A Brave New World – But what should be an IT leader’s first priority?
Jeremy Atkins, UKI Sales Director – Enterprise & Public Sector at Commvault
When working from home became mandatory by the government during the initial lockdown stages of COVID-19, businesses had to quickly adapt to ensure business-as-usual. This meant, for the majority of organisations, utilising technologies that enabled remote working – such as the cloud – and changing business perspectives. But now that the lockdown stage has eased and offices are beginning to open again, organisations will be planning for the mid-long term, to ensure survival.
With this in mind, there are two things that a senior IT leader should be considering:
- How can I best deliver the right service, securely and effectively, throughout the on-going crisis?
- Do I need to change my IT strategy to re-align with the new world and my organisation’s new long-term strategy?
There is likely a range of ‘in-flight’ projects running at the beginning of the year that were parked over the duration of the summer while the team navigated the changes necessary to survive. But now that things are beginning to level out again, which projects should take priority in getting up and running again?
Unfortunately, many organisations are facing a reduced income, and have no clear idea of when that revenue might return to any kind of version of ‘normal’. And consequently, IT budgets have been hit – hard. Furthermore, businesses emerging from the pandemic are likely in a completely different structure and go-to-market than when they went in.
In order to decide which projects are still practical and which should be paused or shelved altogether, it is important for businesses to evaluate them by measuring their impact across cost and risk during these uncertain times.
From a cost-saving perspective a backup database can provide one of the most complete end-to-end views of a business’s estate, the rate of growth, the rate of change, and the location and types of key data. Of course, if an organisation has various different backup products, it can prevent a single source of the truth, but it can also present an immediate cost-saving opportunity and improvement in service. A 25% reduction in the operational cost of running backup when consolidated can occur, as well as giving the opportunity for further automation and enhancement.
The next step in driving down cost is to use the single view to ensure there is no duplication by identifying the static workloads. Servers or applications that are now deemed unnecessary must be deactivated. The business may then find it effective to implement a suite that interfaces with the backup solution – one that will not only provide the required GDPR and PII compliance, but also conduct end-to-end file optimisation. This will take the identification of unnecessary, outdated and orphaned applications, data and users to the next level. IT teams that remove over 40% of their primary storage estate will see a knock-on effect of driving further server, software and operational savings across the estate. Another incentive is that it will also take a substantial chunk out of potential future cloud utilisation, too.
Once the organisation has both identified and enhanced its storage need, , the IT team needs to consider whether it is on the correct platform. There is an easy way to view a storage strategy:
- If the data does hard or specific work, put it on discrete flash arrays
- If the data is accessed and used frequently, place it on hyperconverged or cloud
- If the data needs to be stored securely and/or has more than one use, object store is most efficient
- If none of the above apply, get rid of it!
Although it can be an easy decision as to which discrete platform you should use, migrating data to either the cloud, hyperconverged infrastructure or object store is a separate matter. With an abundance of hardware and software based solutions on the market, it can be a difficult decision for businesses to make.
At a top level, a platform that removes the barriers between on-premises and cloud gives true data mobility and abstracts the hardware layer, which can take over 60% out of a business’s existing storage cost base.
The pandemic has materially changed both the risk profile and attack surface thanks to the change in working practices, and the fact there is a whole new set of threats to coincide with this. Not only does this create a security and ransomware protection nightmare, it additionally presents a brand new set of complications around compliance, data sovereignty and information management.
There are now more mobile devices in use in organisations than ever before – thanks to remote working – often by people not used to having key and critical business information sitting on their dining room table... So, not only do we have to ensure that the basic hygiene of backing these devices up is followed, there also needs to be a barrier against ransomware.
Modern backup solutions feature AI-driven pattern analysis on file behaviour. Over the first week a file, or a group of files, are backed up, and its rate of change and pattern of behaviour is measured and assessed. Any changes to that behaviour pattern means an alert is raised to the control centre and passed to the service management platform, indicating that there may be an early stage of ransomware attack. This is extended out to all endpoints with the goal of stopping the attack in its tracks at the edge, rather than allowing access to the data centre.
Files that are particularly attractive to ransomware programmes – known as honeytrap files – are dispersed around the estate to lure a ransomware programme to break cover before being able to attack any real, valuable files. If a ransomware attack does break through, having a backup solution with an immutable database is absolutely key. Just as important is a thoroughly written and tested recovery plan that covers all of the business’s recovery, not just restoring data.
Some businesses, particularly in the finance industry, are now looking to create air-gapped data-vaults to further protect against ransomware. Solutions where data can only pass in a certain route at a certain time, means that recovery is then made into a clean-room test environment before being released to the company.
We live in an age where we want to simultaneously have greater access and use of data whilst making it more compliant, safe and less accessible. There are tools out there to make this achievable, in which they can have a dual role of driving cost out of the infrastructure and service, as detailed above, whilst lifting the value of the data and providing solid regulatory compliance. But, if an organisation does not have the budget to achieve infrastructure modernisation and meet compliance regulations, it’s worth looking at combining the two projects under a single programme to drive the results in both camps from a reduced expenditure.
A final word
As we begin to come down the other side of the peak in the crisis, it’s certainly true that there will be a lot on an IT leader’s plate to consider. Equally, though, there is certainly an opportunity to drive forwards with digitally transforming the business. As the future is still uncertain, eradicating legacy cost and complexity, introducing efficiency and innovation, and ensuring that the business is keeping up with the times as we move into a different world, are the key priorities for success.