< Previousdata responsibility www.networkseuropemagazine.com 20 the notion that your systems and critical data are impervious to downtime or data loss when hosted in a data centre has been challenged A simple solution of off-site replication or backup to a cloud service, such as disaster recovery-as- a-service (DRaaS) or backup-as-a-service (BaaS) – importantly provided from another data centre – would have minimised downtime and prevented any data loss. The founder of OVHCloud has said that the incident highlights the need for the data centre industry to offer backups as standard to customers. This is a positive step forward. But until that happens, users should consider these steps to help protect their data: • While extremely secure, the notion that your systems and critical data are impervious to downtime or data loss when hosted in a data centre has been challenged. Like any physical structure, it can be affected by fire, flood, acts of God or even a cyber-attack. • Can you afford prolonged downtime or the permanent loss of data? Consider what you deem to be a disaster and the potential impact. Some companies are satisfied knowing their data can be recovered from backup, even if it takes hours or days, while others cannot afford any downtime and need systems back online within minutes, maybe even seconds. • Microsoft 365, Google Workspace and other top tier providers typically include some level of backup protection. However, many of these ‘backup features’ are designed with the SaaS provider in mind and may not meet your own recovery needs. Ambiguity in service level agreements and those missing key features could have serious consequences. Granular recovery and flexible retention timeframes are critical for a good backup platform and may save your service if disaster strikes.data responsibility www.networkseuropemagazine.com 21 You cannot assume your systems are protected and that your data cannot be lost • If you decide you need to take ownership of your own backup requirements, one of your initial considerations should be geographic diversity. Having a disaster recovery solution with an RPO (Recovery Point Objective) of seconds and an RTO (Recovery Time Objective) of minutes is compromised if it’s in the same data centre or too close. • Regardless of the capability of the technology applied to ensure data resilience, many disaster recovery plans fail due to a lack of testing. Even if the systems are ultimately recovered after an unexpected, stressful and lengthy process, it could still be financially costly to the business, as well as causing reputational damage. Ensure you have the knowledge, time and capacity to build in comprehensive tests on a regular basis. • The best products deployed incorrectly can significantly compromise a real disaster invocation. Consider utilising an external disaster recovery provider where you benefit from specialised expertise and objectivity by using these services – such as DRaaS – where testing and trial invocations are provided as part of the service. • The importance of testing cannot be over-emphasised. Technical staff that are well versed in trialling a disaster recovery invocation are more likely to deliver a less stressful system recovery and, if the unexpected does occur, be better prepared and drilled to deal with these situations. Consider carefully whether your business can survive downtime with little or no real-world impact. You cannot assume your systems are protected and that your data cannot be lost. IT services are embedded into every aspect of our business life. An outage like this will affect the service you provide and likely impact the financial security of your company. Regardless of the cause and irrespective of the circumstances, if your data is lost and your recovery options compromised, your data, and potentially your business, is gone for good. nGreater cyber-resilience can be developed in just four steps. By taking these steps, all organisations will strengthen their ability to retrieve and restore data, minimising incident downtime. They will also find it easier to mitigate threats and establish their causes, demonstrating transparency and due diligence. 1. Mandate offline back-ups It has become critical that every employee is made accountable and responsible for backing up regularly, both locally and offline, to corporate-approved encrypted storage devices. Cyberthreats increasingly target the end-user working remotely from a home- based office. In addition, cyber-criminals have begun hitting the backup software and systems put in place as insurance. Ransomware attacks alone rose seven-fold, according to BitDefender's mid-2020 report. When backups of important data are stored offline at different physical locations, this maximises the chance of data recovery even if the worst happens. It also supports the ability to thwart ransom attempts, even as ransomware attacks continue to multiply. 2. Deploy suitable endpoint controls Straightforward tools must be made available to permit employees to use their own hardware safely and even give them more control over the management of their own data, especially across the newly complex, increasingly hybrid network. Cyberattacks increasingly exploit employees for whom data security and privacy is not at the forefront of their minds; many professionals, regardless of rank, now regularly move around with personal laptops that are brimming with sensitive corporate data. This means we need to consider the roles played by tablets, laptops, desktops and BYOD devices connecting to the network, and securing them, wherever they are. Deploying the right solutions at the endpoint can allow employees to use their own hardware safely and give them autonomy - assisting operational agility as well as defending against a greater risk of cyberattack. Jon Fielding, Managing