How Can CIOs Address Ransomware Risks and Move Key Innovation Projects Forward?
A recent Gartner study (Gartner CIO Agenda), revealed that more than half of digital initiatives lag CEO/leadership expectations because they take too long to complete or to realize value. Deploying new applications or services is made even more difficult when IT and security teams are preoccupied with preventing or responding to security incidents. The sting of ransomware has been increasing in severity according to the Verizon 2022 Data Breach Investigation Report (DBIR), with ransomware attacks growing to represent 25% of all breaches in 2021, a jump of 13% year-over-year, and more in one year than the previous combined 5 years. One of the biggest challenges to digital transformation projects is managing risk and delivering the expected outcomes on time and within budget.
With cloud and security skills in short supply, senior IT leaders need to deliver meaningful outcomes in less time and with limited resources. But if your best people have to spend their time managing technical debt or keeping aging infrastructure and applications secure, they’ll have less time to move projects forward or drive new efforts. Removing roadblocks is not always about complex new tools or robust upgrades, sometimes all you need to change is your approach to take traditional tasks “off the table” for your team. Data protection is a great example of an IT service ripe for transformation. More importantly, it plays a critical role in reducing enterprise risk by providing a last line of defense against ransomware (and malicious insiders).
Despite the rapid change in how IT teams consume and deliver services, data protection is frequently one of the applications running on older and less secure infrastructure. In fact, it’s often not considered a Tier 1 application, at least not in the same way as revenue-generating applications. More importantly, bad actors know that if they can disrupt or compromise your backup systems, they have an almost certain chance to achieve their objective, which is frequently a ransom payment. Many data protection implementations lack adequate ransomware protection and recovery capabilities, which can increase enterprise risk rather than reduce it. And it’s not just a skills challenge that has made data protection under-perform in the face of ransomware attacks. The history of ransomware breaches has shown that even big companies with sophisticated security and IT teams not only suffer breaches but experience data loss.
Modern infrastructure models like Nutanix-converged infrastructure (NCI) and new application models like SaaS seek to address the myriad of challenges IT faces, including security, by simplifying infrastructure and application management and providing IT with more flexible ways to scale services and manage costs. Organizations that have adopted Nutanix Cloud Infrastructure have accelerated their digital innovation initiatives. And yet, ransomware and bad actors still have unprecedented sway, successfully attacking data in hybrid, SaaS, and cloud infrastructures. Data security, data protection, and more specifically fast ransomware recovery with minimal data loss, are pervasive challenges.
The Druva Data Resiliency Cloud, the industry’s leading 100% SaaS-based data protection platform, is the antidote to this problem. Adopting Druva is one of the best digital investments CIOs can make during this wave of ransomware and security breaches. It’s a strategic change that reduces risk, removes roadblocks to new initiatives, and gives your team more time to innovate. Building the internal business case is easier than it seems.
Customer Facing vs. Internal Services
One typical objection to prioritizing data protection modernization for better security and resiliency over customer-facing projects is a bias for revenue-generating projects versus risk and cost-reduction ones. Worse, confirmation bias can lead organizations to think that everybody else has gotten attacked but your situation is different. A worldwide survey conducted by IDC for Druva exposes these bias gaps.
46% of the respondents have been successfully attacked by ransomware in the past three years.
92% said their data resiliency tools were "efficient" or "highly efficient," yet 67% of those hit by ransomware were forced to pay the ransom, and nearly 50% experienced data loss.
The inability to determine the correct recovery point was cited as the number 1 reason for data loss. Moreover, corrupted backups were the number 2 reason for data loss.
Clearly, traditional data protection is not up to the task given past customer experiences.
Why DIY Will Never Be Enough
Your existing data protection vendor most likely promises you the tools you need to improve protection and recovery quickly in the event of a ransomware attack. What they can’t qualify for you is the opportunity cost of your people who are required to make this dream come true. So, the real question is not “if you can do it” but rather how well can you do “it," how much time “it” takes, and most importantly whether you want to do “it." By “it,” I mean improving the security of your environment and your readiness to recover. The old approach of “batten down the hatches” or “restrict access” doesn’t help you minimize data loss or monitor anomalies across your backup environment. The results from the IDC report cited above point to the unique challenges surrounding ransomware protection and recovery.
Three Pillars for Cyber Resiliency
A more comprehensive approach to the security and availability of backups for Nutanix infrastructure requires:
Better protection — Make data integrity, availability, and operational security mandatory requirements.
Better preparation — Monitor the security posture of your backup environment and detect anomalies in backup data.
Faster data recovery — Get clean data faster by supporting incident response needs and enabling the recovery of clean data, quickly, and with minimal data loss.
The need for both an expanded and easier approach to securing both your data protection environment and data becomes more critical as you adopt and depend on more cloud services. The Druva Data Resiliency Cloud is built to address the new challenges of protecting data in hybrid, multi-cloud environments. More importantly for Nutanix customers, Druva is unique in its ability to unify the protection of Nutanix infrastructure and applications on-premises and in Nutanix Clusters (on AWS and Google Cloud Platform) with no additional software, hardware, or management.
What makes Druva unique for Nutanix customers?
Removes barriers to the adoption of hybrid, multi-cloud services by automating data protection and security in the cloud
Improves how you mitigate and monitor risks to your data protection environment (read and see more)
Accelerates and orchestrates recovery of data in the event of a ransomware attack (read and see more)
The Only $10M Data Resilience Guarantee
In August 2022, Druva introduced the industry’s first data resilience guarantee to demonstrate the value of shifting from legacy backup to our Data Resiliency Cloud. The guarantee protects customers from 5 key data risks — Cybercrime, human, application, operational, and environmental. While the risk of ransomware is well known, ransomware is not the only risk to your data. Other risks include hardware and software failure, site failures caused by natural disasters, and even accidental deletion. In all cases, the impact of data loss and downtime can be catastrophic to the long-term viability of your business. Druva helps you mitigate these risks with clear SLAs and a financial guarantee. Of course, one more way to understand the value Druva brings to Nutanix customers is to see how customers evaluate us.
A Shared Vision for Delighting Customers
Druva and Nutanix both share a vision to delight customers and this is reflected in high rankings in industry evaluations like Net Promoter Score (NPS) and peer-insight review platforms such as Gartner Peer Insights. Druva recently received a Customers’ Choice in the Gartner® Peer Insights™ “Voice of the Customer” Enterprise Backup and Recovery Software Solutions Vendor Report. Nutanix received similar recognition in the 2022 Gartner® Peer Insights™ Customers’ Choice for Hyperconverged Infrastructure Software and Distributed Files and Object Storage.
