-
Resources
- Forums
-
What is IT resilience, and why is it important?
What is IT resilience?
IT resilience is your organization’s ability to respond to change. That includes the change you want, such as implementing ubiquitous connectivity and managing the explosion in data volume, and the change you don’t want, such as protecting against cyberattacks and reducing vulnerabilities. IT resilience starts from the inside, protecting your Tier 0 assets such as the identities and users who access your data, your infrastructure and your systems. It grows outward to your connectivity, cybersecurity and data management. As you build your IT resilience, your company is better able to adapt to whatever comes next.
What are the IT resilience components?
- Streamlined IT — Scale and streamline your IT operations, automating administration tasks to mitigate risk, enhance threat detection and improve disaster recovery.
- Enabled and empowered users — Become data-driven by empowering users to better manage and develop data pipelines.
- Hardened cybersecurity — Employ a holistic approach to control identity sprawl, close the cybersecurity exposure gap and protect resources in the cloud and on-prem.
What trends are driving changes in IT ecosystems?
The IT ecosystem never stops changing. Three trends in particular are driving CTOs, CIOs and CISOs to work toward IT resilience in their organizations:
- Ubiquitous connectivity — Your employees, customers, users and partners expect that your IT assets will be available 24/7. More of them are able to connect to your network from more devices in more remote places. The adoption of 5G and the boom in satellite communications are leading to greater consumer and commercial demand for access to your organization’s infrastructure, systems and data. IT resilience means meeting that demand.
- Data explosion — The growth in access, devices and users, combined with the elasticity of your cloud infrastructure, is driving a data explosion. Global data creation and replication are growing at a compound annual rate of 23 percent. IT resilience means knowing how to manage your part of that explosion.
- Complex security and access — The crescendo in connectivity and data means greater demands on your IT admins along with greater risks to network security. With the increasing numbers of users, identities, accounts and endpoints comes increasing frequency of ransomware attacks — as often as every 2 seconds within the coming years. IT resilience means knowing at all times who is on your network and what they are doing there.
Why is IT resiliency important?
Building IT resilience is important because of accelerating shifts in the threat landscape.
Traditionally, hackers have gone after data that held nearly immediate value for them, such as credit card numbers, personal details and bank account information. But in the era of ransomware, hackers go after data that has value to you: your Tier 0 assets, your contracts, your SharePoints, your OneDrives, your email, your corporate systems. Data skyrockets in value when it’s suddenly unavailable to you, even if it’s of little value outside of your company.
Nearly every organization is impacted by shifts like those in the threat landscape. With stakes that high, it’s no wonder that 74 percent of businesses report they are not cyber-resilient.
In companies dependent on Active Directory — the mission-critical backbone of infrastructure — fast, secure recovery following a cyberattack is the essence of IT resilience. More than seven out of 10 companies are unable to tolerate even two hours of downtime for critical applications, so speedy recovery of AD is of the essence. IT resilience includes automated protection and recovery to reduce the risk of human error and the need to start over. It also applies to keeping AD backups out of the reach of attackers and infection by malware.
IT resilience extends from the first line of defense, like email attachments and phishing sites, to the last line of defense: the backups of your applications and data companywide. That means not only having solid backup/recovery software and procedures in place but also ensuring that backed-up data is immutable and useless to attackers.
The benefits of IT resilience are that you can go beyond keeping up with the changing threat landscape — you can stay a step ahead of it. By automating the work of resilience, you can more quickly reap its benefits: higher availability, secure infrastructure and better performance of IT assets.
Traditionally, hackers have gone after data that held nearly immediate value for them, such as credit card numbers, personal details and bank account information. But in the era of ransomware, hackers go after data that has value to you: your Tier 0 assets, your contracts, your SharePoints, your OneDrives, your email, your corporate systems. Data skyrockets in value when it’s suddenly unavailable to you, even if it’s of little value outside of your company.
Nearly every organization is impacted by shifts like those in the threat landscape. With stakes that high, it’s no wonder that 74 percent of businesses report they are not cyber-resilient.
In companies dependent on Active Directory — the mission-critical backbone of infrastructure — fast, secure recovery following a cyberattack is the essence of IT resilience. More than seven out of 10 companies are unable to tolerate even two hours of downtime for critical applications, so speedy recovery of AD is of the essence. IT resilience includes automated protection and recovery to reduce the risk of human error and the need to start over. It also applies to keeping AD backups out of the reach of attackers and infection by malware.
IT resilience extends from the first line of defense, like email attachments and phishing sites, to the last line of defense: the backups of your applications and data companywide. That means not only having solid backup/recovery software and procedures in place but also ensuring that backed-up data is immutable and useless to attackers.