Director EMEA Apricorn If you've never heard the term 'cyber-resilience' you might imagine something requiring a heavy investment of time and resources. However, achieving resilience, even in our brave new world of hybrid workplaces, need not be costly or complex. cost-effective greater cyber-resilience both on and off-site 4 1 2 cyber resilience www.networkseuropemagazine.com 22ve steps to er-resilience, d off-site cyber resilience www.networkseuropemagazine.com 23Make the most of your presence NETWORKS EUROPE magazine is the longest established and industry leading technical journal for the network infrastructure and data centre marketplace. • NETWORKS EUROPE features editorial contributions from worldwide industry figureheads, ensuring that it’s the world’s best publication for information on all aspects of this constantly evolving industry. • Published every other month (x6 per annum), the magazine is produced in digital format, with a magazine viewing link (readable on all major electronic devices) e-mailed directly to subscribers on publication. • The readership consists of 26,000 industry professionals across Europe; with its core circulation covering the UK, Germany, France, Belgium, The Netherlands, Italy and Spain. • The magazines’ highly focused editorial content caters exclusively for an informed audience consisting of network infrastructure professionals, including; data centre managers, facilities managers, CIO’s, CTO’s, ICT directors, consultants and project managers. • Key editorial content areas include; news, legislation and technical information from industry-leading companies and commentators, with detailed case studies, as well as the latest thinking in technology and practices. Advertising Advertising can be in the form of company or product promotion. You can contact our advertising team for details on costs. We accept adverts that are submitted to us in the form of image files saved as high resolution (>300dpi) *.pdf, *.png, *.jpg or *.eps format files. Sponsored content We publish sponsored or branded content in the form of advertorials, case studies, white papers and product/company features. Our advertising team can help with advice and costs. NETWORKS EUROPE The magazine for network and data centre professionals 3. Encrypt all data as standard policy The third layer of defence is to mandate universal encryption across all devices and all data, whether it is being stored 'at rest' or transmitted to and from sections of the corporate network. The availability of 256bit 'gold standard' AES hardware encrypted desktop drives, portable drives and flash drives makes defending data as well as achieving and maintaining regulatory compliance easier than ever before. Mandating organisational encryption also functions as evidence that the company adheres to responsible data handling practices, even in the event of an information breach. This in turn can reduce the chance of a heavy financial penalty that falls foul of legislation - for example, the EU's General Data Protection Regulation (GDPR). 3 4 4. Acquire full visibility of all data Finally, ensure your organisation can gain and maintain up-to-date visibility of all data. In these days of disrupted working patterns and behaviours, knowing at all times what information and data you have, where it resides, who is accessing it, and whether it’s been put at risk has become more important. Being able to monitor and manage your data transparently across BYOD, home or work and on the range of devices currently used, also helps guarantee a rapid response to cyber incidents and data breaches, while ensuring organisations can satisfactorily respond to any regulatory questions. As our 2021 Global Security Survey highlighted, many organisations place too much trust in employee data handling rather than founding an organisational stance on best-practice - for instance, just 41% mandate encryption of sensitive data. Yet any organisation can be disrupted, especially by a crisis. Organisations were already transitioning from an often- flawed focus on 'complete security' to building resilience to cyberattack but more needs to be done. By prioritising cyber-resilience through the four key actions noted above, there's less reason to worry about home working or rising threats from fearware, ransomware or any other inventive, yet insidious attacks against systems with which individuals are entrusted. n cyber resilience www.networkseuropemagazine.com 25 In these days of disrupted working patterns, knowing what information and data you have, where it resides, who is accessing it, and whether it’s been put at risk, has become more important.We need to long-term offsite working offsite working www.networkseuropemagazine.com 26Working from home has become the new normal and survey responses from employees in many industries have backed up the idea that it’s unlikely many will ever return full time to the office. And why would they? Technologies that allow smooth and effective remote working have been embraced by the more forward-thinking companies in recent months. As we now plan for long-term offsite working, supporting remote staff while ensuring client needs are met is a new challenge and one that has brought the relationship between employee and employer into sharp focus. Trust has taken on a greater significance, as bosses have less physical oversight of their staff. Yet as employers learn to put their faith in their employees to work remotely, is there a risk of companies taking advantage? Expected tools to do the job Imagine walking into an office as an employee to be faced with an empty desk except for a laptop. You connect to the work network, only to find it too slow to support your video call. You find it strange the phone doesn’t interrupt you - then you realise you don’t have a desk phone. Your personal