Protect and secure your data from cyber attacks
Data Protection
Data Security
Data Insights
The 5 Steps to Cyber Resilience
Cloud & SaaS
Enterprise
Industries
Top things to keep in mind when evaluating cyber resilience and data resilience solutions for your enterprise.
The need to modernize how you secure and manage your data estate has never been more urgent.
Consider the recent news headlines about breaches at big brands. According to a recent SEC filing, MGM Resorts lost $100M due to a ransomware attack. In other recent news, Clorox warned its sales were expected to decrease 23-28% from the year-ago quarter, due to “impacts of the recent cybersecurity attack.”
Central to this modernization effort: the adoption of a modern data platform. There’s no shortage of vendors vying for your attention. The buying process can be confusing even for the savviest IT leaders.
So what’s the best way to evaluate a short list of vendors?
Trustworthy analyst firms like Gartner and IDC can dramatically simplify the selection process. Two new reports from these organizations can accelerate your decision making. We examined those reports and came up with a list of ten things you should know about how to evaluate this class of solutions.
Our recent The State of Data Security and Management Report indicates that 71% of organizations would take over four days to get back online in the event of an attack or outage.
The cost of unplanned downtime is staggering. Just look again at those eye-popping numbers from MGM and Clorox. That’s why cyber resilience is a board-level concern. Business leaders now accept that cyberattacks are inevitable. It’s not a matter of if, it’s a matter of when.
You know you need to upgrade to a modern platform for your secondary data. So where’s the best place to start?
Data is the lifeblood of your business, and any disruption or loss can lead to severe consequences. Data resilience ensures the ability to recover quickly and efficiently from system failures, cyberattacks, or natural disasters, minimizing downtime and safeguarding business continuity.
Many folks refer to this function as “data backup and recovery.” That’s quite literally the workflow. Your first priority should be to build confidence in your organization’s ability to back up and recover data—on-demand, at scale, across all your apps and clouds. Bringing your systems online as quickly as possible is critical in the first phase of your journey. That’s how I like to define “data resilience.”
Your peers use the Gartner Magic Quadrant for Backup and Recovery to inform their process. (Great decision! Get it here.)
Another highly-valuable Gartner report Critical Capabilities for Enterprise Backup and Recovery Software Solutions 2023 offers a fantastic technical deep-dive into essential product attributes of several vendors, including Cohesity. (If you’re a Gartner client, you may have access to this report already.)
The research is full of insights into the capabilities of each vendor, with as much detail as the most thorough buyer could ever want.
We agree with Gartner’s methodology, and often advise organizations to start their evaluation process with six broad categories of product functions:
Cohesity earns a strong write-up from Gartner in the report. In particular, the firm notes our “excellent” performance for several use cases including: on-premises, hybrid/multicloud, disaster recovery, data services, and ransomware detection, protection, and recovery.
Consider two points.
First, digital products don’t live alone. That’s especially true in security. You have many incumbent InfoSec tools that protect your IT systems today, and it’s important to keep those investments in place if they are working well.
Second, your chosen data management platform will be central to your security posture. (After all, the solution will be protecting backups of your most essential data.)
Your existing security tooling and your modern data platform should work together, hand in glove, to reduce risk.
For this reason, you want to examine the ecosystem of each vendor. API documentation is nice, but it’s simply table stakes. Does the vendor work with the other companies you’ve trusted for years? Do they have their pulse on proven startups that are innovating in cloud security? The answer should be a full-throated “yes.”
Analyst research doesn’t always explicitly call out the extensibility and ecosystem factor. But it’s something you should ask of each vendor on your shortlist. Otherwise, you’re left with a SOC that isn’t as strong as it could be.
As smart analyst firms are likely to point out, a large collection of partners doesn’t always equate to more enterprise value. For our part at Cohesity, our ecosystem is highly selective. We partner with top brands with a proven value proposition that fits into core data security and management workflows. It’s about the quality of ecosystem partners, not quantity!
Here’s my favorite definition of cyber resilience: the ability to prepare for, respond to, and recover from cyberattacks—essentially, to withstand them.
An important point of distinction with a cyber incident: you don’t know the root cause. That means you have to understand how the incident occurred before you can invoke any kind of recovery. Clean rooming and other best practices must be part of your platform evaluation criteria here.
A new IDC report comes into play at the cyber resilience layer.
IDC evaluated a number of vendors according to their capabilities across the NIST Cybersecurity Framework. Given that many top enterprises also use this framework to assess their security posture, this report should factor into your evaluation process as well.
IDC examines each vendor according to their capabilities across the five pillars espoused by NIST: Identify, Protect, Detect, Respond, and Recover. (It’s worth noting that purchasing technology on its own doesn’t reduce your risk; you must properly implement the technology and thoughtfully modernize your people, processes, and tools as well.)
NIST recently revised this framework; we shared our take on this development recently.
Our product team uses the NIST framework as an input to inform our roadmap and investments. We were delighted to see IDC recognize this, and name Cohesity a Leader in the Worldwide Cyber-Recovery MarketScape 2023. In particular, it was gratifying to see the firm highlight our expansive feature set across cyber security as well as backup and recovery.
Specifically the report notes these five strengths for Cohesity:
When you select a modern data platform, you should consider how that platform could also accelerate your enterprise AI roadmap. The platform will house petabytes of data about your organization. If that data can be searched and accessed responsibly with generative AI capabilities, it can open up a new world of potential business improvements.
So ask the vendors on your shortlist about their plans and progress in this area. Ask to see demos, code samples, and roadmap plans. Ask the tough questions to ensure you’re working with a partner that is innovating in this area!
All of the insights in the new reports mentioned above are absolutely worth your time and can help you make an informed decision on what technology to use.
We also recommend you ask one more question: “How many of the largest enterprises use your solution?”
Many of your peers were in the same situation you are today. Who did they select for their modern data platform? Chances are, they’ll answer Cohesity.
Want to learn more about the journey to data and cyber resilience? Download this new white paper and advance your maturity in months, not years.
Written By
Amith-Nair
Amith Nair
