Building a robust backup strategy for new remote workers

Building a robust backup strategy for new remote workers

The new working from home model has posed a number of challenges to businesses far and wide. Jay Ralph, Cloud Management Lead, SoftwareONE, suggests some best practice approaches to help tackle them head on.

Data is the critical asset for modern organisations, sitting right at the beating heart of business growth and productivity. As a result, keeping it secure and having a robust backup and recovery plan in the event of an IT failure or cyberattack should be a top priority for all business leaders. The consequences of failing to do so can be truly catastrophic. Data breaches are estimated to cost enterprises an average of US$3.92 million and 60% of companies that lose their data may end up shutting down within six months of the disaster taking place. Businesses are also facing rising regulatory scrutiny, meaning the risks of data loss now stretch well beyond lost intellectual property and revenue.

Now, as great swathes of the population have shifted towards working from home as a result of the COVID-19 pandemic ‘lockdown’ and may continue to do so after the crisis is over, businesses have quickly had to address how to secure their new remote workers. This is not always easy, especially for those organisations with a lower level of digital maturity than firms who’ve already been supporting flexible and homeworking for years. Those responsible for IT at businesses large and small must also grapple with an increasingly complex, siloed IT landscape; the number of hybrid cloud enterprises grew from 51% in 2018, to 58% in 2019.

To overcome the challenges facing businesses during this time, here are three steps they can take to ensure their data crown jewels are protected, no matter what.

  1. Improve visibility

Digital Transformation means more data is being produced today than ever before, and applications are on the front line. These applications are stored across a range of IT environments, which makes it difficult for IT teams to know where business-critical data sits, let alone carry out the correlation and centralisation processes required to back it up effectively.

Different lines of business may store information in different locations, even if they are using a similar environment. For example, both the finance and HR departments may use cloud services, but one might be using apps on Azure and another on AWS. This makes it even more difficult for IT teams to gain visibility, as the same data may be stored in multiple cloud environments, as well as on-premises. A sustained increase in homeworking beyond the current crisis will make this problem particularly trying, especially as well-meaning employees – in a well-meaning bid to keep working and keep productive – purchase their own cloud applications and services from consumer app stores.

Implementing a single, overarching management layer is a crucial first step to providing IT teams with the visibility required to build a successful backup and recovery plan. This can show where mission-critical data sits and its level of protection, as well as how it can be accessed and restored if the worst happens – be that an accidental deletion or a targeted ransomware attack – all in one location.

  1. Standardise your approach

Once IT teams have established where critical data resides, the next step is to create a standard process of how it will be backed up. As businesses increasingly move to the cloud, it is extremely likely they will be using multiple providers – in fact 81% of public cloud users work with two or more. Although these providers have their own backup policies, there is no standardised process and therefore no guarantee that data will be protected in the same way. Businesses need to ensure their providers’ policies align with their own needs. At the same time, in a hybrid environment, data could reside in both 365 and in some on-premise solutions like file servers, hybrid SharePoint or Exchange deployments. Though different scenarios, a standard approach is required.

Companies need to establish and implement a single, centralised backup policy across the entire IT environment that addresses the needs of the business, no matter where the data actually resides. Creating data audit trails can be useful here, as they can track who created a copy, where it was accessed and for how long. This means companies know where their most important information is at all times and can ensure that their data is properly backed up and compatible with the wider corporate strategy.

  1. Secure the backup

The next piece of the puzzle is to securely store and isolate backups from the broader network. This will ensure that if a cyberattack does occur, backup recovery will not be compromised. Part of this involves encrypting the data being backed up, in transit and at rest, and putting in place robust access management to ensure only authorised entities can access it. End-to-end encryption means that any stolen data is rendered useless, ensuring businesses don’t fall foul of data regulations if they’re breached.

Businesses should not leave data security and backup to chance. Digital Transformation has increased the threat surface for cyberattacks, leaving companies far more vulnerable to serious breaches than ever before. We are also currently experiencing an increase in remote working that may in fact remain as the ‘norm’ for many, even when the present threat from COVID-19 recedes. It is crucial that companies have effective backup strategies in place, so that any lost data is easily recoverable. This will also protect businesses who over the past couple of months have facilitated home working for employees that previously would never have worked anywhere other than in the office. These workers may be less tech savvy and there may also be fewer corporate policies in place to govern remote working; as a result, the margin for error is subsequently wider. So, by improving IT visibility, creating a standardised process for data back up and enhancing security, businesses can be confident that their data crown jewels are protected, no matter what may come their way.

Browse our latest issue

Intelligent CISO

View Magazine Archive