Here, I did your cyber resilience and data resilience homework for you
Top things to keep in mind when evaluating cyber resilience and data resilience solutions for your enterprise.
The need to modernize how you secure and manage your data estate has never been more urgent.
Consider the recent news headlines about breaches at big brands. According to a recent SEC filing, MGM Resorts lost $100M due to a ransomware attack. In other recent news, Clorox warned its sales were expected to decrease 23-28% from the year-ago quarter, due to “impacts of the recent cybersecurity attack.”
Central to this modernization effort: the adoption of a modern data platform. There’s no shortage of vendors vying for your attention. The buying process can be confusing even for the savviest IT leaders.
So what’s the best way to evaluate a short list of vendors?
Trustworthy analyst firms like Gartner and IDC can dramatically simplify the selection process. Two new reports from these organizations can accelerate your decision making. We examined those reports and came up with a list of ten things you should know about how to evaluate this class of solutions.
1. The data security and management problem is getting worse.
The cost of unplanned downtime is staggering. Just look again at those eye-popping numbers from MGM and Clorox. That’s why cyber resilience is a board-level concern. Business leaders now accept that cyberattacks are inevitable. It’s not a matter of if, it’s a matter of when.
You know you need to upgrade to a modern platform for your secondary data. So where’s the best place to start?
2. Start with data resilience.
Data is the lifeblood of your business, and any disruption or loss can lead to severe consequences. Data resilience ensures the ability to recover quickly and efficiently from system failures, cyberattacks, or natural disasters, minimizing downtime and safeguarding business continuity.
Many folks refer to this function as “data backup and recovery.” That’s quite literally the workflow. Your first priority should be to build confidence in your organization’s ability to back up and recover data—on-demand, at scale, across all your apps and clouds. Bringing your systems online as quickly as possible is critical in the first phase of your journey. That’s how I like to define “data resilience.”
3. Know the most important factors in a strong data resilience solution.
Your peers use the Gartner Magic Quadrant for Backup and Recovery to inform their process. (Great decision! Get it here.)
The research is full of insights into the capabilities of each vendor, with as much detail as the most thorough buyer could ever want.
We agree with Gartner’s methodology, and often advise organizations to start their evaluation process with six broad categories of product functions:
On-premises: If you’re a Global 2000 company, much of your data estate is on-premises. That’s why strong support for VMware workloads is a “must-have” for many buyers. Another set of apps included in this category: systems of record. These applications are the crown jewel of the data estate, the data you must protect at all costs. Customer data, sales records, financial details, and much more are hosted in these systems. Coverage for CRM, ERP, and even HR systems to protect employee data is crucial.
SaaS: You depend on SaaS apps for day-to-day employee productivity. And while you may think you have an SLA to protect against data loss, in many cases you don’t. That’s why SaaS coverage matters for this type of product.
Hybrid/Multicloud: You’re likely a decade (or more) into your cloud journey, and orchestrating data security and management across all your providers can be a significant challenge. Solid coverage of your top cloud providers matters.
Data services: This covers data management functions, like lifecycle management, tiering, and classification. Worth highlighting here is searching and indexing. These features are important for productivity today, but will become even more important as AI becomes more central to this category of product.
Disaster recovery: This is one of the fascinating evolutions of the backup and recovery market. This product category has evolved to dominate the disaster recovery market. After all, if you’re looking to restore your data at scale from a cyberattack, you can certainly use the same mechanism for DR if you lose a data center.
Ransomware detection, protection, and recovery: The first five categories are for data resilience. The sixth moves into cyber resilience. Ransomware is called out specifically, since you don’t want to immediately restore data from backup copies in the event of a cyberattack. (You could just be re-infecting your systems.) There are additional steps you need to take here to respond to an attack effectively. A careful evaluation in this area is crucial.
4. Learn how Cohesity can help you improve your data resilience in key areas.
Cohesity earns a strong write-up from Gartner in the report. In particular, the firm notes our “excellent” performance for several use cases including: on-premises, hybrid/multicloud, disaster recovery, data services, and ransomware detection, protection, and recovery.
