14 Mar 2019
With all the controversial data breaches and high-profile cases of data mishandling in recent years, today’s techniques for protecting data against hacking typically involve a multi-layered approach – one that includes up-to-date operating systems, antivirus and intrusion detection systems.
It’s also wise to seek the service and support of a backup provider that maintains a keen eye on continuously evolving trends relating to the threats of data loss. So what are we already seeing, and what can we expect in the world of data protection for the rest of 2019? Let’s take an overview of the likely changes that will help keep sensitive and business-critical data safe, and businesses large and small running smoothly.
Cloud backup security
A secure cloud backup is now well established as one of the most powerful ways to protect sensitive and/or business-critical data from data loss – whatever the volume of data, or the nature of the business that accumulates it and is responsible for its safety. Reassuringly, the best backup providers are tuned in and one step ahead of those looking to access that data illegally. Many data breaches are easily avoidable, particularly if a company is using a cloud backup system with weak security, and the hacker has relatively easy access to those backups. A lot of USA backup providers, for example, don’t encrypt customer data stored at their datacentres – they only encrypt it during transfer.
More and more secure backup service providers are using the 256bit AES (Advanced Encryption Service), known to some as Rijandel. Developed by the National Institute of Standards and Technology (NIST) in the US, this has been around since 2001, but has only recently surged as a highly popular binary encryption specification for data of all kinds. It’s effectively uncrackable, so provided encryption happens before data leaves a premises on its way to the cloud, it’s as secure as it can be.
Virtual Disaster Recovery
A comprehensive Disaster Recovery Plan (DRP) is essential to business continuity. In a nutshell, it’s what you do to maintain ‘business as usual’ while you recover files and data in the event of hardware or software failure, or a ransomware attack, and typically it’s a replica of your normal set-up (in terms of business-critical data, and the applications and software they that handles it).
Increasing numbers of businesses large and small are expected to adopt Virtual Disaster Recovery strategies – or Disaster Recovery as a Service (DRaaS) – in 2019. This hands responsibility for swift recovery from data loss to the experts, ie. reputable backup providers, leaving businesses to focus on their day-to-day operations with confidence and reassurance. This is a welcome trend, considering so many businesses continue to overlook the importance of an effective DRP until it’s too late – mostly as it can be a time-consuming and expensive process if done in-house, and a fairly complicated one if there isn’t an IT expert on the payroll. A worthy Virtual Disaster Recovery set-up for those joining the party in 2019 should include a business-appropriate Recovery Time Objective and Recovery Point Objective.
It’s also worth mentioning Ransomware as a Service (RaaS), provided by criminals, as a rising star for 2019. Ransomware attacks are on the rise and increasingly sophisticated, and once again it’s deemed wiser (and more cost-effective) to invest in expertise than have it in-house. In 2017, US-based Cybersecurity Ventures predicted ransomware will cost businesses a collective $11.5billion (£9billion) in 2019.
RaaS is on the up, it seems, in line with a rise in ‘attack loops’. Typically, restoring from a backup deals with a ransomware attack effectively, but an attack loop infiltrates networks and can therefore spread to data that is then backed up. RaaS detects, captures and ‘quarantines’ infected files that enter the backup stream before they reach the backup itself. Again, it’s an increasingly valuable tool that’s arguably easier and cheaper to outsource.
GDPR-compliant cloud backup
This isn’t so much an insightful prediction as a pressing necessity for any business that operates in the EU. It’s already in full effect, but it remains surprising how many businesses have yet to grasp the importance of backing up data in line with the General Data Protection Regulation (GDPR). The potential pitfalls of non-compliance include losing business within the EU, and paying hefty fines.
The arrival of GDPR will make it ever clearer, as 2019 progresses, how much businesses and organisations value the data they create and hold, and will make them far more accountable for how they use and protect it. Recent high-profile data breaches and leaks have awakened consumers to the extent of responsibility companies must take for the security of personal data, and so a GDPR-compliant cloud backup strategy will be a much higher priority for many, many businesses across the world. Many see 2019 as the beginning of a relationship-building opportunity for GDPR-savvy companies, in which they demonstrate respect for personal and sensitive data, and distance themselves from the misuse and abuse of such data for profiling and targeted marketing.
Of course, this also means a growing need for fit-for-purpose GDPR-compliant backup strategies, and careful consideration of RTO and RPO.
Overall, 2019 looks like a year where data backup will be increasingly cloud-based, regulated, and outsourced to experts. The onus will therefore be on those experts to be on top of their game and one step ahead of data threats. A secure cloud backup service – most likely encrypted, and possibly part of a hybrid data security solution that includes Disaster Recovery and Ransomware protection, will become the norm.