Rethinking compliance

VeeamUPAvailability for the Modern Data Center: Business & IT Perspectives

Volume # 03

Rethinking Compliance:Beyond Security to Business Continuity

Enjoy reading,Your VeeamUP editorial team

Compliance in the new threat landscape

§01

VeeamUP. Availability for the Modern Data Center: Business & IT Perspectives. Volume 03 Veeam Software

Page

3

In a business world increasingly driven by mobile and social technologies, IT departments face significant challenges to keep corporate data safe. Against this background of rapidly evolving technology, they also have to ensure compliance with a whole range of regulations (from Sarbanes-Oxley to HIPAA or PCIDSS) designed to keep data protected and retrievable.

But compliance can’t simply be seen a box-ticking exercise; it’s a vital element of any large IT organization’s activities. The potential financial damage of data loss is huge, from hefty fines to serious impact on revenue. But the damage to the reputation of your brand and your senior management team can be even bigger – and even harder to repair. Against this background, the availability of the systems and data that keep your business running is absolutely critical – downtime and data loss are unacceptable.

Demonstrating to regulatory bodies that you can limit the risk of suffering from traditional criminal attacks such as SQL injections and Distributed Denial of Service (DDoS) attacks is just the start. Advanced threats are growing in volume, sophistication and persistence every day. Staying ahead of these threats – whether from bored kids, foreign state-backed hacking teams, or highly motivated and well-organized criminal gangs – is a monumental challenge. Alongside these external threats, the ever-present danger of employee negligence or malfeasance adds further compliance risk.

In this constantly evolving threat landscape, even the best-protected organizations will eventually suffer a failure. The question is: How do you accelerate and streamline effective responses to criminal activity and ensure the availability of business-critical systems when the inevitable happens?

Moving beyond security

Traditionally, compliance activities have focused on how to:

• Protect: with perimeter defenses, anti-virus and anti-malware software• Detect: by monitoring access and data movement to identify attacks as they happen• Respond: by containing the damage, combating the threat and conducting forensic

investigations• Sustain: through risk assessments, policy reviews and periodic vulnerability checks

But a strategic approach to compliance needs to look beyond this protect-prevent-respond model. In a world where data breaches are inevitable, security will only get you so far. Compliance activities also need to encompass a rigorous approach to business continuity, so that when the worst does happen, you know the systems that keep your business operational will carry on running.

In this edition of VeeamUP we’ll look at why it’s essential to rethink how you approach compliance, and we’ll offer some practical advice on how you can take compliance beyond security in your own organization.

Compliance in the new threat landscape

Turning compliance into competitive advantage

§02


Page

5

For many global enterprises, complying with legislative mandates is simply the first step. Taking the next step by adopting ISO standards helps demonstrate a proactive approach to risk mitigation through adherence to strict business continuity criteria. Accreditation for rigorous ISO standards can offer a real competitive differentiator, providing the increased credibility to help organizations enter new markets and increase their share of existing markets by attracting new and larger customers.

Compliance with key ISO standards for data protection includes the implementation of proactive business continuity management systems that can ensure key business processes are resumed quickly in the event of a failure or disaster. By adopting these standards, enterprises can prove to customers that robust systems are in place to keep the business running, no matter what happens.

Audit-proof compliance

But to achieve accreditation and sustain it, organizations must be able to demonstrate adherence with the expected standards in ISO audits. For ISO standards looking at Business Continuity Management Systems, the ability to demonstrate the availability of business-critical systems in the event of a failure is vital. Performing backups and putting disaster recovery (DR) plans in place is essential, but if they’re not regularly tested, it can be difficult to prove they’ll be recoverable if the worst does happen.

Compliance with the Sarbanes-Oxley Act is also essential, designed to protect investors in the wake of high-profile accounting scandals is mandatory for publicly-listed companies in the US. In recent years, however, it has become the de facto global standard, representing a robust approach to ensuring electronic records and audit trails are retained and auditable for long periods of time and recoverable after a disaster.

To make your systems audit-proof, whether for ISO or Sarbanes-Oxley accreditation, continually testing DR systems and recoverability is essential. It’s also vital to document the tested recovery times for key business systems and processes.

Your backup and recovery systems should provide a full audit trail and detailed test logs that can be kept for as long as needed. They should also give you the ability to test backup copies, recoverability and restore times in a sandbox environment, so you can run tests at any time with no impact on your production environment.

Turning compliance into competitive advantage

Rethinking compliance

§03


Page

7

Enterprises tend to simply partner with data protection vendors on their compliance programs. But compliance needs to be integrated with business continuity plans, which means organizations must look beyond traditional security vendors to find additional technology partners that can help ensure the data center and the business services it support are always on.

Of course, the always-on data center is itself a key risk factor for compliance. As networks become stretched through mobility and BYOD initiatives and pressure from the business increases to deliver services 24/7, keeping data, applications and users protected becomes even more challenging.

Against a background of rapidly changing advanced threats, it’s not a question of whether a breach will occur, but rather when a breach will occur. And as new technologies and threats continue to emerge, your defense posture and approach to compliance must be able to adapt quickly to keep up with the pace of change.

Know, don’t hope

In a constantly shifting threat landscape, the classic defense model of prevention and protection is inadequate. What’s needed is a clear plan that’s continually tested and updated to ensure you’re always following the latest best practices and your business continuity management is completely audit-proof.

Achieving compliance and gaining the ISO and Sarbanes-Oxley accreditations that differentiate your business doesn’t simply require robust backup technology and processes. It requires the ability to continually test the recoverability of your backups, so you’re able to demonstrate with confidence that you can meet recovery time objectives for critical applications.

