Date post: | 10-Feb-2017 |
Category: |
Economy & Finance |
Upload: | sylvia-j-van-woerkom |
View: | 110 times |
Download: | 0 times |
VeeamUPAvailability for the Modern Data Center: Business & IT Perspectives
Volume # 03
Rethinking Compliance:Beyond Security to Business Continuity
Enjoy reading,Your VeeamUP editorial team
Compliance in the new threat landscape
§01
VeeamUP. Availability for the Modern Data Center: Business & IT Perspectives. Volume 03 Veeam Software
Page
3
In a business world increasingly driven by mobile and social technologies, IT departments face significant challenges to keep corporate data safe. Against this background of rapidly evolving technology, they also have to ensure compliance with a whole range of regulations (from Sarbanes-Oxley to HIPAA or PCIDSS) designed to keep data protected and retrievable.
But compliance can’t simply be seen a box-ticking exercise; it’s a vital element of any large IT organization’s activities. The potential financial damage of data loss is huge, from hefty fines to serious impact on revenue. But the damage to the reputation of your brand and your senior management team can be even bigger – and even harder to repair. Against this background, the availability of the systems and data that keep your business running is absolutely critical – downtime and data loss are unacceptable.
Demonstrating to regulatory bodies that you can limit the risk of suffering from traditional criminal attacks such as SQL injections and Distributed Denial of Service (DDoS) attacks is just the start. Advanced threats are growing in volume, sophistication and persistence every day. Staying ahead of these threats – whether from bored kids, foreign state-backed hacking teams, or highly motivated and well-organized criminal gangs – is a monumental challenge. Alongside these external threats, the ever-present danger of employee negligence or malfeasance adds further compliance risk.
In this constantly evolving threat landscape, even the best-protected organizations will eventually suffer a failure. The question is: How do you accelerate and streamline effective responses to criminal activity and ensure the availability of business-critical systems when the inevitable happens?
Moving beyond security
Traditionally, compliance activities have focused on how to:
• Protect: with perimeter defenses, anti-virus and anti-malware software• Detect: by monitoring access and data movement to identify attacks as they happen• Respond: by containing the damage, combating the threat and conducting forensic
investigations• Sustain: through risk assessments, policy reviews and periodic vulnerability checks
But a strategic approach to compliance needs to look beyond this protect-prevent-respond model. In a world where data breaches are inevitable, security will only get you so far. Compliance activities also need to encompass a rigorous approach to business continuity, so that when the worst does happen, you know the systems that keep your business operational will carry on running.
In this edition of VeeamUP we’ll look at why it’s essential to rethink how you approach compliance, and we’ll offer some practical advice on how you can take compliance beyond security in your own organization.
Compliance in the new threat landscape
Turning compliance into competitive advantage
§02
VeeamUP. Availability for the Modern Data Center: Business & IT Perspectives. Volume 03 Veeam Software
Page
5
For many global enterprises, complying with legislative mandates is simply the first step. Taking the next step by adopting ISO standards helps demonstrate a proactive approach to risk mitigation through adherence to strict business continuity criteria. Accreditation for rigorous ISO standards can offer a real competitive differentiator, providing the increased credibility to help organizations enter new markets and increase their share of existing markets by attracting new and larger customers.
Compliance with key ISO standards for data protection includes the implementation of proactive business continuity management systems that can ensure key business processes are resumed quickly in the event of a failure or disaster. By adopting these standards, enterprises can prove to customers that robust systems are in place to keep the business running, no matter what happens.
Audit-proof compliance
But to achieve accreditation and sustain it, organizations must be able to demonstrate adherence with the expected standards in ISO audits. For ISO standards looking at Business Continuity Management Systems, the ability to demonstrate the availability of business-critical systems in the event of a failure is vital. Performing backups and putting disaster recovery (DR) plans in place is essential, but if they’re not regularly tested, it can be difficult to prove they’ll be recoverable if the worst does happen.
