Protecting data and learning to mitigate IT risk is an increasingly important and complex priority for many enterprises. Intellectual property, customer data, and Big Data are often among their most valuable assets - critical keys to maintaining a competitive edge. Technology failures, disasters, human error and security events are the top IT risks that can lead to leaked or destroyed data, or hinder an enterprise’s access to and use of that information.
The cost of such disasters, failures and errors include time, money and reputation. To effectively develop or update your company’s Risk Management and Disaster Recovery strategy, I recommend a 3-prong approach: try to broaden your IT perspective to regularly include new technologies, remain focused on data and seek to proactively identify potential threats.
IoT Related Risk
In this Internet of Things (IoT) age, remember to consider all new devices connecting to your network or the internet. This includes employee-owned devices authorized through a Bring Your Own Device (BYOD) program, as well as other unauthorized devices (sensors, wearables and other gadgets) that may become connected to your network whether you know it or not.
While IoT is a contemporary challenge, many associated risks—such as weak passwords and obstacles to updating and upgrading devices—are nothing new. An inventory of all IT hardware, regular audits, and the use of open source IoT platforms can help address these issues.
Consider the likelihood of related risks and the severity of the potential damage associated with them. Which risks can you afford to take and which should be addressed? Schedule an annual risk assessment, as well as additional assessments when IT changes occur. Once areas of concern are identified, follow industry best practices for mitigating those risks.
Failures and Downtime
The cost of unplanned downtime is rising. According to a Ponemon Institute’2016 report, the average cost of data center outages increased 7% since their last study and 38% since the first study in 2010.
The 2016 study identified the top four causes of downtime as UPS system failure (25%); human error (24%); Distributed Denial of Service, aka DDoS (22%); and water, heat, or air conditioning failure (11%).
To reduce the three technology-related causes noted above, institute N+1 redundancies and monitor IT health to predict failures. Be prepared to reroute traffic for processing and storage. Put measures in place to take technology out of service and repair or replace it promptly.
Up-to-date employee usage policies, solid change management, training, rewards, feedback and ample rest can help minimize the risk of human error.
Mitigate Disaster-Related Risk
Business Continuity and Disaster Recovery planning can help mitigate disaster risks, including those that affect IT.
Prepare for minimal business interruptions by installing backups designed on multiple technologies and diverse locations that are tailored to the specific needs of your data. There are various backup methods available today, including Disaster Recovery as a Service (DRaaS), which allow you to restore data at rest, data in transit and newly created data.
Regular backup testing will help ensure full restoration within set time limits for business continuity and eliminate unfortunate surprises in the event of an actual event. This includes developing set Recovery Point Objectives (RPO) that define allowable data loss, as well as Recovery Time Objectives (RTO).
Mitigate Security Risk
Reduce IT security risks by building your network and IT assets from the ground up with security top of mind. Segment systems that use your most precious data from the networks that don’t need access to that data. Use strong encryption and specific data techniques that make it harder for anyone who might steal the data to read it.
Behavior-based security technologies that use artificial intelligence (AI) and machine learning are best suited to detect the latest advanced threats, including Ransomware.
Make Time To Take Action
Most tech executives agree that they lack the necessary skills internally to keep their systems and data secure. But, putting off mitigating a security risk such as ransomware to a later date is quite risky and oftentimes never dealt with at all. Consider whether your organization has the expertise and the current bandwidth to ensure you don’t become a statistic. If this analysis isn’t already part of your annual budgeting process, it should be added immediately.
We always welcome questions and conversations about what keeps IT and business leaders challenged; and how our solutions can help enterprises stay at the top of their game. We offer the added benefit of local, in-house expertise that can help your team address how to meet your current requirements and your future security needs.
Chris Scaglione is VP and General Manager at TierPoint where he leads business operations and client engagement. Tapping a 26-year career in IT strategy and management, Chris guides clients through the rapid evolution of business technology and IT services with a focus on helping companies apply the right technologies that drive value, efficiencies and market opportunity.