As digitization takes hold in the enterprise, swaths of data are now under attack. It’s made cybersecurity a top priority in Fortune 500 companies, reshaping the services landscape for the technology sector. These were the underlying themes at a recent hybrid data services event.
Commvault Connections21, with an exclusive broadcast by theCUBE, SiliconANGLE Media’s livestreaming studio, from Commvault headquarters, looked to try answer some of the questions related to this landmark shift in security prioritization.
If you missed the event, here are five key themes revealed. (* Disclosure below.)
1. Protection will never be 100%, so get used to it
Security isn’t just about data defenses, and data recovery must be a part of any security solution, according to a payroll company expert at the event.
Dave Martin, chief security officer at ADP Inc., was interviewed by theCUBE for the event. He believes it’s misguided to expect that an enterprise can shield itself completely. The solution is for organizations to build-in recovery planning and resources.
“We’re not going to be able to protect everything,” he said, adding that companies must prioritize around what is most important to the enterprise. “Focus on those favorite children is the best advice upfront.”
There isn’t any reason why all eventualities can’t be considered ahead of any potential event, Martin believes. That includes pre-planning on-the-fly decision-making that comes into play during a hack.
The whole company must get on board with the planning, too, he added. ADP’s own benefits administration company, Workscape, was hacked in June 2011, so the firm speaks with some authority.
“You don’t want to be, at 2 a.m., looking for the CEO or the executive team to get them to make a decision,” he said. “Some of these decisions need to be made very quickly, and you can only do that with empowered, upfront and sometimes even automated processes.”
Company-wide tabletop exercises are also now a part of ADP’s planning.
2. Use software to remove implementation ambiguity
The best way to approach security is through automation, according to some industry experts. While manual security practices can be achieved through human decision-making, for example, acting on the increasingly important and complicated corporate elements, such as the data governance, privacy, access and policy, is less prone to error when a machine assists.
During theCUBE’s analysis of Commvault CEO Sanjay Mirchandani’s keynote address at the event, theCUBE host and Wikibon analyst Dave Vellante discussed Commvault’s strategy to deliver a comprehensive set of intelligent data services.
“The policy is centralized, but the implementation of that policy is done by software. This means that data governance, security, privacy, access and policy are adjudicated wherever possible by software, irrespective of physical location,” he stated.
In other words, the software judges where and how the implementation takes place. And that’s accomplished irrespective of physical location.
There are a number of reasons why an enterprise may take this approach, a principal driver being that data has now become an actual asset within an organization. That’s a different paradigm to pre-digital transformation. Today, data has value, and it isn’t just an element in the corporate administrative mechanism. That means one shouldn’t be treating security as an afterthought, or bolt-on — data is everything, so its security must be taken equally seriously.
That in itself, though, is a problem, because in order to promote a suitably digital, entrepreneurial or disruptive worker attitude, organizations need to give employees a certain amount of autonomy with regards data ownership — meaning security gets convoluted. Thus, it makes sense to set policy centrally but allow the software to enforce it outwardly to the lines of business, Vellante emphasized in his analysis. That’s distinct from shadow IT and could be described as more a decentralized management with governance.
3. Structure and organization get more important as this gets more disruptive
This addresses the aforementioned point that everyone in a disruptively disciplined company is encouraged to do their own thing, effectively creating data non-centralization.
“The best way that I know when the pendulum is here and everybody’s doing their own thing is to push on the other side, at least for a while to [become] centralized,” Morakabati said.
Dashboards, where all is in view, along with executive-level benchmarks and board-level metrics pushed-down, are solutions, according to Morakabati.
“All of your data is managed through a single pane,” he furthered, indicating his approach to taming the data sprawl.
4. The cloud actually adds to backup security efforts
By backing up data in the cloud, organizations gain an additional layer of security, because, for one reason, the backups aren’t so easily accessible, according to one Commvault executive interviewed by theCUBE.
“Bad guys know that backup data can be used to recover, so they try to defeat backup products in that environment,” said Manoj Nair, general manager of Metallic.io, a Commvault venture.
The key then, he suggested, is to move the backup data outside of the normal environment. That’s where data management as a service comes in.
Commvault runs the DMaaS Metallic product on Microsoft’s Azure, a cloud environment.
“Now you’ve got an additional layer of recovery readiness, because that control plane is secured on top of Azure” and its implied security layer, according to Nair.
This means “virtually air-gapped backup copies, isolated from customer environments,” according to the Metallic website.
“This is becoming a big reason to shift to this model,” Nair stated.
Incidentally, Commvault also partners with Amazon Web Services Inc. and has moved 14 petabytes of data to AWS, according to Ranga Rajagopalan, vice president of products at Commvault, speaking in a separate interview with theCUBE.
“AWS and Commvault came together with AWS offering security features and Commvault bringing in its own authorization controls,” he pointed out. “It’s so robust that not even the backup administrator can go and touch the backups without multiple levels of authorization.”
5. Security fits differently in a data-intensive world
Data-driven processes change things a bit. One problem with an enterprise’s value being created from data is that the bad actors want it too. That means mass data resilience becomes increasingly important, according to Metallic’s Nair, speaking in a separate interview with theCUBE.
The way companies should go about that is to deploy anomaly detection and machine learning, as is the case with Commvault data intelligence products, he explained.
“You need the ability to be antifragile,” Nair said.
Watch SiliconANGLE’s and theCUBE’s coverage of the Commvault Connections21 event below. (* Disclosure: TheCUBE is a paid media partner for the Commvault Connections21 event. Neither Commvault Systems Inc., the sponsor for theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)