The possibility of data loss in Australia is heightened by the unpredictable climate that often brings extensive flooding, heat waves and bushfires, a top executive of a data protection and information management company says.
Dan Kieran, Commvault’s area vice-president and managing director for Australia and New Zealand since April 2016, told iTWire that it always paid to be prepared with an up-to-date data protection strategy and a comprehensive back-up plan.
Starting his career with Sun Microsystems in Canada, Kieran (below, right) moved with the company to Australia, with his last role being as senior director for storage solutions when Oracle acquired the business in 2010.
In 2011, he joined EMC to lead their APJ Emerging Technologies Business.
{loadposition sam08}"Isilon was one of many hyper growth technologies in this portfolio that also was the home to most of their key Software Defined technologies," Kieran said.
He said he had been lucky to witness several evolutions in enterprise technology during his career, most recently, the way in which data has shifted to being the new currency of business.
"Being part of a company that’s focused on maintaining the integrity, security and management of data as a strategic asset is exciting and challenging, particularly when you consider its impact on business today."
He was interviewed by email.
Let's talk about the how of data loss. Under what circumstances does this occur and what are some warning signs — if any — that such an event is likely to take place?
The harsh reality is that the chances of businesses facing a scenario of data loss is quite high.
These scenarios vary in size and scale, and can come as a result of many factors, including natural disasters, power outages, corrupt hardware, cyber criminals and sometimes just basic human error.
Looking at Australia, these events are particularly concerning. Especially with an unpredictable climate that can result in extensive flooding, heat waves, and national bushfires. While some of these causes can’t be helped, nor foreseen, it always pays to be prepared for the occasion with an up- to-date data protection strategy and a comprehensive backup plan.
Then to a breach. Is there some way of ascertaining how likely a business is to be breached? Certain IT practices that are known to create pre-conditions for such an event to occur?
There’s no way to be sure whether or when an organisation’s data is going to be compromised. However, those who have yet to re-think their data management strategy and still use traditional storage infrastructure, are not going to be as well-equipped to deal with such issues as those who have a modern data management strategy in place. Startlingly for us, there are still organisations out there that don’t test their solutions for effectiveness, let alone have a data protection plan.
Given the enormous cost of failure and the massive impact to a business, it can be difficult to understand why so many companies are de-prioritising data security. The answer could be a lack of time and resources, a missed sense of urgency or a misunderstanding of the processes required to secure data. Or even not understanding the importance of data itself!
Regardless, it’s the steps organisations aren’t taking, rather than anything they’re specifically doing that will put one business at risk over another. After all, in instances of data loss, it’s about forward planning and action post-event that matters most.
Take the case of Yahoo!, what factors would you blame for such a catastrophe? (and repeated events at that).
Unfortunately, we don’t know any more than what has been shared with the public. As such, the exact details aren’t available for us to make an assessment on what caused the issue or why it happened.
Preparedness. Once again, do you plan for success or failure? That is, do you expect data loss or a breach (when, not if)? Or do you operate on the assumption that you have covered all areas that could lead to a breach?
Despite being required by law to have data recovery plans in place, many industries still struggle to meet these regulations and ultimately remain unprepared. The risk of data loss or interruption is just as likely to come from human error; consider the recent AWS issue which was caused by a typo – so it’ll be naive of any business to think they are prepared for every possible scenario.
My advice around preparedness would be just because a disaster seems unlikely or you have met the legislative requirements, it’s not worth the risk to neglect an adequate backup plan. Businesses need to plan for this or risk not having access to its data for the duration of the outage – or in the worst case, data loss.
The complexity of disaster recovery is dependent on the organisation’s environment, but the ability to continue operations in the face of a disaster is what’s invaluable. This where Commvault helps their customers protect data regardless where it is located on-premise or in the cloud – public, private, IaaS, PaaS or SaaS. This is a key differentiator for Commvault and few customers think of protecting SaaS despite it hosting critically strategic elements of their data assets.
What’s more, we can protect data in the cloud, something not all vendors in this space do. So if a hacker manages to gain access to data hosted by a public cloud provider, having an offsite copy of that data may be the only remaining protection organisations have.
So, yes, prepare for failure. Data is one of your most valuable and strategic assets, so an organisation should have complete transparency of where their data sits, how many clouds they’re operating and what the worst case scenario is for staff, customers, and the organisation’s bottom line in the event of data loss.
In what areas do businesses go wrong during times of crisis? In what areas do they go wrong pre-crisis?
During a crisis, time is of the essence. Too much downtime can lead to loss of business and threatens a company’s reputation amongst customers, investors, the broader industry and wider public.
There’s a lot to be said about preparation, but as much to be said on reaction time. Getting the business up and running as normal, as quickly as possible, will create the best possible result in an always difficult scenario.
Your last point: best practice during a crisis and the best way to manage and engage customers? How much do you tell your own staff? How does one manage reputational damage? Financial damage? How does one hold off the lawyers who are waiting to file a class action?
The best practice when it comes to a data breach is being able to work out the crucial details of the crisis, such as what data has been affected? Why? And where outages have occurred to formulate a report or respond prior to any official inquiry.
This will help organisations get off on the right foot towards recovery. Not only does this manage the timeliness aspect of the breach but allows for the organisation to be transparent to relevant stakeholders. Be wary of businesses who overstate the complexity of data being lost yet understate the effect this has had on customers.
Likewise, never under-estimate the value in being honest and transparent with those whose data is lost. The recent data loss of GitHub is a great example of how businesses who communicate quickly and honestly about an issue, as well as articulate a clear plan as to how they are working to resolve the issue will drive greater customer loyalty and ultimately greater long-term growth.
Additionally, having the ability to upload or backup data elsewhere during a crisis gives the stakeholders reassurance that their critical information is stall available to them, even during an outage.