Cyber Resiliency: Improve Security With These 3 Data Management Best Practices
As IT leaders work to improve cyber resiliency, yet prepare for potential data loss under cyber resiliency initiatives, there is often an untapped opportunity to make big improvements with mainframe data management. The mainframe has a long history of excellent security, however, new and on-going efforts to penetrate the mainframe have exposed mainframe data to new risks. Recent advancements in mainframe data management have demonstrated that mainframe data can be moved to the cloud and kept just as secure as within the mainframe environment. Because of this, IT leaders have begun to move data that has historically resided on the mainframe to the cloud. This opens up new possibilities for lowering financial risk and improving data resiliency and recovery.
This article will cover how IT leaders can adopt three best practices for mainframe data management to significantly improve cyber resiliency while improving business outcomes.
Best Practice #1 – Adopt cyber resiliency in data management
Data management solutions are a common tool that enterprises have used for years to manage their data. Unfortunately, many of these tools have not innovated around new cyber resiliency. There are new entrants into the market and improvements being made to existing solutions adding cyber resiliency features that make this a great time to reevaluate the data management solutions being used and look specifically at how they are helping advance cyber resiliency.
Here are a few new data management features/solutions that are proving very helpful to IT leaders:
- Data management that uses artificial intelligence to identify and classify data so you can appropriately store, provision, and protect your data.
- Data management that calculates risk based on applicable privacy regulations and is a continuous solution so you manage your risk levels.
- Data management that automates data storage and handling processes based on applicable data protection and privacy regulations to ensure compliance.
- Data management that automatically encrypts data in-flight as it is moved to a new storage system to protect data in transit.
- Data management that automates mainframe data transfer to cloud storage. This can be used to eliminate hardware, labor and physical storage for data backups, and simplifies disaster recovery by making backups readily available from any location.
- Data management that securely connects to a mainframe data transformation engine (if used) to make it possible for your mainframe data to be accessed and analyzed using cloud analytics.
Data sources and data management regulations (e.g. GDPR, HIPAA, SOX) continue to change at a rapid rate. Data management solutions need to evolve just as quickly to support your cyber resiliency efforts. Reevaluate the current solutions that you use today and identify any gaps in accomplishing the objectives exemplified above. If gaps are found, explore solutions that better fulfill cyber resiliency requirements.
Best Practice #2 – Shift backup protection to data protection
Backups are a critical part of cyber resiliency planning, yet are often a vulnerable target for cyber attackers. Securing your mainframe backup systems from deletion or ransomware is a key consideration for cyber resilience. That said, thinking about backups as a different thing than our critical data may be hindering our view on how to approach backup security. If we instead think about the data that needs to be protected, we can better look at the protection needed to keep backups secure.
Here are the key requirements for protecting your mainframe data—particularly in cloud storage—and ensuring cyber resilience:
- Data from backups that moves to cloud storage needs to be protected in-flight with encryption.
- Protect that data from possible data loss by utilizing object storage capabilities such as versioning, immutability (WORM – Write Once Read Many) and at-rest encryption.
- Air gap the data (which cloud providers can do) so that at any given time, a copy of your sensitive data is offline, disconnected, and inaccessible from the public internet.
- As a part of the protection, ensure that activity log auditing capabilities meet the needs of the data being protected. For example, if it is mainframe data that hasn’t been transformed, auditing needs to include mainframe logs and z/OS SMF records.
Mainframe data management solutions can automate the above tactics for data protection to provide the same level of security in the cloud as you get from the mainframe environment. Having that level of protection in the cloud opens up incredible opportunities for accessing and analyzing mainframe data, as well as lowering operational costs.
Best Practice #3 – Create DR plans for cyber resiliency in different loss categories
Disaster recovery planning has evolved from up/down to various scenarios caused by anything from natural disasters to ransomware. The next level of disaster recovery planning is to consider different loss categories. This means instead of having a recovery plan for each possible scenario, you instead consider the types of data loss that would result from the scenarios and group these. The approach actually simplifies disaster recovery planning and places the focus on solving for the potential outcome instead of the potential cause.
Examples of loss categories include:
- Temporary loss of an IT service or application
- Temporary loss of a third party IT service provider
- Temporary loss of a physical location, network or hardware
- Permanent loss of an IT service
- Permanent loss of a physical location, network or hardware
- Data corruption or deletion
There are multiple scenarios which could cause each one of these categories of loss. And new scenarios will be invented by malicious actors or will arise naturally (like a worldwide pandemic where lockdowns caused temporary loss of a physical location). Planning DR according to the loss categories and their resulting outcomes will help to future-proof your plans focusing on the broader business impact, regardless of nature or scale of a disaster. This allows your team to focus on continually improving recovery performance and mitigating risk instead of inventing new DR scenario plans.
You also need to ensure your data protection plans match up to various disaster recovery needs. For instance, you’ll want to ensure that for all DR loss categories you can perform a “stand-alone” restore of your mainframe data backups directly from the cloud and from any location with no dependency on the compromised system nor on specific recovery locations. You’ll also want to ensure a bare metal recovery from cloud storage to a clean mainframe environment can be performed.
Approaching cyber resiliency as continuous will pay off
Looking at how to achieve cyber resilience as more than an initiative will yield incredible benefits for organizations—both today and into the future. Making changes in mainframe data management will bridge the gap between mainframe and cloud environments, while keeping your data protected. Adopting these best practices will:
- Lower financial risk by maintaining compliance with evolving data privacy regulations.
- Minimize the fees from data privacy non-compliance when a disaster happens.
- Reduce the impact of a disaster with higher and faster recovery to assure business continuity.