• November 30, 2021
  • Catagory Data Protection

Make sure your endpoint backup safeguards your most critical business information

By : Sanjeev Spolia

Endpoint backup remains essential, especially with the emergence of the hybrid office and the persistence of remote work, but that doesn’t mean all your data needs to be backed up. The right cloud-based data protection can cover all the bases while being discriminating about what it stores.

The main reason you must back up every endpoint is that business data is distributed across devices and remote locations. Today’s cloud-based data protection makes it easier because it recognizes that employees are more mobile, and their devices have increased in storage capacity and may store critical business information. But you’re certainly not going to want to back up every single bit of data from an employee’s device, especially if they’re a remote worker using a personal device as their workstation.

Discover every endpoint

A key challenge for data protection efforts is that not all endpoints are connected to your corporate network, but you still need to understand what endpoints must be backed up regardless and accommodate both the device type and how it connects.

In some cases, it’s easy to schedule cloud-based data protection at regular intervals based on the value of the data and how frequently it changes because they are on your network or can connect as needed to back up their data.  However, laptop connectivity can vary wildly depending on the employee with some remote workers always at home while others may be more mobile. Executives have a reputation for living on their smartphones, putting their entire office in the palm of their hand.

It’s critical that you understand where your critical business information resides, but that doesn’t mean backing up single device, application and server is the answer.

Pick and choose your data

Endpoint backup isn’t necessarily expensive, but do you want to spend money on data protection for information that won’t be missed?

Not all data is created equal, so consider building a data classification strategy. Not only will you not waste time and resources backing up non-essential data, but the exercise will you better understand what digital information is critical to your business operations. By classifying your data, you ensure that the data that truly matters is safeguarded and replicated without overprovisioning your endpoint backup capabilities, whether it’s your on-premises infrastructure or cloud services.

The added benefit of data classification is that you can improve your compliance posture so that you’re applying adequate protection for sensitive information that may be governed with privacy legislation such as Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Data Protection Regulation (GDPR). It’s also an opportunity to streamline your production IT—the more systems you have in place, the more complex the data classification and endpoint backup. Standardizing on a single document management system or CRM will make it easier to find where the critical business information resides so it’s consistently backed up.

Regulatory compliance and data classification are a continuum because your critical business information changes and grows in volume in line with your business. For your endpoint backup to remain accurate, consistent, and comprehensive, consider engaging a managed service provider to help you architect a strategy that can help you classify data, create sound policies, and automate where possible so that your critical business information easily accessible in the event of any emergency or disaster.

  • November 16, 2021
  • Catagory cloud backup

Keep your data protection simple by using cloud backup

By : Sanjeev Spolia

When it comes to data protection, simple is always better, even as remote work and hybrid offices makes things more complex.

Even as endpoints flourish, you should continue to streamline your systems by leveraging cloud backup and combat complexity—the more systems you have in place, the more likely something will go wrong. You must balance redundancy with simplicity.

Even before the pandemic and the massive proliferation of remote endpoints, there were already many different applications and systems needing backup as lines of businesses spun up their own Software-as-a-Service (Saas) applications such as Microsoft Office 365 and Salesforce. Even worse, they assumed data is automatically backed up by the vendor. But in addition to those applications, you need to keep track of your servers, physical and virtual machines, and multiple endpoints that include workstations and laptops, satellite offices, and of course, remote workstations, which may even be an employee’s personal device.

The attack surface has expanded since the pandemic but having multiple data protection systems isn’t the answer. Instead, consider a single cloud backup service with built-in redundancy. As with any application, a data protection system has its own maintenance requirements and processes, so it’s best to have one that’s well-managed and reliable that makes verification simple. That way, you can be confident all your data, regardless of application, server or endpoint, is being consistently backed up. Having as single cloud backup service is also better for your IT budget.

However, depending on your environment, it may not be realistic to have a single cloud backup solution; your best approach is to implement a select few data protection systems to meet user requirements so that your IT team isn’t overwhelmed by too many backup tools as the resulting complexity will lead to misconfigurations and ultimately, a data breach that leads to a business disruption.

Having confidence in your cloud backup isn’t just important for your IT team. Data protection plays a strong role in maximizing business uptime, so you’re not only trying to keep senior IT management happy—the CEO has a stake in data protection, whether they realize it or not.

