IT leaders have traditionally shouldered the lion’s share of responsibility for protecting an organization’s data and technology, and decisions made in the past 18 months have only added to that burden. In remote and hybrid work environments, organizations have been forced to invest in technology to keep up with demands from employees and customers alike.
Those investments must protect sensitive data and technology as well as the business’s bottom line. Investments made in IT can either empower a new level of productivity or end up costing the business money.
Moosa Matariyeh, senior manager of integrated services engagement at CDW, joined CDW’s Tech Talk webcast to discuss some common IT investments organizations are making and the steps they should take to mitigate potential risk.
Cloud Solutions Offer Flexibility Without High Costs
Matariyeh said minimizing risk begins with smart investments, which he defines as those that allow for flexibility and agility. “As the market changes, we’ve gone through some crazy things over the past 18 months, and IT has been more overwhelmed than ever. They’ve been asked to do more than they ever have,” he said. “But I think looking forward, what we have to do is learn from those experiences.”
“One of the biggest items that we learned was how quickly the consumer demand shifts or changes. We’ve always known that consumer sentiment can change at any time, but how they want to engage has changed dramatically,” Matariyeh continued. “I think organizations are taking a look at, ‘How do I make an assessment that meets today’s need but is going to provide me the flexibility to make that pivot as needs change?’”
Many organizations moved to the cloud during the pandemic, which provided the agility and flexibility they needed without the high price tag. Matariyeh said the justification for IT departments “is they’re minimizing the upfront cash outlay, they’re minimizing that investment. And it’s something that they can very quickly either turn up, turn down, eliminate with minimal sunk investment that would be lost with that change.”
“We’re seeing things like contact centers moving more and more to the cloud. We’re seeing backup and data recovery moving to the cloud. We’re seeing primary applications move to the cloud,” he said. “We’ve been talking about moving data to the edge for so long. Organizations are using this opportunity to start moving data into other colocation facilities out of their own data centers, getting it closer to the edge, getting it closer to where other applications reside within the cloud.”
IT Investments Should Be Agile and Drive the Business Forward
For organizations wondering how to make investments that will increase production and satisfaction, Matariyeh said to start at the end. “Start at what the goal you have is, and think of it from a business perspective. There’s business initiatives and technical initiatives that come together, and at the end of the day, it’s really about an organization being able to be more competitive in a marketplace and meet the consumer demand. It’s about driving the business forward.”
One of the key elements to a sound IT investment is agility. Matariyeh said organizations should be “looking for investments that allow for the continued use of whatever they’ve invested in and something they can grow into. I would say be on the lookout for that agility not only in the platform but in the agreement, in the contract and how you consume IT.”
Once a business has made IT investments, there are ways to maximize a return on investment, Matariyeh said. “One of the best things that you can do to protect that investment is to make sure it’s properly deployed. Once it’s out there, enable your users. It’s not about it being shelfware. We’ve always talked about shelfware. It’s those applications that are deployed that are in use, but not in use to their full potential. Once we start using them to their full potential, that’s when we start protecting that investment and getting that ROI, getting that end-user experience, and it starts fostering greater collaboration, utilization, analytics, visibility into the business, visibility into trends — it leads to a lot of great things.”
Register below for an upcoming CDW Tech Talk, held Tuesdays at 1 p.m., to hear from IT experts live.
Cybercrime Is on the Rise
In recent months, ransomware and other cyberattacks have been on the rise, making security a crucial part of protecting your investments. Josh Haley, field strategy director at Cohesity, joined the conversation to discuss the cyberthreats businesses are facing.
“Unfortunately, it’s not great news,” Haley said. “It is getting worse. One of the things that we’ve continually seen is that a lot of the attacks, they come in from the end-user environments. Once the attackers get into the environment, they then go in and compromise the production apps, the production servers, and in many cases, they’re actually trying to compromise the data protection environment. We’re seeing a pretty significant increase in the number of attacks.”
Haley noted that while the number of attacks has gone up, the impact of those attacks has also seen a significant rise. “Last year, we were looking at a new ransomware attack every 14 seconds; it’s accelerated to an attack every 11 seconds. The average downtime per attack was 12 days last year, and it’s increased to over 19. We’re also seeing a disturbing trend where the attackers are lurking or lingering in the network longer. They’re searching for breadcrumbs. They’re trying to understand where sensitive data is, where the compliant data is, where the data protection is, so that they can dismantle those as part of the attack.”
Haley said businesses are particularly susceptible now because attackers are being well funded and organized, treating their attacks like a business. “I think organizations right now have never been closer to disaster in the form of cyberattack than they are now,” he said.
Backup and Recovery Plans Are Essential to Data Protection
Haley mentioned the White House’s May 12 executive order addressing improving U.S. cybersecurity. Summarizing the White House’s security recommendations, Haley said, “they’re talking about data protection, they’re talking about processes — operational processes to test your recovery, to test your ransomware or a cyberattack recovery plan, understand and have experts validate that your team has done well. So, it’s always good to check, double-check, to test and have a great plan.”
Even in the face of so many threats, Haley emphasized that organizations shouldn’t be acting from a position of fear. “I’d say the first thing to do as a response to fear is to have a plan, and to test the plan, and that know your plan works, but don’t rest on the plan.”
Haley noted that many of the organizations Cohesity has worked with have been using traditional architectures that include physical servers and databases. They’re being protected by native Network Attached Storage (NAS) tools that Haley said don’t provide a sufficient level of recovery or separation from cyberattacks.
“With Cohesity, what we did is we took all of these different parts and pieces and we consolidated them into a single, hyperconverged architecture,” he explained. “Effectively, we run all of those services inside of our cluster as logical entities. That clustered approach gives us a bunch of big advantages, and the first one is we distribute the workload across all the nodes. This allows us to back up much more quickly and recover much more quickly than the traditional architectures.
Minimizing Recovery Time Following an Attack
Despite their best efforts at defense, many organizations will fall prey to attackers at some point. When that happens, downtime will cost money, so it’s important to be prepared to recover quickly.
To facilitate a speedy recovery, Haley said to start by indexing all the data being stored. “We build an index, whether it’s a virtual machine and all of its files or a physical server or a NAS share, and that index is searchable. We also have an index and an inventory that’s globally searchable about all of the objects that we protect.”
“When you take it a step further, we have tools,” he continued. “Our architecture is a multinode cluster, but we’ve got this idea of the ‘Cohesity marketplace.’ The marketplace is really this idea that we can run apps and services natively on the architecture, and they spin up as Kubernetes containers. We run apps and services on the architecture that you could basically download and install directly into the cluster without the need for additional VMs, additional consoles, etc.”
“What we’re trying to do is, when we’ve got an architecture that can recover so quickly, imagine that we can layer in automation orchestration to create a planning tool that allows you to build failover and failback plans. These plans are so tightly integrated that they know that when we fail over to the disaster recovery site, they’ll automatically begin protecting them,” Haley said. “We’re leveraging the same infrastructure as data protection, we’re leveraging the same replication, and what that means is we’re saving bandwidth, we’re saving production resources, we’re just fully automating and orchestrating the way that we recover so that we can do it at scale.”