Enterprise data is becoming increasingly jeopardized by a lack of disaster preparedness.

Data protection still a concern as organizations struggle to keep up

Stephen Perkins

The state of information security is at an interesting crossroads.

On one hand, it is a hot topic of conversation. More enterprise IT experts are weighing in and discussing solutions in the face of adversity, attempting to establish standards in terms of data loss prevention and disaster recovery that have been lacking across the board. But, in spite of all this dialog, several studies show that enterprises are not doing as much as they should be in terms of preparedness. According to separate research performed by both the Ponemon Institute and the Mesabi Group, many organizations are ill-prepared for disaster, and in many cases they are leaving the back door wide open for attacks.

There is an unfortunate double standard occurring the word of data protection. It seems to be universally agreed upon that the changing digital landscape is forcing companies to reevaluate their security practices, but very few businesses are actually following through on the actions they admittedly need to take. In order for organizations to enjoy longevity and prosperity, more will need to be done in the way of disaster recovery.

Massive amounts of sensitive information goes ill-protected
Disaster recovery is an essential part of any business plan these days, but that does not mean that IT departments should hang up the towel in regard to loss prevention. But, according to a study conducted by Ponemon, little is being done to encrypt the areas that require continuous data protection.

"This dirty little secret, revealed by the survey, is further evidence that root access to the world's most sensitive data is widely available and largely unprotected, leaving many organizations open to perpetual cyberattacks and compromises," said chairman and founder Larry Ponemon. 

The biggest problem comes in the form of mismanaged secure shell keys. SSH credentials never need to be changed or modified, so once these verifications leak, whatever malicious hacker has them can essentially bring down an entire business should they choose to. To make matters worse, the encryption used for SSH makes network traffic impossible to monitor, meaning that suspicious activity will go unnoticed by those tasked with running the systems.

Actual implementation of recovery strategies lacking
This would not be so alarming were more companies prepared to deal with the fallout. But, according to the Mesabi Group, 55 percent of companies seemingly have an adequate plan in place, but least 21 percent of enterprises have an inefficient data recovery initiative. This can be attributed to hang-ups in the development stage or a lack of strategy altogether. These figures are not representative of "mom and pop outfits," but of major corporations operating with at least 1,000 employees. This means that while 21 percent might seem like a relatively low figure, the reach that these organizations have could effect millions of people if their data is not managed properly.

"This is shocking because a lack of a DR strategy conceivably could expose the CIO to dereliction of a fiduciary responsibility if a disaster should occur," said David Hill, founder of the Mesabi Group. "With the pervasiveness and integration of IT in the very fabric of enterprises, a disaster from which recovery would not be possible… could be devastating for an enterprise."

The remaining 24 percent, Hill said, utilize offsite tape storage. Despite being a classic way to back up essential systems, it is unclear how well these kinds of tools translate into the modern age. Part of a proper disaster recovery and business continuity rollout today is the ability for temporary workplaces to be set up in the event of an office closure. Offsite, online recovery can make that process occur quickly and easily, preventing downtime associated with system failures or inclement weather.

Categories: Data Protection, Disaster Recovery, Online Backup