How to Protect Against Data Sprawl
With data spread across many locations — including cloud services — protecting and managing it becomes even more challenging. Because the cloud is so easy to deploy, Manley said, it’s easy to lose control or lose track of data quickly.
Manley suggested that IT organizations shift their mindset away from a focus on infrastructure and “controlling the machines.” Instead, he said, “It’s about getting that copy of the data to provide that safety net” in a way that makes end users comfortable.
Organizations also must make sure they can scale data protection across their entire environment so that, as users make different choices and adopt different applications and locations, the same service can be applied universally.
Finally, data protection plans need to anticipate malicious activity too. “You’ve got to swing to new workloads,” Manley said. “And then, on the back end, new threats from cybercriminals as well as more regulations from the government.”
Ransomware Continues to Be a Major Threat
Manley said all organizations should expect to be victims of ransomware at some point. He advised, “When you get hit with ransomware, you need copies of your data as remote as possible.”
He outlined four key steps for dealing with a ransomware attack:
1. Be aware of what your backup infrastructure is, and be sure you have copies that are safe.
2. In addition to protecting your data, your plan must provide anomaly detection.
3. After an attack, data must be recovered quickly, but you must ensure you’re recovering a version of the data that hasn’t been hit with ransomware.
4. Before restoring data, scan for any malware and remove it.
“You really need an end-to-end plan that’s going to deal with ransomware,” Manley said. “It’s not a question of if ransomware will hit you. It’s a question of when.”
Effective IT Strategies Can Help Defend Against Attacks
Ruben Chacon, vice president of technology and CISO at CDW, echoed Manley’s sentiments, saying, “Nothing can be fully protected.”
Chacon said it’s important for IT organizations to be ready to detect and contain an attack quickly, “be ready to respond, and be ready to recover.”
Chacon recommended that organizations make sure they have the right information backed up, test frequently to ensure that their backup processes are working correctly, and store their backups offsite.
Such measures won’t protect against all malicious activity, but they will offer significant defenses against major threats such as ransomware, phishing, social engineering, business email compromises and targeted attacks by nation-states, Chacon said.
How IT Strategy Can Support Business Outcomes
Lee Washington, vice president of infrastructure at CDW, also joined the conversation to talk about the benefits of developing a comprehensive IT strategy. He suggested IT leaders should be asking, “How are we able to maximize our infrastructure assets and track them to support business objectives?”
“Our goal really should be to build underlying hardware and software that can respond dynamically and more efficiently to the changing needs of workloads,” he said.
Truly understanding the applications your organization uses will help give the power to harness a dynamic infrastructure, leading to specific business outcomes.
Washington said an effective IT strategy should help organizations achieve business outcomes such as: predictable spending; thorough evaluation and understanding of applications; automation, which can be leveraged to accelerate delivery; increased opportunity for innovation; and the creation of a crisis-resilient infrastructure.
Most important, Washington said, organizations must consider how to accomplish these outcomes in a safe and secure environment.