By Ellis Booker
4m read time
As they start a complicated digital transformation, moving from siloed enterprise systems to integrated multicloud services and core-to-edge applications, organizations face an unprecedented increase in threats and vulnerabilities. These threats are multiplying rapidly, affecting business processes and operations, data, operating systems, hardware, applications, networks, endpoints, and employees.
The urgency to address these issues flows from the expectation of near-zero downtime and data loss to support digital experiences of customers, employees, and partners.
Emphasizing resilience in the face of inevitable breaches
Given these realities, a new strategy is emerging. Although cyberprotection and breach prevention remain laudable goals, it is increasingly obvious that 100% protection is unattainable. Even with a vigilant IT security team, a successful cyberattack has become an absolute certainty.
“So the very first step is a business risk assessment, looking across the enterprise at its business processes and installed security tools and plans,” says Michelle Weston, director and global portfolio leader for security and resilience at Kyndryl. Many enterprises have trouble simply identifying all of their vulnerable assets, let alone creating a comprehensive program to respond and recover them, she notes.
A resilient firm must be able to recognize, continuously track, manage, and recover from sophisticated security and operational risks, she says. This ability to anticipate, protect, withstand, and recover will likely require rethinking existing data governance strategies, since cybersecurity is only one aspect of this approach. “Resilience combines cybersecurity, disaster recovery, business recovery, and a variety of data and network resilience technologies to ensure continuity during and after cyberincidents,” she says.
Automation tools that enable recovery of data and applications within business-set recovery time objectives (RTOs) are particularly important in multivendor hybrid multicloud environments, as these become business-critical. One example is Kyndryl Cloud Resiliency Orchestration, a robust suite of managed services that provides real-time monitoring and management of cloud services as well as failover and recovery of physical and virtual systems.
“Instead of pursuing invulnerability,” Weston says, “enterprises should make sure they are resilient to attacks, by making and executing plans to help ensure that future incidents, when they happen — and they will — won’t have a devastating effect on the business.”
For more information on Kyndryl’s cyber resilience solutions, visit https://www.kyndryl.com/us/en/services/business-continuity/cyber-resilience.
Click here to learn more about developing a disaster recovery plan.