The benefits of IT resilience are that you can go beyond keeping up with the changing threat landscape — you can stay a step ahead of it. By automating the work of resilience, you can more quickly reap its benefits: higher availability, secure infrastructure and better performance of IT assets.
What is an IT resilience strategy?
An IT resilience strategy hardens cybersecurity across every facet of your entire IT ecosystem, building security from the inside out.
One of the first steps in building your IT resilience plan is to develop a Zero Trust strategy. Zero Trust takes a cloud-first, identity-centric approach to protecting the people, applications and data essential to your business. It guards against threats by continually verifying access permissions (human and machine) to all requested resources (on-prem, cloud and hybrid) and comparing user actions to baseline behavior analytics.
In Zero Trust, you remove vulnerable permissions and access rights that users no longer need. Instead, you base your decisions about access on specific delegation and proper provisioning with fine granularity. You replace the sharing of admin passwords with individual and dynamic authentication for every administrative action. You follow the principle of least privilege by granting only the permissions that administrators require to do their job – no more and no less.
Zero Trust picks up where the network-centric approach leaves off. In the network-centric approach, you ask, “Are you authorized to be on this network or not?” once at login. In the new landscape, with so much more at stake, Zero Trust lets you ask, “Do you have permission to access that file/application/device/resource?” continually. The result is a vast improvement in your security posture.
An IT resilience plan ensures that your IT operations are streamlined and scalable to adapt to the fast-changing usage patterns of your customers and users. Save time and minimize security risks by automating administration tasks like user and group management, Group Policy management, Active Directory health monitoring, disaster recovery planning and Office 365 backup.
Along with hardening cybersecurity, a robust IT resilience plan covers data protection and disaster recovery. This step usually comprises at least three elements — formalizing scope, performing a business impact analysis to establish requirements, and creating detailed recovery procedures — but it is often overlooked. Even in companies that self-assess their recovery capabilities as meeting or exceeding the expectations of the CIO, only 27 percent have all three of those elements in place.
One of the first steps in building your IT resilience plan is to develop a Zero Trust strategy. Zero Trust takes a cloud-first, identity-centric approach to protecting the people, applications and data essential to your business. It guards against threats by continually verifying access permissions (human and machine) to all requested resources (on-prem, cloud and hybrid) and comparing user actions to baseline behavior analytics.
In Zero Trust, you remove vulnerable permissions and access rights that users no longer need. Instead, you base your decisions about access on specific delegation and proper provisioning with fine granularity. You replace the sharing of admin passwords with individual and dynamic authentication for every administrative action. You follow the principle of least privilege by granting only the permissions that administrators require to do their job – no more and no less.
Zero Trust picks up where the network-centric approach leaves off. In the network-centric approach, you ask, “Are you authorized to be on this network or not?” once at login. In the new landscape, with so much more at stake, Zero Trust lets you ask, “Do you have permission to access that file/application/device/resource?” continually. The result is a vast improvement in your security posture.
An IT resilience plan ensures that your IT operations are streamlined and scalable to adapt to the fast-changing usage patterns of your customers and users. Save time and minimize security risks by automating administration tasks like user and group management, Group Policy management, Active Directory health monitoring, disaster recovery planning and Office 365 backup.
Along with hardening cybersecurity, a robust IT resilience plan covers data protection and disaster recovery. This step usually comprises at least three elements — formalizing scope, performing a business impact analysis to establish requirements, and creating detailed recovery procedures — but it is often overlooked. Even in companies that self-assess their recovery capabilities as meeting or exceeding the expectations of the CIO, only 27 percent have all three of those elements in place.
Where can I get help with hardening my IT resilience?
In enterprise IT, what’s next is now. Technology continues to evolve — with data, devices and connectivity increasing exponentially. More devices and greater connectivity bring more opportunities for cyber threats. Find out more about building up IT resilience in your organization:
Blogs
Zero trust: What it is, why you need it, and how to get started
Learn what Zero Trust security is, its benefits and downsides, and steps your organization can take to get started.
Bryan Patton
What is data operations? How can it benefit your organization?
An automated approach to designing, building, moving and using your data. Learn how data operations empowers decision makers to extract insights at s...
John Pocknell
7 endpoint security best practices
Endpoints are always the entry point for data breaches. Learn 7 endpoint security best practices that can help successfully reduce your risk.
Ken Galvin
How immutable backups help protect against ransomware
Learn about immutable backups: what they are, how they work, what they protect and what to ask when you’re evaluating them.
Adrian Moir
8 ways to secure your Active Directory environment
Secure your Active Directory against potential risks with these 8 best practices and ensure robust security measures for your system.
Bryan Patton