Like any application you implement to realize business goals, not all data protection and cloud backup systems are created equal. In addition, IT environments are more dynamic than ever thanks to digital transformation efforts, the emergence of the hybrid office, and the persistence of remote work. When selecting a cloud backup solution, be sure they meet all your data protection criteria including compliance, security, and restoration windows.  You might want to consider taking the opportunity to replace legacy systems that can be difficult to back up, rather than keeping them going because it will reduce maintenance costs, add data management capabilities, and improve your overall data protection effectiveness.

Remember that data is more portable than ever, too, especially when fewer people are working in the office behind the corporate firewall. If applications and data are spread cross multiple clouds, as well as endpoints and workstations, then your cloud back solutions must consider that your data is distributed across many platforms, as well as understand the built-in data protection of SaaS productivity applications—not just what they can do, but also what they don’t do.

A dramatic increase in the number of remote workers and the emergence of the hybrid office are great reminders that the need for robust data protection is never going to go away. As the year ends, take the opportunity to revisit the cloud backup solutions you have in place and implement a strategy to modernize it as needed to reflect the world of work with the help of an experienced managed services provider.

  • December 10, 2020
  • Catagory cybersecurity

Not all business information is sensitive data

By : Justin Folkerts

The trick to protecting sensitive data is understanding not all business information must be protected.

Even organizations that understand the need for robust information security spend heavily on software and hardware without measuring its return on investment (ROI), only to still fail at safeguarding the most sensitive information that’s the lifeblood of their business because they failed to define what it is before apply security controls.

If you want to adequately protect your most valuable data, you must understand which business information is most critical to your bottom line.

Not all data is equal

It’s seems counter-intuitive, but the reason information security often fails to protect sensitive data is the mistaken belief that all information must be protected equally. Even before the pandemic and remote work became the norm, distributed workers, branch offices, mobile devices, and the evolving Internet of Things (IoT) meant organizations have had to become smarter about how they secure sensitive data. Now it’s more important than ever to make the business case for information security.

The business case isn’t a request for a bigger information security or more technology. Rather, it’s about identifying sensitive data, understanding its value, and being clear about what’s necessary to protect it. You need to operationalize a change in mindset that delivers ROI and protects the sensitive data that powers your business.  However, it can be difficult for organizations to step back and understand what data is the most valuable when it’s growing exponentially.

One thing is for certain, however: Trying to protect every single bit of data equally isn’t cost effective.

Sensitive data must be defined to be protected

If organizations are to marshal their information security resources effectively, they must narrow their scope and define what constitutes sensitive information. While the definition can be guided by compliance and regulator obligations, it’s just as important to figure what data constitutes as a critical asset to the business.

Just as a fleet of trucks are critical assets for a transportation company, every business today has stored information that is critical to daily operations—that’s the sensitive data that must be protected. Otherwise, there are financial repercussions in the form of lost competitive advantage and fines for non-compliance, both of which lead to lost revenue, as do settlements from litigation and damaged reputations.

While compliance obligations and privacy legislation do dictate that some information be prioritized by information security strategies, they’re just the beginning. A healthcare organization that may have all their patient data effectively secured but not have all their research data protected—it’s just as valuable as it may support patent application or attract grant money, and has the potential to generate revenue. Personally Identifiable Information (PII) is always an obvious candidate for protection because compliance and regulatory frameworks deem it as sensitive, but intellectual property or data that’s essential to running your business is just as critical.

Treat sensitive data like a business asset

If you want get ROI from your information security spending, you need to think differently. You must understand your data on a deeper level so you can assign a value to it. There’s plenty of information residing in your organization that won’t cripple your organization if it’s lost. But your sensitive data must be assigned appropriate valuations that will be the of a business case for information security spending.

Getting an ROI on your information security spending is about anticipating incidents that haven’t happened yet, much like an insurance company considers the likelihood of natural disasters. To determine sensitive data and its value, you must weigh the cost of the protections you put in place with the financial impact of any breach and its likely frequency.

The simplest approach its to categorize data in three ways: data can be shared freely; sensitive data that can be shared with certain audiences in specific ways, and data that must remain confidential to the organization and never shared. The process of segmented and prioritizing data enables to apply the appropriate information security controls, so you understand the complete lifecycle of all data and adequately protect it based on the repercussions of losing it.

Treating sensitive data like a business asset enables you to make the case for information security so ROI can be effectively measured so can protect these valuable assets as you would any other important investment.