Disaster Recovery and Business Continuity Are Not the Same Thing
Vidal pointed out the differences between a disaster recovery (DR) strategy and business continuity. “First and foremost, disaster recovery is designed to allow you to respond after a disaster occurs. The question is how quickly you’re going to respond,” he said.
He explained that both a recovery point objective (RPO) — the point in time from which data can be restored — and a recovery time objective (RTO) — the amount of time it will take to recover the data — factor into a disaster recovery plan. “In the business continuity plan, if done correctly, it has a DR strategy and an RPO of zero, meaning that it takes me zero time to respond. My systems are disaster resilient,” Vidal said.
Vidal said the best business continuity strategy is to never have to worry about recovering any data, because you have a local copy as well as a remote copy. “If your business continuity and disaster recovery plans are designed properly, we can then ensure that you have multiple copies — and you have copies that are not visible to those bad actors.
Security Needs to Take a Zero-Trust Approach
Vidal stated that, since the beginning of the pandemic, the average amount of time it takes to recognize the presence of bad actors has grown from 145 days on average to 240 days, and the number of cyberattacks has gone up by more than 75 percent.
“There are hundreds of thousands of people. This is a multibillion-dollar industry going after our data, going after our customers and going after our personal information or our corporate secrets, to share those. So, we have to look at locking down that trusted supply chain with a zero-trust security layer, all the way up to the workload layer,” Vidal said.
The state of cybersecurity is what Vidal said drove HPE to create Project Aurora, “which has now given us an opportunity to create a set of solutions that start with a secure supply chain, which locks down via Silicon Root of Trust across all of our servers, storage and networking products. That allows us to start with a zero-trust layer and then build each other layer subsequently on top of the one before that. It flows through the infrastructure, through the hypervisor, the platform and the workload. We have a secure layer of zero trust, and zero-trust plug-in modules at each layer of the solution, so that we can guarantee that your solution can't be hacked.”
Addressing the Many Challenges of Data Protection
Ruben Chacon, vice president of technology and CISO at CDW, also joined the conversation to highlight several common challenges many organizations face in keeping their data safe.
First is the evolving threat landscape. “There are malicious actors always looking for ways to achieve their objectives,” he said. “Their tactics and techniques and procedures are always evolving, taking advantage of any vulnerability they can find on people, processes or technologies. So, vulnerabilities in any of these spaces can lead to a security breach.”
The second challenge is that organizations are always changing. “Change is complex, especially if we consider the fact that organizations are part of an ecosystem. Organizations are not standing alone, without any connection. We're connected to the internet — to many other entities, such as partners, vendors, customers, which increases the complexity when it comes to protecting our data.”
Another challenge is that data is everywhere. “It’s in the databases of our systems, it’s on email, on the cloud, on user computers, and many other repositories,” Chacon said. “The challenge is that there is not a bulletproof technology or process or program to ensure complete protection. It doesn’t matter how much you invest in the cybersecurity space; the reality is that something will happen in the future.”
Chacon said he thinks researchers should invest more in cybersecurity programs that take an adaptable approach to preventing, containing and remediating attacks. “We should invest more on detecting faster so we enable a better response and recovery. In other words, we prove our resiliency.”