With ongoing backup and recoverability testing you don’t need to hope your business-critical services will keep running when a failure occurs – you’ll know they will.

Make accountability part of the plan

It’s all too easy for compliance accountability to fall across multiple business functions, but a single point of overall accountability is essential for success. Once you’ve decided to achieve ISO or Sarbanes-Oxley accreditation, it’s essential to designate a compliance officer and compliance team to support your businesses continuity objectives. Reporting to the CISO, the compliance team must have an unambiguous mandate to constantly review compliance and ensure a rigorous adherence to the accreditation framework.

Reporting to the CISO, the compliance team must have an unambiguous mandate to constantly review compliance and ensure a rigorous adherence to the accreditation framework.

Rethinking compliance

Solving the compliance puzzle

§04


Page

9

Security is only one piece of the compliance puzzle. To ensure full, readily auditable compliance, organizations need additional support beyond that provided by vendors of protection and prevention solutions. It’s vital to find a technology partner that can support your organization when security solutions fail to protect business-critical applications and data – and ensure ongoing availability for those services. Your business continuity technology partner shouldn’t just provide backup and DR capabilities – it should deliver thorough and continual testing of the recoverability of backups.

Veeam delivers business availability through advanced backup and replication and DR technologies, offering high-speed recovery and verified protection to help organizations take compliance beyond security – and enable the Always-On Business™. By helping enable accreditations and meet audit requirements, as well as proactively identifying ways to improve backup and DR processes, Veeam’s technology expertise can help you increase brand credibility, align compliance activities with core business objectives, and keep key business services up and running when disaster strikes.

Visit www.veeam.com to learn more.

Solving the compliance puzzle

Main officeFrance

13/15 rue Jean Jaurès,92800 Puteaux, FrancePhone: +33 1 75 61 27 40

Technical Support Phone:+33 (1) 70 61 83 74

Poland

Ul. Domaniewska 39A, Wejście A,02-672 WarszawaPhone: +48 22 208 27 25Fax: + 48 22 208 27 60

South Africa

Ground Floor Twickenham Building, The Campus57 Sloane Street Cnr MainBryanston 2021,Phone: +27 (0) 11 575 0208

Technical Support Phone:+27 (10) 500 79 63

Germany

Konrad-Zuse-Platz 881829 MünchenPhone: +49 89 207 042 800Fax: +49 89 207 042 810


Israel

P.O 2148Hamanofim St.Ackerstein Towers (A)Herzelia Pituach

United Kingdom

The Annexe, Hurst Grove,Sandford Lane, WinnershBerkshire RG10 0SQ,Phone: +44 (0) 118 934 2982


Italy

Piazzale Biancamano 8Milan, 20121Phone: +39 02 620 33 004Fax: +39 02 62 03 4000


Spain

Calle de la Ribera del Loira, 46Madrid, 28042Phone: +34 91 503 06 95


Switzerland

Linden Park, Lindenstr. 16,CH-6340 BaarPhone: +41 41 766 71 31

Main officeUSA - Atlanta

2520 Northwinds ParkwaySuite 600Alpharetta, GA 30009Phone: +1 678 353 2140

Technical Support Phones:US Toll-Free +1 (800) 774 51 24US Toll-Free +1 (800) 913 19 40United States +1 (614) 339 82 52

EMEA region

If you’d like to learn more visit us at www.veeam.com or call one of our offices

Global Headquarters

Americas regionUSA - Columbus

8800 Lyra Drive, Suite 350Columbus, Ohio 43240Phone: +1 678 353 2140Fax: +1 614 675 9494

Argentina


USA - Phoenix

303 West Elliot Road, Suite 101Tempe, AZ 85284

Brazil


Canada

3773 Côte-Vertu Boulevard, Suite 210Saint-Laurent, Québec


Mexico


The Netherlands

Evert van de Beekstraat 310,1118 CX, Schiphol Centrum,Phone: +31 (0) 20 654 18 05Fax: +31 (0) 20 654 1801


Sweden

Frösundaviks Allé 15SE-169 70, Solna,Phone: +46 (0) 8655-2624


Main officeAustralia

Office Building Address: Level 4, 22 Darley Rd,MANLY NSW 2095Postal Address: PO Box 131MANLY NSW 1655Phones: +61 2 9191 7840,+64 9 925 0456Fax: +61 2 8088 6899

Technical Support Phone:+61 (2) 6108 4305

India

#1356, 13th Flr, Platinum Tech Park ,(Near Vashi Railway Station,Sector 30)Vashi, Navi Mumbai, 400705Phone: +97 14 433 2150

Technical Support Phone:000 800 100 87 69

Singapore

152 Beach Rd #04-08 Gateway EastSingapore, 189721Phone: + 65 6653 1543

Technical Support Phone:+65 3158 22 39

Asia Pacific Region

Chile +56 (22) 570 86 84Colombia +57 (1) 381 90 78

Hong Kong +852 5808 28 70New Zealand +64 (9) 974 95 94

Belgium +32 (78) 48 02 54Denmark +45 (78) 77 54 76Norway +47 (85) 40 43 85

Technical Support Phones for other countries

Saudi Arabia 800 814 66 59UAE Toll-free 800 035 703954

Date post:	10-Feb-2017
Category:	Economy & Finance
Upload:	sylvia-j-van-woerkom
View:	110 times
Download:	0 times

Rethinking compliance

Economy & Finance