Is there any New Year’s tradition more simultaneously beloved and hated than resolutions?
Many of us love to set resolutions, yet hate the remorse we see staring back at us in the mirror on January 17 when we’ve already failed. (That’s not an arbitrary date, either. Believe or not, January 17 was “Quitter’s Day” this year, according to the Independent). We love to think about the future and its possibilities, yet we usually hate the reasons we need to set resolutions in the first place. (I’m looking at you, unused gym memberships everywhere.) We love the idea of a fresh start, yet we hate the fact that resolutions can be an excuse to procrastinate. (“Oh, it’s February 1, 2022? Well, 2023 is going to be my year!”)
Despite this love-hate relationship, the tradition lives on. In fact, I recently took note of several CEOs from major companies who publicly shared their New Year’s resolutions for 2022. A quick (and admittedly unscientific) poll revealed that the most common resolutions seem to be:
• Reconnect face-to-face with employees and customers as soon as Covid-19 allows.
• Improve workplace culture.
• Focus. Focus. Focus.
These are all good and noble causes, but I was frustrated I did not observe many mentions about protecting what I view as businesses’ second-most-valuable asset, which falls only behind their people: the data organizations rely on for seemingly everything.
Sure, one could argue CEOs have delegated that responsibility to CIOs and CSOs, but that’s my point: Unless data protection becomes a priority for the entire C-suite, especially the CEO, threats to data integrity will continue to put companies, their data and the consumers whose personally identifiable information is typically compromised at significant risk.
Maybe another reason some CEOs have not put an emphasis on data protection in 2022 — despite 2021 showing us its importance — is because they don’t know where to start. I’d like to help with that. Here are my top three data resiliency resolutions:
1. Move beyond a paper policy and put procedures and testing in place that will ensure business continuity after an attack.
Ransomware shows no signs of slowing in 2022. Just days into the new year, ransomware forced Finalsite, a marketing and communications platform for the education sector, to temporarily shut down 5,000 school websites.
Everyone is a target, and the threat can strike at any time. From my perspective, there is no case where paying a ransom is a better option than tried and tested backup and recovery capabilities. These allow organizations to quickly spin up alternative IT environments, with clean versions of data, so the business can return to normal as quickly as possible. To get started:
• Centralize your data backup.
• Strengthen the resiliency of your centralized data backup.
• Develop an actionable recovery plan for when a crisis strikes.
• Test and test again.
2. Get a handle on where your data is and how it’s being protected.
A survey by McKinsey found that many companies’ digitization plans were accelerated by three to four years due to the pandemic. A recent survey by my company had similar findings. In our survey of 2,050 senior IT leaders, we learned that since pandemic-induced data digital transformation initiatives began, 80% of respondents said their organizations had either implemented or expanded their cloud infrastructure beyond what they originally planned. We also found that fewer than 60% of senior business leaders know how many cloud services their organizations are even using.
You can’t protect data if you don’t know where it is, and don’t fall into the common trap of thinking your data is inherently safe in the cloud. Your cloud service providers are not cloud data protection providers and likely made that point abundantly clear in their terms and conditions. Getting a handle on what data is stored where will also help control costs and reduce digital compliance risks.
3. Make data protection an integral part of your change management.
There’s a simple but often overlooked truth in data center modernization: Production and protection need to evolve in parallel. However, that doesn’t always happen. Such was the case with the global pandemic.
Businesses were right to prioritize the immediate challenge of empowering the shift to remote work, but it’s been more than two years since the first reported cases of Covid-19 and more than 18 months since most of the world went into lockdown. At this point, video conferencing, instant messaging and other technologies to enable company-wide remote work are mainstream. It’s time to restore the balance by making sure data protection is extended to cover these technologies and that it’s once again a key focus of the change management process, not an afterthought.
In closing, if you’ve already given up on some of your New Year’s resolutions, don’t be too hard on yourself. After all, you needed the space to implement these data protection resolutions. Just make sure you stick to them.