As security threats increase, data protection and security practices continue to merge. Data resilience firm Rubrik recently announced its acquisition of Laminar, a data security posture management (DSPM) vendor. Together, they aim to enable consistent and unified data security posture visibility that spans on-premises and cloud-based environments.
Modern Data Resilience Is Increasingly A Cybersecurity Issue
NIST has recommended a strong backup system as a core element in cyberthreat protection and recovery. Conversely, data resilience companies like Rubrik and others before it, such as Ownbackup, believe that addressing security gaps in production is just as important. As such, the world of backup for data resilience and the world of cybersecurity for data security are converging. Organizations and their tech leaders strategizing about resilience must consider that:
- Collaboration for data resilience requires a level set on the meaning of “data protection.” There is a need to think of data protection in a more holistic way, opening up collaboration between traditional security and IT operations. Yet depending on an individual’s role, they will define data protection very differently. Security teams typically associate data protection with data privacy and security. IT ops teams typically associate data protection with backup. Modern data resilience requires data protection to mean data backup, privacy, and security.
- Platform proliferation creates complexity and silos. Implementing authentication and role-based access controls (RBAC) across multiple connected platforms creates ample opportunity for misconfiguration between platforms and weak points for securing enterprise data. Enterprises already look for tools that back up data across their separate platforms. Those tools must also act as canaries in the coal mine, alerting security professionals of misconfiguration and anomalous behavior by communicating and integrating with existing security tools. Collectively, the respective platforms must ensure that there are multiple sets of eyes working on your defense.
- The objectives for backups have expanded. Organizations have moved beyond protecting against natural disasters and hardware failures in their primary backup objectives. This directional pattern will continue to evolve and be driven by cybersecurity threats. One top-of-mind scenario is ransomware. These threat actors are actively looking to compromise enterprise data in any way possible, and any misconfigured account helps an attacker achieve that goal. Additionally, cyberthreats themselves are evolving, often faster than enterprises can address, and having a strong Zero Trust architecture around your data is more important than ever.
- Continued onslaught of cyberthreats warrants more vigilance. Fighting off the never-ending barrage of attacks requires a proactive and comprehensive strategy to ensure that data is both secure and available. Organizations need a data resiliency strategy that overlaps with security practices. This requires a more holistic view of how businesses use data and a better understanding of where the data is stored.
- Cyber insurance requirements shine a light on backup and recovery. Among the numerous requirements and questions that insurers encounter in an application for cyber insurance coverage are an organization’s backup and recovery practices. This includes everything from how an organization handles and secures its backups to how long it takes to recover and restore backed-up data. Strong data protection practices are a key risk mitigation measure here.
What It Means For The Market And For Your Business
Data resilience vendors are looking for ways to help prevent data loss and destruction from cyberthreats. Ensuring proper security across different platforms is an important element of defense. This takes backup in a different direction than ever before. We expect to see more future consolidation in 2024 between DSPM vendors and backup vendors, in addition to acquisitions of DSPM vendors by other security vendors expanding their cloud data security and privacy capabilities.
For enterprises, while this trend is a good one that will benefit your business, you can’t outsource your own vigilance for data resilience. Data resilience is more than just backup; it’s about a security and availability strategy for your enterprise data. CIOs and CISOs must work together. Some research to get you started includes the Top Seven Components Of Data Resilience In A Multicloud World as you look to Chart Your Course To Zero Trust. Also remember that Effective Ransomware Response Requires Coordination Between I&O And Security. Forrester clients, please feel free to reach out to us via guidance session or inquiry.