Why it is key to teach your organization about data integrity
Are you prepared for an attack on your data environment? A data integrity drill can determine the readiness of your enterprise to respond and recover.
A lot has changed in the world of IT over the past decade. We have seen digital services move from being an important aspect of an organization’s operations to being fundamental to its business success. The scalability, flexibility, and other capabilities of cloud services have made these digital services (and the digital economy they have created) possible. We have also witnessed a massive rise in the number of ransomware and other types of cyberattacks -- attacks that exploit the growing value of data in this digital economy.
These changes have made it more complex and more important than ever for IT to make their data environments resilient. In the past, IT could ensure their data environments were resilient if existing processes and technologies were sufficient to restore the enterprise’s on-premises infrastructure after a cyberattack.
However, today IT needs to ensure that their sprawling, business-critical, hybrid-cloud data environments -- that now include dozens of SaaS applications and multiple cloud services as well as on-premises infrastructure and employee endpoints -- are protected against these threats as well as a growing number of increasingly sophisticated attacks.
Practice to Play
The technologies organizations need to ensure their IT is resilient -- strong perimeter security systems, high-availability cloud services, and robust data backup and recovery solutions -- are available. However, despite intuitive interfaces and automation features, using these technologies can be complicated and takes practice. IT teams that have not practiced using these technologies in response to simulated disasters are likely to find that when a real-world disaster does occur, it takes longer than expected to restore their data environment -- assuming they can restore it at all.
Today, many organizations still practice for disasters as if all their applications were on site or that a natural disaster was the greatest possible threat to their data environment. Given the changes to their data environments and the types of disasters that threaten them, organizations need to rethink their preparations. One way is to implement regularly scheduled “data integrity drills.”
During a data integrity drill, an organization simulates how it would use its data security, data protection, and other technologies to restore the integrity of its data environment after a data disaster. To properly implement such drills, organizations need to:
- Build a data integrity team that includes everyone involved in addressing data disasters
- Surprise these teams with a variety of data integrity drills
- Create a culture that values data integrity so both the data integrity team and larger organization understand why they are investing significant time and other resources into these drills
Data integrity drills enable organizations to confirm they have the skills, processes, and technologies in place to prevent or recover from the data threats or attacks they face today and gain the “muscle memory” they need to efficiently and effectively respond when a data disaster does occur.
Building Your Data Integrity Team
When a data disaster hits, your IT team members are not the only people called on to address it.
For example, if the disaster is a cyberattack, your legal team will need to inform customers quickly if their data has been exposed by the breach or your business risks stiff regulatory fines. Human resources will need to communicate the implications of the disaster to your employees (and possibly your partners). Your IT team’s security and data protection professionals will need support from those on your IT team responsible for SaaS applications, cloud services, on-premises infrastructure, and other aspects of the data environment affected by the disaster to bring that environment back online.
Before implementing data integrity drills, create a data integrity team that includes the IT, legal, HR, and operations teams as well as any other professionals who are responsible during an actual disaster. At the same time, the responsibilities for each of these consolidated team members need to be specified. In other words, you need to recruit your data integrity team and assign them their positions before you start the practice for the “big game.”
Surprise Your Data Integrity Team with a Variety of Disasters
When a real-world data disaster occurs, your data integrity team is not likely to be aware of the timing or nature of the disaster beforehand. Given this, although you might not want to schedule a data integrity drill for an extremely busy day or time for the company (such as the end of a quarter), the timing of the drill should remain a surprise to most of the data integrity team.
Such drills should also vary so team members can practice responding to different kinds of disasters involving different aspects of their organization’s data environments -- everything from a natural disaster damaging a data center or a ransomware attack to a disgruntled employee destroying files on the way out. By mixing up the types of drills and making them a surprise, the drills will stress the organization’s existing disaster remediation and recovery processes and technologies as they would in a real disaster.
This “surprise approach” will challenge your team’s skills, sharpening them and revealing where additional skills are needed. Such drills will also reveal if growing data sprawl has created weak spots or other cracks in your organization’s data integrity strategy, where certain applications, infrastructure, or other parts of the data environment are more vulnerable than others.
Create a Culture That Values Data Integrity
Your organization is likely to see pushback on the implementation of data integrity drills. Preparing to be on the data integrity team and conducting data integrity drills takes people away from their day-to-day responsibilities and reduces the time they can spend on other strategic projects.
This is precisely why your enterprise needs to create a culture that sees data integrity as a core strategy, fundamental to the success of its business. This will require communicating to employees that the time they spend preparing for and conducting data integrity drills pales in comparison to the time they are likely to spend remediating a cyberattack or other disaster if they are unprepared.
Take the Data Integrity Challenge
Data environments today do not just serve as the nervous system for most companies’ daily operations. These environments also provide the data needed to predict customer behavior, improve operational efficiency, set corporate strategy, and improve business outcomes.
This is why I would encourage all organizations to challenge themselves by testing their IT resiliency with at least one data integrity drill. Maybe your drill will reveal that you already have in place all the skills, processes, and technologies needed to protect your data crown jewels from any threat. More likely, the drill will expose skills you need, processes that can be improved, and technologies that need to be upgraded -- so you can fix these problems before a real disaster strikes.