Compliance with the Sarbanes-Oxley Act is also essential, designed to protect investors in the wake of high-profile accounting scandals is mandatory for publicly-listed companies in the US. In recent years, however, it has become the de facto global standard, representing a robust approach to ensuring electronic records and audit trails are retained and auditable for long periods of time and recoverable after a disaster.
To make your systems audit-proof, whether for ISO or Sarbanes-Oxley accreditation, continually testing DR systems and recoverability is essential. It’s also vital to document the tested recovery times for key business systems and processes.
Your backup and recovery systems should provide a full audit trail and detailed test logs that can be kept for as long as needed. They should also give you the ability to test backup copies, recoverability and restore times in a sandbox environment, so you can run tests at any time with no impact on your production environment.
Turning compliance into competitive advantage
Rethinking compliance
§03
VeeamUP. Availability for the Modern Data Center: Business & IT Perspectives. Volume 03 Veeam Software
Page
7
Enterprises tend to simply partner with data protection vendors on their compliance programs. But compliance needs to be integrated with business continuity plans, which means organizations must look beyond traditional security vendors to find additional technology partners that can help ensure the data center and the business services it support are always on.
Of course, the always-on data center is itself a key risk factor for compliance. As networks become stretched through mobility and BYOD initiatives and pressure from the business increases to deliver services 24/7, keeping data, applications and users protected becomes even more challenging.
Against a background of rapidly changing advanced threats, it’s not a question of whether a breach will occur, but rather when a breach will occur. And as new technologies and threats continue to emerge, your defense posture and approach to compliance must be able to adapt quickly to keep up with the pace of change.
Know, don’t hope
In a constantly shifting threat landscape, the classic defense model of prevention and protection is inadequate. What’s needed is a clear plan that’s continually tested and updated to ensure you’re always following the latest best practices and your business continuity management is completely audit-proof.
Achieving compliance and gaining the ISO and Sarbanes-Oxley accreditations that differentiate your business doesn’t simply require robust backup technology and processes. It requires the ability to continually test the recoverability of your backups, so you’re able to demonstrate with confidence that you can meet recovery time objectives for critical applications.
With ongoing backup and recoverability testing you don’t need to hope your business-critical services will keep running when a failure occurs – you’ll know they will.
Make accountability part of the plan
It’s all too easy for compliance accountability to fall across multiple business functions, but a single point of overall accountability is essential for success. Once you’ve decided to achieve ISO or Sarbanes-Oxley accreditation, it’s essential to designate a compliance officer and compliance team to support your businesses continuity objectives. Reporting to the CISO, the compliance team must have an unambiguous mandate to constantly review compliance and ensure a rigorous adherence to the accreditation framework.
Reporting to the CISO, the compliance team must have an unambiguous mandate to constantly review compliance and ensure a rigorous adherence to the accreditation framework.
Rethinking compliance
Solving the compliance puzzle
§04
VeeamUP. Availability for the Modern Data Center: Business & IT Perspectives. Volume 03 Veeam Software
Page
9
Security is only one piece of the compliance puzzle. To ensure full, readily auditable compliance, organizations need additional support beyond that provided by vendors of protection and prevention solutions. It’s vital to find a technology partner that can support your organization when security solutions fail to protect business-critical applications and data – and ensure ongoing availability for those services. Your business continuity technology partner shouldn’t just provide backup and DR capabilities – it should deliver thorough and continual testing of the recoverability of backups.
Veeam delivers business availability through advanced backup and replication and DR technologies, offering high-speed recovery and verified protection to help organizations take compliance beyond security – and enable the Always-On Business™. By helping enable accreditations and meet audit requirements, as well as proactively identifying ways to improve backup and DR processes, Veeam’s technology expertise can help you increase brand credibility, align compliance activities with core business objectives, and keep key business services up and running when disaster strikes.
Visit www.veeam.com to learn more.
