The rapid growth in cybersecurity threats that organisations have faced over the last two years has not gone unnoticed. Already enterprises, regulators and governments take cybersecurity seriously, but the effort that goes into mitigating the risk posed by cyber threats is going to gather further steam in the years ahead. For the channel, this is a massive opportunity for both technology and services engagement.
Gartner research tells the story: By 2025, 40 per cent of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member. A further 70 per cent of CEOs will mandate a culture of organisational resilience to survive coincident threats by cybercrime, severe weather events, civil unrest and political instabilities. That same research shows that the scope of the danger is escalating, too. By 2025, threat actors will have weaponised operational technology environments successfully enough to cause human casualties.
Addressing these challenges requires new ways of looking at data, security and broader company resilience. Companies such as Dell Technologies, with its innovations in cyber recovery and its ability to provision and support managed services, are aiming to lead the way in adjusting cybersecurity strategy.
The new response paradigm
To successfully protect against these threats, and achieve the kind of resilience that will be required right up to board level, enterprises are going to need to come to a new understanding regarding security and recovery.
Currently, much is being said about disaster recovery as part of business resiliency. Disaster recovery is a series of policies, tools, and procedures that allows for the ongoing operation of a business through an event. If, for example, a datacentre floods or is subjected to fire damage, what contingencies are in place to ensure the ongoing operation of the business?
The pandemic over the last two years brought into sharp focus the need for business resiliency and, subsequently, disaster recovery. What many business leaders are less aware of, however, is the additional need for cyber recovery, which is something different to disaster recovery.
Cyber recovery builds on top of the disaster recovery platform, and assumes that disaster recovery infrastructure is already in place, but it goes beyond what a disaster recovery system will manage. Where a power outage, fire, flood, or similar event might be localised, cyber attacks are typically not limited to a specific location so their impact can often be felt globally, even with traditional disaster recovery solutions in place.
This means that a cyber recovery solution needs to be handled differently. Where disaster recovery is focused principally on keeping copies of data and being able to restore it quickly, cyber recovery cares a great deal about the integrity of the data; it needs an “air gap” such that a cyber attack won’t be able to penetrate and affect the protected data.
What should a cyber recovery solution involve?
According to Dell Technologies, cyber recovery can be achieved by leveraging specialised recovery technology across a three-step process.
1) Detect: The IT team should firstly have the ability to detect when the environment has been compromised. The closer this occurs to the moment of attack, the better, and with cyber attacks occurring every 11 seconds the security environment needs to be always “turned on” and able to respond. Dell Technologies’ managed detection and response, powered by Secureworks Taegis XDR offers users advanced analytics and threat intelligence to ensure that the monitoring of the environment is in real time.
2) Respond: Once detected having the appropriate systems in place to quickly lock down and secure the environment, and then deal with the malicious attack, is key. Dell research shows that 72 per cent of companies that are compromised need external help in addressing the challenge, and here too there is room for channel partners to offer robust managed services.
3) Recovery: One of the major modern trends in cybersecurity is to have an “air gap” between its IT environment and its backup and restore data. For example, Dell Technologies’ PowerProtect Cyber Recovery solution protects the most critical data in a vault environment. The vault is ideally physically isolated – a locked cage or room – and is isolated from the cloud and other networked environments via the air gap. Vault components are never accessible from production, and access to the vault target – when the air gap is unlocked – is extremely limited. In the event that an IT environment is compromised, having the assurance provided by the air gap can result in a more effective and time-efficient recovery.
The channel play in cyber recovery
The desire to put some physical, technical, and managerial distance between the computing environment and the air gapped cyber recovery vault will lead many enterprises to adopt this as a managed service. This is a big opportunity for the channel, as part of a broader engagement around security and business resilience.
More than anything else, however, enterprises are looking to the channel to provide consultancy and expertise. Across many sectors, businesses are grappling with an unprecedented surge in cyber-threats, and the rapid shift to decentralised computing has left many of them unprepared to face these challenges. With cyber resiliency set to become one of the top board-level considerations, channel partners that can add value in this area are set to become deeply valued.
For more information on Dell cyber recovery solutions, and the opportunity for channel organisations, click here.