5. Evaluate the extensibility and ecosystem of each vendor.
Consider two points.
First, digital products don’t live alone. That’s especially true in security. You have many incumbent InfoSec tools that protect your IT systems today, and it’s important to keep those investments in place if they are working well.
Second, your chosen data management platform will be central to your security posture. (After all, the solution will be protecting backups of your most essential data.)
Your existing security tooling and your modern data platform should work together, hand in glove, to reduce risk.
For this reason, you want to examine the ecosystem of each vendor. API documentation is nice, but it’s simply table stakes. Does the vendor work with the other companies you’ve trusted for years? Do they have their pulse on proven startups that are innovating in cloud security? The answer should be a full-throated “yes.”
Analyst research doesn’t always explicitly call out the extensibility and ecosystem factor. But it’s something you should ask of each vendor on your shortlist. Otherwise, you’re left with a SOC that isn’t as strong as it could be.
As smart analyst firms are likely to point out, a large collection of partners doesn’t always equate to more enterprise value. For our part at Cohesity, our ecosystem is highly selective. We partner with top brands with a proven value proposition that fits into core data security and management workflows. It’s about the quality of ecosystem partners, not quantity!
6. After you’ve mastered data resilience, move on to cyber resilience.
Here’s my favorite definition of cyber resilience: the ability to prepare for, respond to, and recover from cyberattacks—essentially, to withstand them.
An important point of distinction with a cyber incident: you don’t know the root cause. That means you have to understand how the incident occurred before you can invoke any kind of recovery. Clean rooming and other best practices must be part of your platform evaluation criteria here.
7. Use NIST, and a new IDC report to assess your cyber resilience capabilities.
A new IDC report comes into play at the cyber resilience layer.
IDC evaluated a number of vendors according to their capabilities across the NIST Cybersecurity Framework. Given that many top enterprises also use this framework to assess their security posture, this report should factor into your evaluation process as well.
IDC examines each vendor according to their capabilities across the five pillars espoused by NIST: Identify, Protect, Detect, Respond, and Recover. (It’s worth noting that purchasing technology on its own doesn’t reduce your risk; you must properly implement the technology and thoughtfully modernize your people, processes, and tools as well.)
8. Learn how Cohesity can help you improve your cyber resilience posture.
Our product team uses the NIST framework as an input to inform our roadmap and investments. We were delighted to see IDC recognize this, and name Cohesity a Leader in the Worldwide Cyber-Recovery MarketScape 2023. In particular, it was gratifying to see the firm highlight our expansive feature set across cyber security as well as backup and recovery.
Specifically the report notes these five strengths for Cohesity:
Broad-ranging cybersecurity and recovery abilities without forgetting the fundamentals of backup/recovery and disaster recovery
Well-integrated user interface that is intuitive to use and seamlessly incorporates third-party IP
Strong “upstream” ecosystem development and IP leverage via the Data Security Alliance
Strong “downstream” ecosystem of relationships, including AWS and IBM
Zero trust concepts extensively embedded in the solution
9. Understand the vendor’s vision for AI and their timelines for delivery.
When you select a modern data platform, you should consider how that platform could also accelerate your enterprise AI roadmap. The platform will house petabytes of data about your organization. If that data can be searched and accessed responsibly with generative AI capabilities, it can open up a new world of potential business improvements.
So ask the vendors on your shortlist about their plans and progress in this area. Ask to see demos, code samples, and roadmap plans. Ask the tough questions to ensure you’re working with a partner that is innovating in this area!
10. The ultimate question: How many large orgs use your tech?
All of the insights in the new reports mentioned above are absolutely worth your time and can help you make an informed decision on what technology to use.
We also recommend you ask one more question: “How many of the largest enterprises use your solution?”
Many of your peers were in the same situation you are today. Who did they select for their modern data platform? Chances are, they’ll answer Cohesity.
Want to learn more about the journey to data and cyber resilience? Download this new white paper and advance your maturity in months, not years.