Solving the compliance puzzle
Main officeFrance
13/15 rue Jean Jaurès,92800 Puteaux, FrancePhone: +33 1 75 61 27 40
Technical Support Phone:+33 (1) 70 61 83 74
Poland
Ul. Domaniewska 39A, Wejście A,02-672 WarszawaPhone: +48 22 208 27 25Fax: + 48 22 208 27 60
South Africa
Ground Floor Twickenham Building, The Campus57 Sloane Street Cnr MainBryanston 2021,Phone: +27 (0) 11 575 0208
Technical Support Phone:+27 (10) 500 79 63
Germany
Konrad-Zuse-Platz 881829 MünchenPhone: +49 89 207 042 800Fax: +49 89 207 042 810
Technical Support Phone:+49 (892) 109 49 62
Israel
P.O 2148Hamanofim St.Ackerstein Towers (A)Herzelia Pituach
United Kingdom
The Annexe, Hurst Grove,Sandford Lane, WinnershBerkshire RG10 0SQ,Phone: +44 (0) 118 934 2982
Technical Support Phone:+44 (845) 508 70 05
Italy
Piazzale Biancamano 8Milan, 20121Phone: +39 02 620 33 004Fax: +39 02 62 03 4000
Technical Support Phone:+39 (042) 604 75 05
Spain
Calle de la Ribera del Loira, 46Madrid, 28042Phone: +34 91 503 06 95
Technical Support Phone:+34 (91) 182 97 60
Switzerland
Linden Park, Lindenstr. 16,CH-6340 BaarPhone: +41 41 766 71 31
Main officeUSA - Atlanta
2520 Northwinds ParkwaySuite 600Alpharetta, GA 30009Phone: +1 678 353 2140
Technical Support Phones:US Toll-Free +1 (800) 774 51 24US Toll-Free +1 (800) 913 19 40United States +1 (614) 339 82 52
EMEA region
If you’d like to learn more visit us at www.veeam.com or call one of our offices
Global Headquarters
Americas regionUSA - Columbus
8800 Lyra Drive, Suite 350Columbus, Ohio 43240Phone: +1 678 353 2140Fax: +1 614 675 9494
Argentina
Technical Support Phone:+54 (115) 984 20 88
USA - Phoenix
303 West Elliot Road, Suite 101Tempe, AZ 85284
Brazil
Technical Support Phone:+55 (11) 3958 73 70
Canada
3773 Côte-Vertu Boulevard, Suite 210Saint-Laurent, Québec
Technical Support Phone:+1 (647) 694 09 22
Mexico
Technical Support Phone:+52 (554) 741 14 93
The Netherlands
Evert van de Beekstraat 310,1118 CX, Schiphol Centrum,Phone: +31 (0) 20 654 18 05Fax: +31 (0) 20 654 1801
Technical Support Phone:+31 (858) 88 06 55
Sweden
Frösundaviks Allé 15SE-169 70, Solna,Phone: +46 (0) 8655-2624
Technical Support Phone:+46 (10) 199 25 77
Main officeAustralia
Office Building Address: Level 4, 22 Darley Rd,MANLY NSW 2095Postal Address: PO Box 131MANLY NSW 1655Phones: +61 2 9191 7840,+64 9 925 0456Fax: +61 2 8088 6899
Technical Support Phone:+61 (2) 6108 4305
India
#1356, 13th Flr, Platinum Tech Park ,(Near Vashi Railway Station,Sector 30)Vashi, Navi Mumbai, 400705Phone: +97 14 433 2150
Technical Support Phone:000 800 100 87 69
Singapore
152 Beach Rd #04-08 Gateway EastSingapore, 189721Phone: + 65 6653 1543
Technical Support Phone:+65 3158 22 39
Asia Pacific Region
Chile +56 (22) 570 86 84Colombia +57 (1) 381 90 78
Hong Kong +852 5808 28 70New Zealand +64 (9) 974 95 94
Belgium +32 (78) 48 02 54Denmark +45 (78) 77 54 76Norway +47 (85) 40 43 85
Technical Support Phones for other countries
Saudi Arabia 800 814 66 59UAE Toll-free 800 035 703954