may find that configurations are out of date, passwords no longer work because they’ve been changed, and business records and accounts are gone. Think about how you would deal with an incident like that if the data proved irrecoverable. The cloud vendor may be to blame, but your management team, customers and the regulatory bodies will still hold you accountable.

The faster you can recover, the better the chances are your business will survive, but the truth is that major data breaches are often bad enough to take down entire companies.

Weighing it up

Organizations often skimp on backups and redundancy to save money, but it’s a false economy based on short-sighted thinking. It’s not possible to build impenetrable defenses and even if it was it would be prohibitively expensive. But let’s say your cybersecurity is that strong. It’s still possible for an employee to accidentally delete something of vital business importance. It’s possible for hardware underpinning cloud systems to fail.

The chances are high that your business will suffer from data loss or theft at some point. When Bitdefender surveyed 250 IT decision makers, 34 percent of them reported breaches within the last 12 months and 74 percent of them couldn’t identify the cause of the breach. Accept that you can’t fully prevent data breaches from happening and plan accordingly.

If a few thousand dollars seems too expensive right now, try to calculate the potential cost of an irrecoverable loss of business-critical data or many days of extended downtime. We pay insurance premiums because the cost of an incident can be catastrophically high. The same logic applies to data protection and high availability in the cloud. Properly insulated, high availability, regular backups and replication, and the right data protection mechanisms baked in from the start can be the difference between recovering from a malware infection, ransomware attack or unexpected cloud service failure and not recovering at all.


Rick Braddy is founder and CEO of Houston-based SoftNAS, a cloud data platform company and software-defined NAS provider. Rick is responsible for SoftNAS business and technology strategy and R&D.

Rick is an innovator, leader and visionary with more than 30 years’ of technology experience and a proven track record of taking on business and technology challenges and making high-stakes decisions. Rick is a serial entrepreneur and former Chief Technology Officer of the CITRIX Systems XenApp and XenDesktop group and former Group Architect with BMC Software. During his 6 years with CITRIX, Rick led the product management, architecture, business and technology strategy teams that helped the company grow from a $425 million, single-product company into a leading, diversified global enterprise software company with more than $1 billion in annual revenues.

Rick is also a United States Air Force veteran, with military experience in top-secret cryptographic voice and data systems at NORAD / Cheyenne Mountain Complex.

The opinions expressed in this blog are those of Rick Braddy and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.