IDC’s recent security surveys show that 50% of security professionals now spend most of their time securing the cloud and that over the prior 12–18 months, many experienced what they described as a cloud-related breach. Some 23% of respondents indicated that they had fallen victim to a ransomware attack, 22% said they had experienced an IoT breach, and 23% reported that they had experienced a DDoS attack. About 75% of those attacks occurred because of some cloud-related incident.
This isn’t to say that cloud-related technologies and new ways of communicating are the root cause of breaches and business failures; rather, it’s to say that as businesses adopt new technologies, their protection strategies must change to keep pace. These strategies must include stronger and more varied security mechanisms, but they must also include ways to recover quickly should a breach or an incident occur.
Cyber-resilience combines the best practices from IT security, business continuity, and other disciplines to create a business strategy more in line with the needs and goals of today’s digital business. In this IDC white paper, we describe how digital transformation is breaking down the traditional safeguards between enterprises and participants in the global economy as business enabling technologies become gateways to risk, attack, and failure.
Is today the day that your business operations come to a screeching halt? Is today the day your business is shuttered? It’s a pessimistic view of the reality of business. At any moment, some event that upsets the operational fabric of the business could occur, and in today’s fast-paced business world, every second counts.
Events don’t have to be catastrophic to have a lasting impact. Most mature businesses already practice risk management and some measure of business continuity or resilience. Those organizations likely have an understanding that large events with devastating impact have a lower likelihood of occurrence than do small, discrete events that might cause an operational ripple. Take for instance the avian flu scare: Many may remember a time in the mid-2000s when businesses were hyperfocused on the potential impact a rapidly moving airborne virus might have on employees and business operations.
While the concept is certainly something worthy of concern, the likelihood of the avian flu or similar threat materializing was and remains very low. That low likelihood didn’t stop organizations from trying to create operational contingencies based on the nature of potential impact. The same is true for other natural disasters or physical threats. The potential for high-stakes outcomes drives consideration, and sometimes, focusing on the potential scale of a single event can distract organizations from focusing on the very real, tangible, and discrete threats that can have a devastating business impact.
Digital transformation is challenging traditional views of business resilience. Digital transformation is the process through which technology is intertwined throughout the human experience. In the enterprise, digital transformation means a higher level of connectivity between applications and business processes with the aim of increasing business agility and connecting more readily with customers and business partners with the expectation that users have 24 x 7 uninterrupted experience. Digital transformation can come in many forms. A business may be seeking to better integrate existing infrastructure and legacy systems or slowly wading into the cloud, or it may have a cloud-first mandate. Regardless, the concept of a connected enterprise becomes critical when assessing business resilience. Whether this involves tying together business processes or developing hybrid cloud or multicloud environments, as business systems and processes become hyperconnected, there is a greater likelihood that a discrete event could upset the entire business. What was once a small ripple could now send shockwaves throughout the entire organization.
The Rise and Flaws of Digital Transformation
In 2017, businesses spent $1.1 trillion trying to transform into connected, intelligent, and technology driven organisations. In 2018, businesses will spend an additional $1.3 trillion. By 2021, businesses worldwide will be spending as much as $2.1 trillion per year just trying to transform, and that number figures to only continue increasing. IDC believes that by 2020, only about 60% of organizations will have embarked on a digital transformation journey and 70% of CIOs will have developed a cloud-first strategy to support the infrastructure agility required by transformation. That leaves a tremendous amount of digital transformation growth opportunity as much as three years from today.
Without data the model fails. Data can no longer be productized and monetized. Data can no longer be leveraged for business agility. This makes data critical to business survival and, in turn, makes data integrity and accessibility sacrosanct. However, the attributes and location of data relevant to a digital transformation platform continue to change. Data has become increasingly diverse, spanning not only structured systems but also unstructured data such as time series data, machine-generated data, and stream data. Data is also increasingly more dynamic; it not only is based on batch runs but also is real time in nature as telemetry data is generated from a growing number of sensors and devices. In addition, data is increasingly distributed, located not only in core data centers but also in edge locations, on devices, and in cloud services. Data being diverse, dynamic, and distributed further exacerbates the ability to employ an effective cyber-resilience program.
Increasing Reliance on Cloud and IoT
Data availability and compliance are both external forces that significantly impact the business, but at the same time, they may only be indirectly affected by the business. This is especially true as more businesses rely on cloud and IoT devices for business-critical functions.
Organizations today are using hybrid cloud, and most future applications will be cloud enabled. In a recent survey, organizations reported that half of their workloads are deployed in a hybrid cloud model today. This same cohort plans to have 62% of their workloads running in hybrid cloud within the next two years. Security is both a driver and an inhibitor for hybrid cloud adoption. Critical data is now spread across numerous geographies, datacenters, and cloud. This data must be protected according to corporate requirements, regardless of where it resides. Organizations surveyed are expecting a 40% increase in spend on data services for hybrid cloud over the next 12 months. Backup and recovery and data costing/value assessment are the top priorities.
Increasingly Complex Outages
While IDC has seen organizations display more confidence in their ability to secure the cloud and the rate of movement to the cloud and adoption of cloud-based security solutions has been increasing, one challenge that organizations appear less prepared for than ever is the increasing complexity of outages.
In a recent IDC customer survey, 56% of respondents indicated that they had experienced a DDoS attack that lasted 5–24 hours. Another 8% of respondents said that they had experienced an attack that lasted 1–7 days, and even more alarming is that 6% of respondents indicated that they had experienced an attack that lasted 8+ days.
The Cyber-Resilience Concept
Infrastructure resources are increasingly available in the cloud and across IoT devices. However, traditional defenses to successfully counter the emerging threats are proving ineffective. As a result, organizations must take a new approach to security. Today’s threat landscape demands an integrated solution that spans the data life cycle. Organizations must focus on shortening the life-cycle stages between defense and detection and response and recovery to build a cyber-resilience capability.
The Cyber-Resilience Framework
Cyber-resilience is a framework designed to help organizations withstand attacks. It is not a single layer of protection or a single product but a way for organizations to structure their defenses such that no one event is catastrophic. Cyber-resilience is an iterative process that provides the means of recovery from an attack. Compared with traditional defenses that were useless once bypassed, cyber-resilience allows a constant vigilance across the organization.
The five components of the cyber-resilience framework are:
- Identify: Critical asset and process mapping, risk and readiness assessment, and so forth
- Protect: Traditional first line of defense security mechanisms
- Detect: Security analytics
- Respond: Response to security breaches or failure
- Recover: Coordinated recovery mechanisms
Cyber-resilience is key to data and application availability. It is also a key component of the digital transformation journey. Without proper cyber-resilience, organizations will find themselves more and more susceptible to attacks that can paralyze a business. In addition to malicious attacks, the increasing number of regulations spanning different geographies and industries can render a business at risk of serious fines without continuous validation of controls.
The practice is also more than mere malware detection, backup, or DR. It is an integrated life-cycle approach to providing data availability against all threats, including the platform. Cyber-resilience must span both on-premises and cloud repositories. IT organizations must take a comprehensive approach to cyber-resilience and look for products that address the breadth of cyberthreats.
Finally, cyber-resilience is a framework for recovering from attacks. However, a solid collection of underpinning technologies is required to ensure that each step of the framework can be addressed. Security can no longer be described in terms of varying levels of confidentiality, integrity, and accessibility; it must encompass all three pillars at all times. Organizations that implement cyber-resilience will find themselves at a competitive advantage in the future as customers will find gaps in the availability of businesses. A resilient organization is an organization that can adapt and recover from attacks.