The blurring lines between data protection and security [Q&A]
The threat landscape has evolved a lot over the past few years as cybercriminals become more and more sophisticated. This has forced change within the industry and blurred the lines between the previous separate data protection and security strategies.
We spoke to Jason Gerrard, senior director of international systems engineering at Commvault, to find out more about why this is happening and what it means for the future of the data protection and cybersecurity industries.
BN: What is the difference between data protection and security?
JG: Traditionally, data protection was considered to address issues related to data storage and management, and the access to this data, whilst solutions that prevent cyber attacks, such as firewalls and anti-virus, fell into the security bucket. But these two worlds are no longer as separate as they have previously been.
These days, I do not recognize that there is much of a difference between these two terms. Ultimately, a data protection strategy must have security at the heart of it, and similarly any security strategy must have data protection as a core tenant. There will always be niche differences, of course, but those lines are increasingly being blurred. Indeed, here at Commvault, we believe that data protection and data security very much go hand in hand.
BN: Why are the lines between data protection and security blurring?
JG: There are varied reasons why the lines are blurring between data protection and security. One of which is the evolution of the threat landscape, which has changed significantly over a very short period of time. Only a few short years ago, the primary attack mechanism and goal of ransomware was to infiltrate the environment, propagate (make copies of itself and distribute as widely as possible), elevate permissions, and execute. The execution phase was all about encrypting data then demanding a ransom, usually in untraceable digital currency, such as Bitcoin.
But no longer do bad actors just encrypt the live data, which could fairly easily be overcome by restoring from a last-known good-state backup copy. They are now also encrypting the backups to ensure that organizations cannot just restore their data and continue operations. This is possible if the backups are not sufficiently protected with technologies such as air-gapping or immutable storage. Bad actors then exfiltrate the data out onto the dark web, where they threaten to expose it if the ransom is not paid. This risks significant reputational damage to a customer, as well as opening them up to data privacy breaches and competitors being able to see their customer data, for example.
By attacking the backups, as well as the data, cybercriminals are blurring the lines between data protection and security and are, therefore, forcing organizations to consider both aspects of cybersecurity in equal measure.
BN: How does this impact businesses? How should they react to these changes?
JG: Depending on the type of attack, cybercriminals can bring down organizations for days or weeks while the data is recovered. In the worst-case scenario, it can bring about the collapse of an entire organization.
Having a cohesive, well-thought-out, and tested data protection strategy, which includes security at the very heart of it, is essential. This will significantly mitigate and eliminate some or all of the damage that can be caused. So many organizations have collected multiple data protection and separate security solutions over the years. But very few of these solutions will talk with each other or integrate at a systems or human level because they all use different codebases with different management interfaces. Instead, businesses should consider implementing a single, cohesive solution that can bridge the gap between the data protection and the security world.
BN: How should data protection and security vendors react to this evolution in order to support their customers?
JG: Data protection and security vendors must integrate and collaborate at the technology level more than they currently do. I do see that increasing, and we are working hard to push this forward too. Commvault recently announced our integration into Microsoft's Azure Sentinel SIEM/SOAR platform and into CyberArk, for example. Integration between these best-in-class providers significantly increases the security of a customer's environment. So, it is these kinds of collaborations that need to be accelerated within the wider industry in order to support customers.
BN: What does the future hold for data protection and cybersecurity? Can we expect more of an integration between security and IT?
JG: Definitely! The bad actors don't do this for fun, they do it because it's a business for them. They earn vast sums of money plying their trade and that means that we, in the data protection and security space, need to continue evolving our approach too. The current trend of collaboration between vendors must accelerate, whilst data protection and security companies, including Commvault, continue to integrate traditional data protection and security tool sets into a single, cohesive platform. This will not only be simpler to deploy and manage but is incredibly powerful in providing an active layer of defence for customers.
Photo Credit: Den Rise/Shutterstock