Sep 30 2022

Protecting Government Data Means Closing the ‘Availability Gap’

Here’s a look at data protection trends and how agencies can know which solutions are right for them.

“Our data’s been compromised.”

Those are words no agency team member wants to hear. And, most likely, agencies will experience significant downtime in the process of recovering data, according to the Veeam 2022 Data Protection Trends Report.

The report found that after an incident affects operations, 90 percent of enterprises experience a gap between how quickly they need that data to return to productivity and how fast they can actually recover it.

Gil Vega, CISO of Veeam, says this “availability gap” exists in both business and government enterprises. His career — which has taken him through the private sector as well as to federal agencies such as the Department of Defense — has given him an informed perspective about the data recovery needs of government entities.

Several trends are emerging that agencies should keep in mind when it comes to restoring data as fully and quickly as possible.

Click the banner below to receive curated content by becoming an Insider.

Zero-Trust Environments Are an Agency’s First Defense

For better or for worse, Vega says, agencies need to look at their cybersecurity stance as being constantly under attack.

“We are moving toward a zero-trust environment. You have to assume a perpetual state of compromise,” says Vega. “You not only need to be prepared for a cyberattack, but you also need a way to validate all internal communications and transactions.”

When an agency takes this approach, it most likely employs several upfront security technologies such as firewalls and authentication tools. A data backup and restoration product is the final backstop in the attack chain, allowing an agency to quickly recover data if it’s compromised.

While these solutions are effective, in practice, Vega understands the difficulty of maintaining a zero-trust environment.

“I’ve seen it firsthand,” he says. “A lot of technology managers are overwhelmed with day-to-day tasks. They need something that works 100 percent of the time and provides very fast backup and restoration.”

EXPLORE: How cybersecurity maturity assessments can support security efficiency.

All Data Is Important and Should Be Prioritized

Enterprises and agencies alike typically rank the importance of their data so, in an emergency, they can restore the most important data first.

“For smaller agencies, ranking data isn’t that difficult,” Vega says. “But for larger agencies, there can be more risk in prioritizing some data and not others. Everyone needs to agree on what is important.”

In addition, the difference between “high priority” and “normal” data is shrinking.

IT leaders surveyed in the Veeam 2022 Data Protection Trends Report say that in the case of data loss, 55 percent of “high priority” data and 49 percent of “normal” data needed to be restored within an hour. According to the report authors, this not only means that all data matters, but also means that backups alone aren’t enough.

To prevent significant downtime, a backup solution needs to include more frequent activities such as snapshots and replication.

Cloud Is Still King in Federal Government IT

Driven by the Federal Cloud Computing Strategy, agencies continue moving their data and services to the cloud, which in turn calls for cloud-based security and backup services.

“Agencies, including those in classified spaces, are processing in the cloud using services like Amazon Web Services and Microsoft Azure,” says Vega. “If more people are moving in that direction, it makes sense that cybersecurity and data restoration are moving that way too. Working in the security world, I’ve seen a lot of innovation in cybersecurity offerings that are specifically designed for cloud environments. For example, we’ve developed a one-stop solution for data management that is hardware-agnostic and cloud-ready. Customers who use our product get a significant uplift in protection.”

LEARN ABOUT: The requirements for cybersecurity in a 5G environment.

Regular War-Gaming Can Help Keep Staff Ready for Cybersecurity Incidents

Even if agencies have the right technology in place, they still need practice and a formalized plan to confront a breach. Even better, war-gaming on a regular basis can help everyone on a team know what their role is and what they need to do in the event of a cyberattack.

“Although these war games can take a lot of planning and require a couple of hours of staff time, doing them quarterly is most effective,” Vega advises. He even recommends involving nontechnical staff, such as directors and communications officers, so they can be better prepared for a real-life incident.

“On a technical staff level, teams can also practice their roles on a weekly or ongoing basis. Gamifying these activities can make them more interesting, helping make sure each team member knows what to do.”

Vega quotes Mike Tyson to emphasize the importance of routine preparation, which is much more effective than simply having a plan.

“Everyone has a plan until they get punched in the mouth,” he says.

Brought to you by:

Bannosuke/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.