1. Solution Value
Effective security practice extends beyond recovery and recognizes that the most sophisticated attacks are not against infrastructure but data. In fact, data is an irreplaceable asset of the business because it carries vital information for the enterprise, including intellectual property and personal information. Solutions focused on the most urgent threat—ransomware—are often vendor-centric and siloed, resulting in limited visibility, inconsistent security posture and recovery procedures, limited data and cost optimization, and compliance issues.
Index Engines proposes a non-siloed and data-centric approach that prioritizes data resilience, opening up multiple opportunities. Sophisticated machine learning-based ransomware detection and prevention is at the core of the solution. Once data is indexed and analyzed, the same back-end engine can be used for search, classification, optimization, reporting, and more. This means data management and resilience is no longer tied to the single storage system but works horizontally across the organization’s entire infrastructure to enhance the value of data stored on different systems.
2. Urgency and Risk
The proliferation of hybrid cloud deployment is pushing organizations to siloed data infrastructures that are difficult to manage and control. This creates issues around security and compliance due to increased attack surface, management of disparate system features, lack of visibility, and inconsistent reporting. From a business perspective, organizations struggle with cost optimization, migrations, data minimization, and archiving, as well as data reutilization, search, and e-discovery.
Enterprises need to fully understand their entire data domains or risk becoming less competitive and secure against attack. Data organized in vendor cloud silos results in an inconsistent recovery process, a huge danger with ransomware attacks. Lack of visibility also hampers tracking and reporting of anomalies and bad behaviors across the entire data domain, further escalating risk.
Risk
The risk involved in deploying a data resilience and management solution comes down to cost, commitment, and complexity. While these solutions help resolve dangerous gaps in data awareness and structure, simpler solutions are easier to adopt and bring results faster for a quick return on investment (ROI). The user that wants to deploy a solution like Index Engine CyberSense should do it with a bigger goal in mind that goes beyond simple and siloed ransomware protection, involving more resources and long-term goals. Embarking on a bigger project adds additional risk of fainting or obtaining a poor ROI.
3. Benefits
The most immediate benefit is a unified and consistent approach to ransomware prevention and protection across the infrastructure and data domain. This improves and accelerates response and recovery processes, compliance, and overall security posture.
Index Engines CyberSense, focused on data resilience and integrated with the entire storage infrastructure, can yield better business outcomes than traditional siloed solutions. In large enterprises, this kind of approach can reduce the cost and effort required to protect large infrastructures. It also provides visibility to regulators and business partners, instilling confidence in the organization’s most important asset—its data.
4. Best Practices
To achieve the best result, data resilience and a broad data management strategy should be embraced by the entire organization, including operations, security, and management teams. IndexEngines CyberSense offers a key advantage over other ransomware solutions by analyzing multiple point-in-time views of changing data across more than 200 metrics. By matching these changes against thousands of ransomware attack patterns, CyberSense provides a deeper data analysis than is possible by traditional methods.
Point solutions, like ransomware protection for a single system, are easy to adopt but don’t bring value over time. On the other hand, an end-to-end solution is much more effective but should be deployed step-by-step to ensure its success:
- A solution like Index Engines CyberSense should be adopted for critical systems first and then expanded to the rest of the infrastructure.
- Once the first use case has been addressed, the user can expand the solution’s reach with additional use cases.
- It is mandatory to integrate the storage infrastructure and any applications that can take advantage of the data management platform. This will improve both ROI and TCO.
- The data management platform should be seen as a layer that sits on top of a storage infrastructure and provides services to different teams and applications.
5. Organizational Impact
Introducing a proper data-resiliency solution to an organization requires a change of mindset and knowledge distribution across several teams. The most basic features may be relevant to just the IT and security teams initially, but as soon as data is indexed and classified, there are many more potential use cases, and other teams should be involved.
Business and management teams can take advantage of the insightful reporting and respond more quickly to regulatory, legal, or other business needs. All this requires upskilling on new system capabilities and process changes that can take advantage of new features.
The increased efficiency introduced by Index Engines CyberSense allows IT teams to rethink data security policies and create more consistent security plans. The collaboration between storage and security teams is critical at this point. In fact, starting from data access patterns and anomaly detection, the data management platform can raise alarms to trigger the intervention on ransomware and other types of attacks, such as data exfiltration.
