After a year of disruption, in which people and organisations relentlessly worked and innovated just to stay afloat, organisations realise that they cannot wait for “normalcy” before making progress. Cyber criminals, regulators, and competitors are already moving, so you cannot afford to wait.
We can already declare 2021 a year to focus on cybersecurity and privacy. British Airways made history as it faces the single largest group claim over a data breach in UK legal history, and WhatsApp users are in uproar over its impending updates to its privacy policy. Data can either be an invaluable asset or an unbounded risk, and the only difference is how your organisation manages it.
As such, this year’s ‘Data Privacy Day’ won’t be remembered for encouraging businesses to just ‘get well’ on their protection policy, but as the launching pad to ‘staying healthy’ with an integrated approach for data protection and privacy.
Data protection should ‘just work’
Data protection is supposed to provide a safety net for the business, but most companies find the holes in their solutions at the worst possible time. Legacy data protection approaches were already struggling to keep pace with modernising businesses, and 2020 pushed them to their breaking point. As teams scrambled to work remotely and run applications in the cloud, data shifted out of the data centre – resulting in data sprawl. Backup architectures built for the data centre could not keep pace with the requirements for business application protection – regardless of whether they run in Microsoft 365, Kubernetes, or in the cloud.
In addition to a more complex data environment, the requirements for data protection are expanding. A report from Gartner recently highlighted that by 2023, 65% of people across the world will have their personal data protected by privacy regulations, compared to just 10% in 2020. Whilst this is great progress for consumers, businesses will need to rapidly mature how they manage privacy data. IT and business leaders will need to monitor the growing web of data and the ever-changing, complex patchwork of rules that becomes increasingly harder to navigate.
Additionally, in our recent survey, 73% of IT leaders confirmed that they are more concerned than ever about protecting their data from ransomware. Cyber attackers target the weakest security vector, establish a foothold, and infiltrate the entire data infrastructure, so organisations need a comprehensive, resilient protection solution. It should both help detect ransomware attacks and streamline recovery from those attacks.
How can IT leaders address their growing concerns in an increasingly complex data environment? At the scale of modern business, they cannot work harder or invest more into legacy solutions. To survive, businesses must simplify and optimise by implementing zero touch data protection.
Enter zero touch data protection
To simplify data protection, businesses need to eliminate data protection management – also known as zero touch data protection.
Zero touch data protection is an opportunity for organisations to transform and manage their security and usability, with ease of access that end-users demand. Zero touch removes complexities in data protection solutions by automating every step in the process.
There are three principles to follow for zero touch data protection:
- Application-centric: With the increased diversity of applications, businesses need backup solutions that protect environments as diverse as Oracle, Microsoft 365, and Kubernetes. As applications will only get more complex and distributed, a zero-touch protection solution protects what matters – the applications.
- Cloud-based: Only the cloud can enable protection to handle data sprawl. Instead of capacity planning and managing physical systems, the cloud scales dynamically. Instead of installing software and hardware in every site, the cloud connects to data wherever it lives. Instead of making separate disaster recovery and backup copies, in the cloud customers can recover on-demand.
- Ecosystem-friendly: Data protection is no longer a standalone function. It is part of an organisation’s cybersecurity infrastructure, DevOps pipeline, and governance, risk, and compliance (GRC) posture. Therefore, it must not only integrate into your data management framework, but it must actively help connect IT to the business, product, legal, and security teams.
Data protection is imperative to achieve business success and critical to ensuring customer loyalty. Partaking in a once-a-year update on Data Privacy Day reminder is simply not enough to keep pace with modern requirements. Still, there is a better approach to investing more in legacy solutions. Investing in zero-touch data protection will keep a business ahead of the curve, even at a time when the future is uncertain. If a business does not have zero-touch protection in place, it might very well result in zero-trust from its customers.
By Stephen Manley, CTO at Druva
