Building your IT fortress

A data-driven enterprise stops threats

Data is the lifeblood of the digital enterprise. When it flows freely, great things happen—customer satisfaction rises and costly errors decline. But when data is vulnerable, the consequences can be severe. A breach or systems failure means lost revenue, potential liability and reputation damage—78% of customers would not automatically return to a business after a data breach, according to research by Solitaire Interglobal Ltd1.

Smart CIOs and CISOs know this. That’s why they’ve got a new objective: bulletproof resiliency. After all, preventing disasters is a lot cheaper than mopping up after the fact.

Mapping out a strategy

In the wired economy, the stakes couldn’t be higher. Threats come from all corners. Take banking, for example. Many ATMs still run on outdated, unsecure operating systems. Earlier in 2018, one national regulator was so concerned that it ordered banks to upgrade their ATMs by 2019.

Imagine the problem this creates for the CIO of a major bank. She’s upgraded her ATMs, but many partners have not. Does she block service to those endpoints, knowing cardholders will be inconvenienced and her bank could lose millions in ATM fees?

The answer depends on whether her data-driven architecture is fully resilient. But what does resilience really mean—and how does IT get there?

Resilience is not an option—it’s a necessity

Resilience starts with IT leaders rethinking security and continuity. “I actually hate the term ‘disaster recovery,’” says Stephanie Balaouras, VP and research director, Security & Risk, at Forrester. “Even just that word, ‘recovery’—it implies that you actually suffer some downtime and then you’re scrambling to recover.”

Continuity must go beyond traditional recovery, given the damage and losses that can occur if data is unavailable—think electronic trading, patient files or banking records. The Ponemon Institute, which conducts independent research on data protection and information security policy, found that a single breach costs organizations $3.6 million USD on average. Independent business continuity consultant Paul Kirvan says, “Any organization that is not willing to protect its data and information systems is putting the firm’s future at risk.”

What’s needed is a data-driven architecture in which resilience is inherent to the technologies it’s built upon. This ensures operations can continue through cyberattacks, internal and external data breaches, human error and other disruptions.

Our banking CIO has built such an environment. To reduce risk, she created a distributed storage network on which data is backed up in multiple locations. That means there is no single point of vulnerability. Sensitive data lives in hardened data centers, and data on those machines is automatically backed up into both secure private and hybrid clouds.

Administrative data management tasks, such as backing up data, are not new practices. The challenge is managing data when the volume of enterprise data is exploding, the types and formats of data are varied, and the data resides around the world in both on-premises and cloud environments. One solution is software-defined storage (SDS), enabled by products such as IBM Spectrum Storage™ software, which simplifies data management across an enterprise.

Any organization that is not willing to protect its data and information systems is putting the firm’s future at risk.”
Paul KirvanIndependent Business Continuity Consultant

To heighten security further, our CIO has controlled internal access to all this information by mapping data to specific business roles. Backing up data allows operations to continue uninterrupted in the event of a breach. But it’s also critical that any information that does get into the wrong hands is not usable. Our CIO has that covered too—she’s encrypted all of the bank’s data assets.

Encrypting all data is the ideal. But it’s not easy. Encrypting and decrypting the massive volumes of data that pass through a bank’s networks could significantly slow operations and increase costs. Again, new technology holds an answer. Pervasive encryption leverages mainframe-class horsepower, like that found in the IBM Z and IBM LinuxONE™, to quickly and cost-effectively extend encryption from disks to files and through to databases and applications. IBM Spectrum Storage software also can apply this level of encryption to any storage device that doesn't natively encrypt it—including those from other vendors.

“Business continuity and IT resilience should be seen as an investment,” says Swenja Surminksi, a senior research fellow at the London School of Economics. “It makes your business much stronger, creates new opportunities and not only protects you from losses but also makes you more competitive.”

A new role for CIOs

84%

are more focused on innovation and transformation than traditional IT

76%

work on the executive leadership team

56%

report directly to the CEO

79%

say that digital business is making their IT functions more “change-ready”

How CIOs want to spend their time

56%

on revenue growth and business strategy

44%

on traditional IT functions

A new role for CIOs
840% are more focused on innovation & transformation than traditional IT
560% report directly to the CEO
A new role for CIOs
760% work on the executive leadership team
790% say that digital business is making their IT functions more “change-ready”
How CIOs want to spend their time
560% on revenue growth and business strategy
440% on traditional IT functions
Source: Gartner, The Gartner 2018 CIO Agenda Survey

Ahead of the pack

With all these defenses in place, our CIO’s resiliency plan reduces the chance there will be a problem. And if one does occur, her company is covered.

This gives the bank an advantage over its competitors. Sure, the rivals have encrypted obvious data like account details and PINs, but softer data that could be used for identity theft remains vulnerable. So the competitors are forced to suspend service to thousands of ATMs.

With this window of opportunity, the bank’s marketing department pulls real-time data about prospects to spin up a new, highly targeted email campaign aimed at rivals’ frustrated customers. Sales uses Software as a Service (SaaS) platforms to instantly follow up on the most promising leads.

And our CIO? She calls it a day and arrives home in time for dinner with her family.