A bane of having data is the need to know: the need to know where all your sensitive data resides, what that data is, who has accessed it, and how it was accessed. Managing the who, what, where, why, and how of data is a struggle that’s as old as time. Scale changes this struggle. We continue our scale discussion on the Virtualization and Cloud Security podcast by delving into data management. Paula Long, CEO and cofounder of DataGravity, joins us to discuss data management at scale. How do we answer these questions?
Data Protection is much more than verifying that you have a valid backup. While the recovery of your data is important, Data Protection also encompasses data life cycle management, business continuity, disaster recovery, and continuous data protection as they pertain to virtualized and cloud environments. This topic also examines how to secure and monitor the passing of data between disparate environments and how to increase the scale of data to be protected in shorter periods of time. (Read More)
How to manage the security and protection of your environment in order to safeguard your crown jewels has always been important. However, it has never been more so than today, when data-breach announcements are common and everyone from nation-states to teenagers in their bedrooms have access to powerful tools for breaking in.
The recent Amazon Web Services Simple Storage Service (S3) outage has taught us quite a bit about fragile cloud architectures. While many cloud providers will make hay during the next few weeks, current cloud architectures are fragile. Modern hybrid cloud architectures are fragile. We need to learn from this outage to design better systems: ones that are not fragile, ones that can recover from an outage. Fragile cloud is not a naysayer: it is a chance to do better! What can we do better?
In the last three virtualization and cloud security podcasts, Mike Foley, Sr Technical Marketing Architect for vSphere Security, mentioned security disaster recovery plans. There is a growing need for such plans. The 174th podcast covered this need, as well as the why and the how of putting such plans together. Unlike traditional disaster recovery, security disaster recovery is just what it sounds like, recovering from a disastrous security event. How would your organization respond to such an event? Is it about incident response? It is more than this. While you listen to the podcast, consider these thoughts.
In our data protection research, we have discovered that there are quite a number of companies that say they do Disaster Recovery as a Service (DRaaS). Just what is DRaaS? What are the basic requirements? Is using a public cloud better than using hosted DRaaS? Are there any risks? Is DRaaS just a dump-and-go? Is DRaaS just another managed services play? There are many questions—now, let us look at some answers.
Nothing quite changes like IT. We have gone from incredibly manual, thought-requiring human processes to handling petabytes of data to make a single decision. In essence, our requirements have changed to meet our real-world needs, whether such change has been to improve performance, capacity, or other needs. Requirements rule the world of IT. Recently, we have seen an additional shift in requirements. TVP Strategy is currently looking at a small set of IT: data protection. Our approach has been to produce a coverage graph. The graph gives us a nice visual on how vendors’ products match up. But that is not all. We recently did some analysis comparing products over time as our coverage graph requirements have evolved. The results of these comparisons over time are very interesting.
Nearly every time I turn around, a company is stating it can prevent ransomware! When I research it further, I see that it is not, in fact, prevention. Rather, it is recovery. These companies all make the same assumption: that ransomware can be detected long before it becomes a major problem. This is false reasoning. Ransomware is not detected until a person cannot open a file, or a system reboots and the screen shows a lovely ransomware message. How soon after ransomware hits does this detection take place? Moments, days, or months? Whether you can detect ransomware early enough depends on your practices, policies, and capabilities, not on storage or data protection that claims to prevent ransomware. What does it take to prevent, or even detect, ransomware?