Arguably, GDPR is the highest-profile emerging data protection rule in the global regulatory movement. Its impact has certainly been significant and, for a growing number of organizations, extremely costly. According to law firm DLA Piper, as of January 2021, 272.5 million euros ($332.4 million) of fines had been imposed for infringements relating to the regulations.
And while significant progress has been made, with the United Nations Conference on Trade and Development (UNCTAD) reporting 128 out of 194 countries with data protection legislation in place in 2020, there are also significant data protection weaknesses, and cybercriminals are always on the lookout for vulnerabilities.
Ransomware on the rise
Organizations today face more serious threats to business data than ever before. Ransomware attacks grew by 150% in 2020 and have become an existential threat globally, putting entire data estates at risk. Even with GDPR requirements in mind, companies often overlook ransomware, which can affect an organization’s entire technology stack. Every company suffering a breach should fully evaluate its scope and impact. And every company must be prepared to defend itself against this scourge.
When it comes to ransomware, it’s not a matter of if, but when. Attacks continue to rise in both volume and severity as cybercriminals develop new and unexpected methods to encrypt data. According to Cybersecurity Ventures, ransomware is expected to attack a business, consumer, or device every 2 seconds by 2031, up from every 11 seconds in 2021. Global ransomware costs are expected to rise from $20 billion in to $265 billion in that same time frame.1
Your organization needs to treat ransomware as a disaster scenario you know will happen.
Shifting focus from protection to recovery
While you almost certainly have taken actions to prevent data loss, a surprising share of IT organizations have paid little attention to recovery. That oversight can be costly. From a recovery point of view, it’s a depressingly familiar story: An organization wakes up to find its files are locked down, and its latest backup is from the previous night or week – or even the previous month. When the potential for data loss reaches this far back in time, businesses often face huge recovery costs, a situation that could spell disaster.
Recovery is critical to your ransomware defense strategy because for your data to be truly protected, it needs to be recoverable—quickly and entirely. Typically, the weak link in data protection involves legacy solutions that protect data by using periodic snapshots, and the gaps between these snapshots are far too long. For organizations that rely on the always-on digital economy, the new imperative is data protection that keeps up with the speed of business, protecting data continuously, in real-time.
Continuous data protection (CDP) recognizes every single change and update to your data. It tracks and captures data modifications in real-time, ensuring that every version of user-created data is stored locally or at a target repository via incremental writes that are replicated continuously and saved to a journal file. In a recovery situation, administrators can restore data to any point in time with granularity. It lets you essentially “rewind” business operations to a point moments before any disruption occurred, where anything from a single file, virtual machine, or an entire site can be brought back with minimal data loss and disruption.
Backup, retention, and data mobility
As IDC put it in a recent report, “In response to the need for ever greater application availability with less data loss, a new generation of continuous data protection technology is emerging to significantly reduce recovery point objectives (RPOs).” And the value extends beyond cyberattacks to other use cases where organizations struggle with traditional approaches, particularly around backup and long-term retention.
Backup and restore
Backup focuses on day-to-day restores and recoveries of specific files, VMs, or volumes. Because you are not protecting this backup data against a specific disaster incident, it doesn’t need an entire site recovery. A CDP solution can save time and money by automating and simplifying backup operations and enabling granular recoveries.
As its name suggests, long-term retention addresses the need many organizations have to store data for months or years, typically for compliance, tax, or internal business reasons. This data is rarely mission-critical and doesn’t require urgent recovery. Modern CDP solutions can be programmed to store this data on cost-efficient media that’s not as immediately accessible, freeing up other storage tiers for operational data storage and recovery.
Data mobility between clouds
As more organizations embrace the flexibility of modern infrastructure, applications are frequently moved seamlessly from on-premises to multi-cloud. IDC, for example, says that 70% of CIOs now have a cloud-based strategy for application deployment. However, data protection strategy must keep pace with this approach to meet SLAs while ensuring applications and data remain available, regardless of the disruption. CDP solutions that offer unified, scalable, and automated data management make workload and data mobility across clouds simple and quick.
These are all vital issues, and in practical terms, they can help you focus on some important questions when building a CDP strategy. When searching for a solution, keep these critical capabilities in mind:
- How fast can the solution deliver recovery, given short recovery time is fundamental to data protection? Consider the difference between the near-zero RTO of continuous backup capabilities versus snapshots and time-lagged solutions that can only capture data every few hours.
- Does the solution have application-consistency grouping to protect not only mission-critical VMs but also business-critical applications for both short-term and long-term retention?
- Can the solution deliver CDP at scale, and how does it run in the cloud?
Zerto, a Hewlett Packard Enterprise company, ensures your data is protected and quickly recoverable with continuous data protection. In an environment where compliance has grown in importance, and where the impact of a serious data breach can be devastating to everything from reputation to profit, approaching backup as a continuous process makes it possible to ensure data remains safe.
Learn more about Zerto, including how it can get you out of ransomware jail – and find out how you can try the Zerto Free Edition.
¹ David Braue, “Global Ransomware Damage Costs Predicted to Exceed $265 Billion by 2031.” Cybercrime Magazine. Jun. 3, 2021.