Data Center Resilience and Risk Assessment
Published 11/15/2022
Originally published by ShardSecure.
Written by Marc Blackmer, VP of Marketing, ShardSecure.
What is data resilience?
A multifaceted endeavor, data resilience can include data integrity and availability, cluster storage, regular testing, disaster recovery, redundancy, backups, and more. As TAG Cyber says in its 2022 Q3 report: “Stated simply, data resiliency references how well your data holds up to cyber threats.
Data resilience is what ensures that data remains accurate and available at all times. It’s also what allows organizations to maintain their critical operations during major disruptions — including outages, ransomware attacks, disasters, and other unexpected events — and quickly return to normal afterwards.
Achieving strong data resilience is where things can get complicated. In a constantly evolving digital environment, data resilience and risk management are trickier than ever. As a CIO.com article puts it, “data centers are becoming increasingly complex, leading to more internal and external risks.” And if you get it wrong, the financial and reputational consequences can be significant.
Below, we’ll cover one key aspect of data resilience: assessing risks to your data centers. We’ll also discuss common threats and explore how companies can strengthen their data resilience.
What is data center risk assessment?
Whether it’s stored on-premises, in the cloud, or in a hybrid environment, data is the lifeline of every organization. Since data centers are where critical data is stored and safeguarded, the resilience of those centers corresponds directly to the resilience of your data. Risk assessments for data centers help assess their overall resilience and allow you to anticipate and prepare for threats.
According to the Uptime Institute, which has conducted thousands of risk assessments for enterprise-grade data center facilities around the world, organizations often overlook key risk factors and weaknesses in their own data centers. In fact, Uptime notes, “more than 80% of the designs and constructions we assess have significant issues that went unrecognized internally.”
As the International Council of E-Commerce Consultants notes, data center risk assessment will typically focus on identifying and mitigating risks. It may involve reviewing your:
- data center architecture
- server load balancing algorithms
- disaster response and recovery protocols
- security policies and technologies
- individual facilities (in the case of hybrid infrastructures)
- and more
For highly regulated industries, risk assessment is designed to be a regular process, usually carried out with the help of a risk management framework like ISO 31000:2009 and tailored to your individual business. It can also aid in establishing a comprehensive plan to help maintain the security of your sensitive data, demonstrate regulatory compliance, establish disaster recovery processes, and so on.
Types of data centers and their risks
The list of potential threats to data centers is long:
- power outages
- system failures
- fires
- flooding or water leaks
- environmental contamination
- geomagnetic or electromagnetic disturbances
- security threats, including unauthorized physical access to facilities, DDoS attacks, malware, ransomware, phishing, and even terrorist attacks
As CIO.com notes in its article on better data center risk management, even prolonged noise pollution can degrade data integrity over time. And, as CA Technologies expert Paul Ferron warns about virtualization sprawl, virtual machines can easily be copied without the appropriate security privileges, allowing unauthorized access to various threat actors.
In other words, data centers face real and frequent risks from many sides. Whether data is stored on-premises, in managed services data centers, in hybrid infrastructures, or elsewhere, strengthening the resilience of that data is key to mitigate risks. This is especially true for cloud data storage, an increasingly popular option for data centers.
Cloud data centers and data resilience
With its usability, accessibility, and low costs, cloud data storage is a game changer for many companies. But it also brings additional risks.
Because cloud storage is highly centralized, an outage or issue at a major cloud provider can cause significant downtime for the organizations using their services. Just take the major December 2021 Amazon AWS outages that caused downtime at Netflix, IMDb, the online teaching platform Canvas, and more. Or the November 2021 Google Cloud outage that temporarily took down web services for Snapchat, Spotify, Etsy, Discord, and more.
In other words, data can become unavailable even when your specific organization hasn’t been targeted. As the Harvard Business Review puts it, “Servers and technology can be found at secondary sites, but if the data is locked in the cloud, the business’s ability to function may be severely compromised.” This goes double for companies that store their backups in the same cloud as their regular data.
That said, there are also lots of good reasons to adopt the cloud. With cloud storage, companies can avoid on-premises data center costs like licensing, support, and maintenance fees as well as energy and cooling costs and hardware upgrades and replacements. The cloud also offers ease of backups for disaster recovery, and major cloud providers usually offer some measure of data security for data security.
Ultimately, organizations storing their data in the cloud must make sure to invest in strong data resilience policies and solutions. IBM puts it bluntly: “If organizations are not integrating resiliency into their initial cloud adoption, they are accepting risks, whether they realize it or not.”
How to strengthen data resilience
Having strong data resilience means that your company will be able to detect, respond to, and recover from disruptions in a timely manner. The US Department of Energy suggests several complementary pathways to strengthening data resilience, including damage prevention, system recovery, survivability, and strengthening reliability and availability.
In particular, high availability is key to achieving resilience in data centers. High availability refers to the ability of a system to operate continuously without a single point of failure.
Additionally, data centers can strengthen their data resilience with redundancy. Infrastructure redundancy — duplicating entire components or systems — has been a common approach, but a more cost-effective strategy is data redundancy. In this model, organizations can maintain their data availability without rebuilding their full infrastructure across multiple clouds.
Improving data resilience with microsharding
The right microsharding solution can shred and distribute data across multiple customer-owned storage repositories for stronger data resilience in the face of tampering, deletion, outages, cloud ransomware, and more. It can also offer high availability with two or more virtual clusters for failover. And it can operate in multiple clouds — as well as in hybrid-cloud environments that use a mix of on-premises and public cloud services.
Related Articles:
The Evolution of DevSecOps with AI
Published: 11/22/2024
It’s Time to Split the CISO Role if We Are to Save It
Published: 11/22/2024
Establishing an Always-Ready State with Continuous Controls Monitoring
Published: 11/21/2024
The Lost Art of Visibility, in the World of Clouds
Published: 11/20/2024