New global research commissioned by Cohesity, reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. In some cases, this technology is more than 20 years old and was designed long before today’s multi-cloud era and onslaught of sophisticated cyberattacks plaguing enterprises globally.
“IT and security teams should raise the alarm bell if their organisation continues to use antiquated technology to manage and secure their most critical digital asset – their data,” said Brian Spanswick, chief information security officer, Cohesity. “Cyber criminals are actively preying on this outdated infrastructure as they know it was not built for today’s dispersed, multi-cloud environments, nor was it built to help companies protect and rapidly recover from sophisticated cyberattacks.”
Forty-six percent of respondents said that their organisation relies on primary backup and recovery infrastructure that was designed in, or before, 2010. Nearly 100 respondents (94 out of 2011) revealed that their organisation relies on backup and recovery infrastructure that was built before the new millennium — in the 1990s.
Enterprises are utilising this legacy technology despite the fact that managing and securing data environments has become much more complex, not just because of the exponential growth in structured and unstructured data, but because of the vast array of locations where that data is stored. Forty-one percent of respondents stated that they store data on-premises, 43% rely on public cloud storage, 53% utilise a private cloud, and 44% have adopted a hybrid model (some respondents are using more than one option).
“In 2022, the fact that any organisation is using technology to manage their data that was designed in the 1990s is frightening given that data can be compromised, exfiltrated, held hostage, and it can create massive compliance issues for organisations,” said Spanswick. “In this survey, we found nearly 100 respondents who said their organisations are relying on outdated data infrastructure, and this raises the question, how many other businesses are in the same situation around the world?”
Respondents highlighted what they believe would be their biggest barriers to getting their organisation back up and running after a successful ransomware attack. The findings are as follows (respondents were asked to check all that apply):
- integration between IT and security systems (41%)
- lack of coordination between IT and Security (38%)
- lack of an automated disaster recovery system (34%)
- antiquated backup and recovery systems (32%)
- lack of a recent, clean, immutable copy of data (32%)
- lack of and timely detailed alerts (31%)
With respect to the lack of coordination between IT and security, this coincides with other findings from this survey denoting that a gap often exists between IT and SecOps that puts businesses and security postures at risk.
Respondents revealed that modernising data management, protection, and recovery capabilities, in addition to increasing collaboration between IT and SecOps, offers a path to strengthening their organisations’ security postures and multicloud operations. The top five “must have” measures that respondents would ask management for in 2022 are:
- Integration between modern data management and security platforms and AI-powered anomalous data access alerts to provide early warning of attacks in progress (34%)
- Extensible platform for third-party applications for security operations and incident response (33%)
- Automated disaster recovery of systems and data (33%)
- Upgrading from legacy backup and recovery systems (32%)
- Rapid, organisation-wide backup with in transit data encryption (30%)
“Both IT decision-makers and SecOps should co-own the cyber resilience outcomes, and this includes an evaluation of all infrastructure used in accordance with the NIST framework for data identification, protection, detection, response, and recovery. Also, both teams need to have a comprehensive understanding of the potential attack surface,” said Spanswick. “Next-gen data management platforms can close the technology gap, improve data visibility, help IT and SecOps teams sleep better at night, and stay one step ahead of bad actors who take great delight in exfiltrating data from legacy
Discussion about this post