Elly Yates-Roberts |
Following the events of the past few years, building business resiliency is now top of mind for many organisations around the world.
According to John Peluso, chief product officer at AvePoint, a layered approach to security is an important way for businesses to achieve this goal.
“The most direct thing that we have seen customers find value in – especially in the case of a malware event like ransomware – is the ability to access data,” he says. “The way to achieve this is by having a reliable business continuity strategy.
“This becomes more difficult when you consider the data that is stored on someone else’s architecture – such as server content, cloud services, or anything with a synchronisation capability – is less covered by traditional enterprise data protection strategies. That’s new territory. While many businesses may think that because they have outsourced the architecture, they've also outsourced the responsibility, in some cases they haven’t. Businesses are becoming increasingly reliant on cloud services, so they need to be factored into the overall business continuity and resilience strategy.”
This reliance on cloud services has, in some ways, been driven by the swift move to hybrid and remote working. And the threats are real; 37 per cent of organisations around the world reported that they were hit by a ransomware attack in 2021, according to IDC’s 2021 Ransomware Study: Where You Are Matters!
“The Covid-19 pandemic forced businesses to provide users with access to content that was outside the traditional perimeter and, as a result, could not be protected by more traditional approaches,” says Peluso. “We've had to find new ways of ensuring the protection of our data and the continuity of access to that data.”
AvePoint is actively helping its customers to extend their security perimeter beyond the traditional office environment and into the remote workplace. According to Peluso, a successful approach requires a combination of things.
“The smaller the overall corpus of data, the smaller a business’s footprint and the more it can focus its protection efforts. It is also important to know where that business-critical data is so it can be treated – and protected – accordingly. In the case of resiliency, you need to know where your highest value content is.”
But how do organisations identify if something is business-critical?
“Privacy-related or payment data can be easy to find,” says Peluso. “The data is binary – either it is a credit card number, or it is not, and there are rules you can use to automatically assess that. It’s a lot harder when it comes to business-critical data. It is information that means something to a business, but there’s no easy way to flag and identify it.”
AvePoint helps customers to identify business-critical data by taking an operational approach to collaboration.
“If we think about groups using Microsoft Teams as a workspace, it’s important to have a part in that process that makes it clear what the collaboration is about, who it maps back to, and its level of importance to the business,” says Peluso. “We bring that to our customers.
“It is a combination of better cataloguing and tracking collaboration efforts with the underlying engines to protect that data. We are not just worried about backup so that you can restore data in the case of a catastrophe; we're talking about an end-to-end story that offers benefits all along that spectrum, including if something really bad should happen to that data.”
Many businesses were not prepared for the technological impacts of the Covid-19 pandemic and feel that their hands were forced when it came to business resiliency and data protection. “While a strategic approach makes sense in theory, many organisations are now dealing with how to retrofit information management onto a system that is live and in the wild,” says Peluso.
AvePoint has a solution for this too. “Our offerings include a mix of policy-driven, top-down strategic approaches, but then also bottom-up insights that allow our customers to retrofit solutions onto the systems that are already in place,” says Peluso. “In the past, I’ve had to convince customers of the potential problems that they will encounter later on. But some people want to wait to see if they actually arise, before trying to solve them.
“Now we’re in a situation where I can point out the issues that businesses are currently facing, and we can fit our solutions onto their systems. It’s much more tangible for organisations to act on.”
When describing AvePoint’s role in its customers’ businesses, Peluso uses the analogy of bumpers in a bowling alley. “We can’t control how you roll the ball down the lane, but we can make sure that the ball isn’t going to hurt you, or anyone else. You can carry out your processes as usual, just with a little bit of guidance and security around the outside.”
This article was originally published in the Summer 2022 issue of Technology Record. To get future issues delivered directly to your inbox, sign up for a free subscription.