Data resilience and security can no longer be treated as separate disciplines – they need to work together to ensure organisations are not only protected from cyberattacks, but able to get back up and running quickly when the inevitable happens.
This is according to James Blake, Global Head of Cyber Resiliency Strategy at Cohesity, visiting Axiz this month to walk partners through the scenarios they are likely to encounter when their customers are hit by any of the myriad threats that can take their businesses down.
Recognising this convergence, data security and management provider Cohesity last year bought data protection company Veritas and is now carving out a new niche in the market to add data resiliency and business continuity to the security landscape.
Craig Brunsden
Craig Brunsden, CEO of IT distributor Axiz, explains that the company is well positioned to bring this concept to market and is working with its reseller partners to help their customers achieve true data resilience.
Blake points out Cohesity brings modern, cloud-native, and AI-driven capabilities to the partnership.
“We are bringing market leading data protection and cyber resilience disciplines together – and ensuring that no customer is left behind, in the essential journey towards a modern and mature data resilience posture,” he says.
“It’s a great fit,” adds Brunsden. “We are seeing more and more of our customers asking for these kinds of solutions. They can’t just rely on data protection back-up anymore; they have to consider how to store and manage all of their data.
“Organisations realise that the question is no longer if they get hacked – but when they get hacked,” Brunsden adds. “Today the burning question is what to do after the attack.”
For businesses, the focus has moved from merely trying to prevent attacks to designing for immediate recovery when they happen. Modern data resilience requires an “assume breach” mindset, using air-gapped backups, immutable storage and strict, granular access controls to ensure clean, reliable data is always available.
The ultimate goal is to minimise downtime and prevent data loss. Today, just 31% of organisations are confident in their ability to recover lost data within 24 hours, making fast, automated restoration capabilities essential to preventing significant operational and reputational damage.
Business continuity ensures services keep running, but data resilience provides the ability to “bounce back” from disasters such as ransomware without losing data integrity. It involves proactive, continuous monitoring and automated, AI-driven anomaly detection to identify and neutralise threats before they cripple the system.
And this is where Cohesity can help. “We see the global trends and understand what it takes for an organisation to recover quickly,” Blake says.
“We have realised that the biggest challenge in the face of attack is a lack of preparation – where organisations haven’t built the right shared model between the IT and security disciplines. Because when a ransomware or wiper attack takes place, these teams cannot play alone – you need both of them to be working in concert.”
After a cyber incident, he points out that IT owners will typically move quickly to restore data. “But they could end up simply recovering all the vulnerabilities and restoring all the threats. Remember, malware could have been lurking in the system for days – even months – so a restored system could be riddled with things that will just bring it down again.
“They need to work together to do threat remediation and get rid of the vulnerabilities, so they can be sure to prevent ongoing attacks.”
James Blake
But technology on its own won’t solve all the problems: true resilience requires organisational commitment including regular training, defined incident response roles (runbooks), and ensuring backups are not just made, but actively tested for restoration success.
As he travels the world helping customers with cyber resilience assessments, Blake says the workshop sessions he runs are often the first time that the security and resilience teams are in a room together.
“To be fair, the industry has traditionally been wired this way,” Brunsden points out. “Cybersecurity has always been very specialist in nature – and they didn’t have to worry about the data until recently.
“But the industry matured, and the threats exploded. And now security, one of the most fragmented landscapes, has to get together with different parts of the industry.”
Cyber resilience is a massive challenge, with as many as 120 different areas that need to be covered.
“It’s no longer all about data confidentiality,” Blake says. “It’s now about integrity and availability.”
The side effects of a breach have also changed: not long ago, reputational damage was a big issue; today, with most companies in line for an attack, that isn’t as much of a concern. “Everyone’s data has already been lost, in a hundred different attacks,” Blake explains. “Today, the actual impact from a reputation perspective is the regulatory and associated non-compliance financial risks associated with personal information – like financial or medical information – being released by attackers.”
Arguably, however, the even bigger issue today is the company’s ability to deliver products and services – and the long tail that can be affected. These knock-on impacts are not in most companies’ risk assessments, Blake points out – but they should be.
“We are seeing partners and vendors starting to shift their concern from system protection to evaluating the damage beyond the obvious,” Brunsden adds.
The channel has a big role to play in helping businesses achieve cyber resiliency – more so in a market like South Africa where skills availability is a constant challenge.
While technology continues to advance, humans remain the weakest link in the security chain. Ransomware and phishing attacks often succeed by manipulating human psychology rather than exploiting technological flaws, making education and training just as critical as firewalls.
“Access to people skills is a definite challenge, so qualified partners are key to delivering on this,” Brunsden says. “And, among our partners, there are really only a handful that can do so now.”
There is a big opportunity for partners from either the security or IT infrastructure worlds to skill themselves up and start offering these vital services.
“With vendors like Cohesity bringing the two lanes together, we are starting to see a partner ecosystem emerge,” Brunsden adds. “We are talking to partners with a heritage in either IT infrastructure or cybersecurity and helping them to adopt the cyber resiliency methodology.”
For many organisations, their data is dispersed across endpoints, on-premises systems, and multiple clouds. So, resilience strategies must be cloud-agnostic and capable of managing data across these complex, distributed environments.
A 100% channel company, Cohesity has already built many of the bridges needed: the Data Security Alliance works with cybersecurity vendors to cover some of the gaps between the disciplines.
Locally, Axiz has merged its cybersecurity team with the data protect and resilience team, expanding the ecosystem and adding opportunities for partners.
AI adds a new element to cyber resilience
Artificial intelligence (AI) has a big role to play in the future of cyber resilience.
Artificial Intelligence is rapidly changing both attack and defence capabilities. While AI is used for faster, automated, and more sophisticated attacks, it is also essential for defenders to use AI for faster detection and response. The future of cybersecurity depends on leveraging AI to outpace automated threats.
As Blake explains, AI can be a force multiplier in bringing the physical backup and recovery operations closer to the cybersecurity disciplines, making the process more efficient and effective.
“On the cybersecurity side, we will continue to see this shift into response and recovery. And AI can help to automate features that speed response. But you can’t replace the humans in many defence roles.”
A bigger concern when it comes to AI is how it could be exposing corporate data.
“We are seeing instances where secured data is being used in large language models out in the public cloud.”
A more secure solution would be to bring the models to the secure data, although Brunsden points out that this could be prohibitively expensive.
“We have already helped to lower that cost barrier,” Blake adds. “Storage and backup is already a sunk cost, so organisations could leverage that to apply their models in a secured environment.”
Importantly, security needs to be embedded in AI builds, he says. “If you are doing AI without security and resiliency, you are going to be in trouble. At the same time, if you try to do resiliency without leveraging the power of AI, you will be missing out on a lot of horsepower.