As we continue into 2024 IT planning, organizations small, medium, and large would be well served to continually look at these macro data protection trends in order to assess how ready they are for their next disaster. These trends can also show organizations how to ensure that even foundational IT systems have the types of protection and security that are necessary considering how every organization relies on its IT systems and, more importantly, its data today. Most organizations, especially small and midsized businesses (SMBs), will discover that there is a disconnect within their data protection plan (often caused by assumptions) that has created exposure or vulnerabilities within their organization that can be easily solved — if they ask the right questions. To that end, here are the five questions worth asking:
Do We Have a Proper Cyber Resiliency Strategy in Place?
To be clear, a cyber resiliency strategy is often a superset of a traditional disaster recovery strategy. Since all of the crises are either manmade or nature made, they will typically involve large-scale recoveries with an immediacy of all systems being down. However, when it comes to small and midsized organizations, it is crucial to ask: Do you have predefined relationships with cybersecurity partners or consultants who will be on call when the ransom is asked, or when the cyber arson has taken place?
Knowing who, exactly, will be the person picking up that call is essential, especially in smaller orgs where you may not have the manpower – or the option – of assuming that someone out there will take care of it. Knowing that you have highly technical and qualified experts lined up to help take care of your worst-case scenario is a critical factor in ensuring a proper cyber resiliency strategy.
How Confident Are We That We Could Recover from a Cybercriminal (Or Other Large Crisis)?
In addition to asking if you have a strategy, you need to ask: When was the last time that we tested our recovery strategy? In the 2024 Data Protection Trends Report, even enterprises tested their ability to recover with only a 58% success rate. Therefore, it is likely that smaller organizations with less technical staff and resources are probably well under a 50% success rate; if they’ve ever tested large-scale recovery at all.
Thus, the question becomes almost rhetorical, but should drive a conversation between how many days can the organization business leaders accept IT systems to be offline during a large-scale recovery? Spoiler alert — it will take longer than you think, and you’re not as ready as you hope.
Do We Have the Skills to Ensure We Are Cyber Resilient?
Really, this question can be broken down to, simply: Do we have the skills to recover if the worst-case scenario happens? Unfortunately, for most small and mid-size organizations, the answer is no. The reality is that most organizations tend to leverage IT generalists in their teams, which have varying degrees of expertise across production and protection endeavors. Perhaps the best advice that a small or midsized organization can have is to engage with backup specialists and cyber security specialists either through their traditional reseller partner ecosystem or through a managed backup or a managed service provider offering Backup as a Service (BaaS) or Cyber Resiliency as a Service (CRaaS).
While not a commercial or promotion, the reality is that managed service providers not only provide expertise that supplement your local IT staff, but they also provide infrastructure which is optimized to ensure the outcomes of organizations survivability of their IT systems.
Is Our Cloud/Hybrid Strategy ‘Cloud Smart’?
It is also important to check: Is your cloud strategy as optimized as possible? The use of cloud services in IT strategy is inevitable for almost every organization on the planet. That said, there are reasons why some systems really should remain as physical servers or virtual machines within the local operating environment. Whereas other workloads arguably should be migrated to the cloud either as cloud-hosted infrastructure or, more probably, as a Software as a Service (e.g. Microsoft 365). And while each of those cloud services often offers basic utilities in order to ensure migration, a cloud savvy partner can radically accelerate the time-to-value as well as reduce the risk of a cloud smart strategy.
Are There Gaps in Our Infrastructure That Would Cause Us to Have a Gap in Our IT SLAs?
And finally: Are there protection/availability gaps in our org? Yes – there definitely are. According to the 2024 results:
- 76% of organizations recognize a ‘protection gap’ between how much data the organization could afford to lose and the frequency/methods that IT uses to protect their data
- 85% of organizations acknowledge an ‘availability gap’ between how resilient the organization expects their IT systems to recover after an interruption and IT’s actual ability to recover
- How hybrid product architectures are forcing a reconsideration of ‘backup’ … specifically how IT teams relying on legacy backup solutions that do not offer equitable protection of cloud-hosted workloads will struggle to maintain SLAs, particularly those that embrace cloud-native offerings like Microsoft 365 (SaaS)
And while enterprises might have a higher level of SLA expected uptime, they also often have a deeper technologies and expertise to get there — and yet 85% still lack confidence in their IT systems being as available as they should be. Thus, one should infer that small and midsized organizations have these same gaps in protection and availability, albeit for different reasons.
These are the things that are most important for small and midsized business that want to ensure that their IT systems have the types of protection and security that are necessary considering how IT systems and, most importantly, data are the life blood of such organizations.
Click here to download the Data Protection Trends 2024.