mobile rings, it’s your boss, wondering why they can’t make out what you’re saying on the video call. Let’s face it. It just wouldn’t happen. And yet, millions of us have tested our home’s IT infrastructure to the limit throughout the pandemic. Even to the most savvy homeworking networks integrator, the term ‘IT infrastructure’ seems too grandiose. We take for granted those tools that we need to effectively do our jobs: business-grade broadband, stable networking, a desk phone or work issue mobile, or both. With those in place, it’s easy to control the quality of service to clients. But the question is, are employers wrongly assuming that our home setups are up to scratch? o plan for site working Duncan Ward Chief Executive Officer Enreach UK “Hi honey, I’m home!” was a familiar refrain as commuters returned from work after a day at the office. Since the beginning of the pandemic however, the commute has changed for many employees, to a short stroll from one room to another. offsite working www.networkseuropemagazine.com 27Many employees have fallen foul of the accidental appearance of a child on an all-too-serious Teams or Zoom call, or remarked on an item of curiosity in the background, or struggled to understand garbled conversation on a patchy connection. Video calls have become the norm, to the extent that the simple phone call seems impersonal - why not look them in the eye, even if they are frozen on screen? Furthermore, the working day has shifted around personal priorities. Staff may log on earlier and finish earlier, or work into the evening after a morning of childcare commitments. But how do we acknowledge and properly reflect that across an organisation? The combining of our home and work lives has put enormous and varied pressures on employees, expected to do the day job using a work issue laptop, a work mobile if you’re lucky and residential broadband. In and out of lockdowns, Zoom calls, home-schooling, online gaming, and binge- streaming the latest box set means that most people’s home broadband has been left creaking under the strain. Recognising the new normal Pre-pandemic, many employers with office-based staff would allow a degree of flexibility and home-working. And for those odd occasions, the current average home setup would suffice. But as we enter a world where remote working could make up a large part of an employee’s normal pattern, should conscientious employers be investing in smarter remote working capabilities? Of course, conversely, there may be companies that will expect employees back in the office asap, unconvinced of the validity and potential benefits of employees working at home. But these excuses are wearing thin. When enabled to be, an employee is arguably more productive away from the office. Travel time is avoided, including to meetings. Without the distractions of the office, efficiency is improved and with the proper connectivity and cloud solutions offering the chance to remain undisturbed across all connected devices, a true work-life balance can be achieved. Reliance on physical infrastructure Companies with multiple office locations will be well versed in ensuring those sites and employees are connected. But what happens when you take away that infrastructure? Taking the desk phone as an example, at the start of the first lockdown we knew of many companies who sent their employees home with their desk phones, to replicate their offsite working www.networkseuropemagazine.com 28 Without the distractions of the office, efficiency is improved and a true work-life balance can be achievedoffice setup, connecting them to the company system through a physical connection to home Wi-Fi routers. The problem they encountered, however, was that when in the office, the phones received both power and a connection via a single Ethernet cable. At home, it was a different story clearing warehouses full of separate power adapters in the rush to get employees connected at a moment’s notice. We’ve recently engaged with a number of companies now recognising that the world of work has changed, exploring the possibility of rolling out robust business broadband at employees’ homes. We’ve also seen enquiries from customers wanting to add IT solutions and softphone functionality at their home, to allow calls to be made and received through an employee’s laptop, alongside a ‘traditional’ desk phone. Always on is not always ok If the pandemic has taught us anything, facilitating improved connectivity for remote employees should now be a foregone conclusion. From an investment perspective, employers should be reflecting on what they’re saving by not having employees in the office. But there is an associated risk. Enabling greater connectivity for employees also means bringing about more methods of getting in touch with them. Whether that’s by email, messenger app, a call via their desk phone, softphone, mobile phone or a video call. There’s a danger of creating an ‘always on’ culture - you’re at home, why wouldn’t you be contactable? And with everyone’s days starting and ending at different times, how do you know they’re not available? Smart solutions can overcome this by automatically and simultaneously updating every work device or app to show an employee as available or unavailable, redressing the vital work/life balance. Investing in the new normal Despite the learnings of the last year or more, some employers will be pleased - if not relieved - to see their employees returning to the office, but for those who will continue to work from home, proper investment in ensuring the quality of service, as well as the quality of life, will be critical to its success. n offsite working www.networkseuropemagazine.com 29 If the pandemic has taught us anything, facilitating improved connectivity for remote employees should now be a foregone conclusion Next >