Veritas Vice President and MD Asia South Region Ravi Rajendran discusses why the Singapore Government’s Public Sector Data Security Review Committee’s recommendation to publish Government policies and standards relating to data responsibility is a step in the right direction.
By Ravi Rajendran
Cybercriminals have long relied on social engineering as one of their most successful modes of attack. By fooling employees to share information or download their malware, ransomware attackers acquire the credentials they need to capture a company’s most important digital assets. Without a clean backup copy of an organization’s entire data catalog, users are held hostage at the mercy of criminals seeking monetary gain.
To stay ahead of the cat and mouse game, cybercriminals’ techniques will evolve in response to more rigorous company policies. We’re already seeing the beginnings of a secondary illegal market for stolen credentials. On the dark web, ransomware is fuelling the rise of a burgeoning market that makes it quick and easy for cybercriminals to gain remote access to corporate systems.
This boom is being supported by a shifting attack strategy that will only become more embedded in 2020. Ransomware attackers will increasingly target their efforts, not on existing employees, but on adjacent targets and other accounts with access to the systems of their intended victim. This includes outside contractors, freelancers, partners and approved vendors.
In Singapore, the latest malware incidents that hit in December 2019 is yet another timely reminder that ransomware will no longer be a matter of data denied. It will be a case of data compromised.
Globally, the public sector, healthcare and manufacturing are emerging as some of the most likely targets. To bolster data security, the Singapore government has set up the high-level Public Sector Data Security Review Committee (PSDSRC).
One of the key recommendations for improving transparency in the public sector’s data security is to publish the government’s policies and standards relating to personal data protection and provide an annual update.
At Veritas, we believe that this is a step in the right direction as publishing these standards also allows vendors that work for the government to understand the standards that must be met. Very soon, data responsibility won’t just be for internal consumption. Data responsibility will be how organizations do business and choose who they work with.
The growth of containers
Container technology will continue to make businesses more versatile in their ability to deploy and scale applications.
This rapid deployment is leading to questions about data integrity as an increasing number of new containerized applications are designed to create and modify persistent data. This evolution is emphasizing the need for mature backup and recovery processes that protect containerized data and applications wherever they reside.
Currently, container technology allows for rapid and portable deployment of environments that furthers the abstraction started with virtualization and enables additional abstraction of the hardware. As organizations continue to shift workloads and transition to hyperconverged infrastructure, they will need the simplicity, ease of use, faster infrastructure deployment and the ability to easily scale.
In addition, containers allow admins to embrace the concept of a cloud experience from an on-prem infrastructure. It provides them with the ability to run a server for an application, rather than waiting two weeks to get access to hardware, among additional processes. While the data still needs to be compliant, safe and be interrogated as needed, container technology provides a bird’s eye view of the data to those who need it. This is particularly important with the continued rise in edge computing where data is being generated everywhere and becoming more siloed, as well as the constantly shifting regulatory landscape.
The year of AIOps adoption
Many organizations have been experiencing a shift from the traditional core enterprise data center to a decentralized on-prem and cloud infrastructure. Another major trend is what I’ve termed “Digital Users”. Digital Users include machine agents, containerized applications (as above), process-oriented analytics, IoT devices and API-driven infrastructure.
Digital Users can number into the thousands and quickly expose the complexities associated with the manual processes required to deploy infrastructure, apps, and data management and protection services.
AIOps and API automation holds the promise to abstract complexity and provide significant new levels of autonomous processes. These are significant trends that will make AIOps an imperative in 2020.
This year, we can expect to see the collecting of data from various systems, tools and devices and the application of analytics, AI and machine learning to gain speed, simplifying the adoption of Digital Users, enhancing IT operations and information management with capabilities that will include; automatic detection and self-directed, real-time action on events and issues; automated workload and data analysis that drives resiliency orchestration; API enabled provisioning, management, protection and recovery; and proactive data classification and action spotlighting potential risks and threats.