In an interaction with Dataquest, Ripu Bajwa, Director –Data Protection Solutions, India, Dell EMC shares his views on data protection challenges faced by Indian enterprises. He points out at Dell EMC’s role in the whole ecosystem.
What are the challenges in data protection that Indian businesses are dealing with?
Indian businesses have largely deployed robust solutions for data protection which gives them complete protection from traditional threats. However, one of the primary challenge that affects the Indian businesses is external or internal security breach which results in data loss. As one of the recent reports revealed, 33 reported data breaches leading to almost 36.6 million data records being compromised in India during 2016, an increase of 14 percent compared to 2015.Identity theft and unauthorized access to financial data were the leading type of security breaches in 2016, accounting for 73 percent of all data breaches. Going forward Ransomware attacks will not only target end points like PCs but also focus on making lateral moves from these end points to other critical information assets within the organization. Another major obstacle which lies in the path of Indian businesses is the lack of confidence to fully recover their systems or data in the event of data corruption or data loss.
How can they protect their data?
Cybersecurity has established itself into a concrete industry altogether as we have seen a humongous rise in the number cyber attackers in the last few decades. Today, data theft is seen as a growing global crisis due to the importance of data for various organizations. Cyber attackers constantly look for alternatives to break into the most protected and secured systems and networks. There are multiple ways which Indian businesses can take to ensure safety of their data. There is a lot of sensitive information within an organization and the best way to safeguard it is by limiting its access and also ensuring proper authentication measures required to access the data. Setting up a good security solution is essential to prevent cyber-attacks in the cloud operating model environment – be it Private, Hybrid or Public. A device containing sensitive information should be encrypted to prevent data theft. Most operating systems and softwares today have in-built encryption options. This will ensure an extra layer of security that the Indian businesses would need to safeguard their information with.
What steps should CIOs take to protect data and prevent data loss in the event of a disaster?
Cyber criminals look to maximize their profit through various mobile malwares as mobile devices are prone to cyber threats. Generally people store most of their confidential and important data on their smartphones which makes it even more essential to protect them from cyber-attacks. ‘Trojans’ lead to data breach as they are disguised as mobile apps and is unknowingly downloaded by us. We usually try to cover up when we have been compromised with a cyber-attack. But what we must realize is that the attacker can share or sell this data which might be time sensitive for monetary benefits. Hence, CIOs should take essential steps to ensure that they safeguard their data with effective Modern Data Protection solutions which provide a seamless data protection view as the data moves from edge to core to cloud.
What are the best practices that Indian CIOs and CISOs need to adopt?
In order to protect their business from data losses, Indian CIO's and CISOs need to adopt certain crucial practices. To stay protected from threats like hacking and accidental data loss, it becomes essential to create protection copies. Sometimes, those protection copies are at risk too as hackers may take them down as well. Businesses can also leverage advanced data protection solutions and separate copies of their data from the network. CIOs and CISOs must look for more holistic, security-by-design solutions. They must also have a disaster recovery plan in place to ensure that the business can survive cyber-attacks and data loss. Deploying adequate security solutions along with encryption of sensitive data is among the other best practices that an Indian CIO/CISO need to implement in order to ensure data protection.
How can Dell EMC help organizations in protecting their data?
Within our Data Protection Solutions division, we are focused on providing data protection everywhere, across a continuum of recovery options and for different workloads. Cybersecurity is a key part of that focus.
As destructive and ransomware attacks grew over the last few years, traditional cybersecurity defenses such as firewalls, intrusion detection and prevention, SIEMs, etc. were no longer enough. Organizations needed to focus more on the ability to recover from even a slightly successful attack that destroyed production data or encrypted it to prevent them from accessing it.
To meet this need, we provide a full range of data protection capabilities that can protect data on one of 3 levels that we call “Good, Better, or Best”:
- Good: Have a backup for all data with a recovery point and time that matches the needs of the business. Don’t forget data born in the cloud (eg Office 365, Salesforce.com) and endpoint data (laptop, desktop, remote office)
- Better: Harden the backup infrastructure so that it can withstand a direct attack. For DellEMC, that means enabling encryption capabilities, switching off unneeded ports and deploying special capabilities such as retention lock and security officer settings
- Best: Protect the most business-critical data with a third copy which is isolated by an operational air gap, creating a “gold copy” of data that can be available for recovery even in a catastrophic attack. We call this our Isolated Recovery Solution.
How does Dell EMC's Isolated Recovery Solutions stand in the competitive market place?
Today, the Isolated Recovery Solution stands on its own – it is a corporate initiative with a lot of resources. So we have invested a lot of time and effort in developing the solution, talking with our customers about their requirements and hardening and testing the solution. In addition, the unique capabilities of the Data Domain storage platform make for a very powerful Isolated Recovery Solution. This includes Data Domain’s amazing deduplication rates (which insure the air gap is open for shorter periods); the ability to harden the solution with capabilities such as retention lock; replication capabilities outside of the backup software process; etc.
Who are the SIs and partners you are working with to take your recovery solutions to the customers?
Isolated Recovery has been extremely well received by our SIs and partners, with many sending their consulting professionals to be trained on implementation of the solution. We are also in many discussions for our partners to offer Isolated Recovery as a service, to provide additional options to our customers.