Index Engines’ partners play a crucial role in extending the reach of this solution and removing potential silos that can limit the potential and business outcomes.
People Impact
Data resiliency impacts the entire organization because of the value of data saved in the storage infrastructure. Increasing regulatory controls around the handling of and access to data has only sharpened the focus on cybersecurity threats.
The IT department is initially the most impacted in terms of implementation and training, including time spent integrating different storage platforms. Over time, other sides of the business become involved in observability, protection strategy, policies, and reporting. Storage and security teams will join efforts for the initial deployment, and collaboration with operations is mandatory for success.
Depending on the use and business case management pursues, additional teams will be impacted over time.
Investment Outlook
The initial investment into a data resilience and management solution will depend on the size of the infrastructure to protect. Index Engine CyberSense is licensed on a per-terabyte basis and is usually proposed as an end-to-end solution by storage vendors. However, the ROI is higher when users take advantage of this platform on many storage systems. The solution is currently available primarily through partners that integrate directly into their system.
It is important to note that the ROI can be exceptionally high if the user goes beyond the protection of a single system or vendor. At that point, the increased efficiency driven by the analytics engine enables the user to improve detection while simplifying and consolidating the recovery process. Additionally, thanks to the integrated reporting capabilities, the user can give full visibility of the status of the storage infrastructure and respond better to compliance requirements. In the long term, the ROI can be further improved by adopting additional features available from Index Engines around data management.
6. Solution Timeline
Building a proper ransomware data protection plan can take months, and users always struggle to find the right balance between different vendor approaches and solutions. This usually ends up in a patchwork of solutions that are not fully integrated, increasing time and effort to master them and become effective against attacks.
Index Engines is usually proposed by partners and in conjunction with a data storage or a backup system. The solution has already been adopted by hundreds of large organizations and can be configured for any sized environment. Once installed, it can be easily managed through a web UI that provides a comprehensive set of dashboards and reports. CyberSense can be installed and configured in a matter of days and produce results immediately after.
Plan, Test, Deploy
Plan: Index Engines and its partner perform a complete analysis of the environment to protect and select the first applications and data sets. Index Engines CyberSense is usually installed in a dedicated environment and works on copies of production data.
Test: After initial installation and configuration, the system indexes data and identifies potential issues. This activity is performed on a subset of the data or a specific application. This phase usually includes training activities and further planning to make infrastructure and security teams accustomed to the solution.
Deploy: The actual deployment in production is a simple extension of work already done in the previous phases. Index Engines CyberSense works on copies of data, and the customer can have the environment air-gapped to increase security further.
Future Considerations
Security and resiliency are critical aspects of any data management strategy. Most Index Engines customers start deploying the solution for ransomware protection on a single environment. But it has the potential to become a comprehensive data management platform covering several enterprise needs. In fact, Index Engines has added several features and integrations to its product to address an increasing number of use cases.
7. Analyst’s Take
A data resiliency platform is the key to addressing security challenges, especially now. With data heavily distributed between on-premises and cloud, an attack surface that constantly grows and changes due to the nature of applications, devices, and networks, users must concentrate on protecting data and not the perimeter or access to a single system. In this regard, Index Engines CyberSense is a data management platform with a strong focus on data security and resilience that can address cyber threats like ransomware efficiently and consistently across the entire data domain of an organization.
Index Engines CyberSense takes ransomware protection to the next level. Integration with the infrastructure is crucial to achieving global visibility and exploiting its full potential. This is especially true when we look at the solution’s long-term potential, with an increasing number of features aimed at cost optimization, compliance, data governance, and more.
8. Report Methodology
This GigaOm CxO Decision Brief analyzes a specific technology and related solution to provide executive decision-makers with the information they need to drive successful IT strategies that align with the business. The report is focused on large impact zones that are often overlooked in technical research, yielding enhanced insight and mitigating risk. We work closely with vendors to identify the value and benefits of specific solutions, and to lay out best practices that enable organizations to drive a successful decision process.
9. About GigaOm
GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.
GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.
GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.
10. Copyright
© Knowingly, Inc. 2023 "CxO Decision Brief: Data Resilience and Management" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact sales@gigaom.com.