While data management strategies, including disaster recovery and backuphave always tended to be the domain of the chief technology officer (CTO) and IT teams, some of these functions are becoming the domain of the chief information security officer (CISO) and cybersecurity teams, a trend that is expected to accelerate over the coming months.
With the IT stack constantly evolving through the emergence of hybrid cloud architectures, microservices, and cloud-native applications, many CTOs are looking to shift overall data management responsibility to security specialists who are already in charge protect them, according to a Yorkshire-based data management specialist Data protection ensured (ADP).
Looking to 2023, Simon Chappell, co-founder and CEO of ADP, said, “The role of the CISO has grown over the past two years as budgets and teams have grown to help protect company data, assets and infrastructure.
“At the same time, many players in the backup space have repositioned themselves as complementary providers of security solutions, which in turn has caught the attention of CISOs. We ourselves have had interesting discussions with CISOs.
Chappell said CISOs are “genuinely interested” in solutions that can bridge the gap between IT and security, and as such are looking for immutable backup solutions they can fall back on if they are. unfortunate enough to be hit by a ransomware attackor any other form of data breach.
Chappell argued that it would “make sense” for CISOs to have disaster recovery and backup capabilities to bolster their defensive security posture.
“They could expand their role to support business continuity in addition to threat mitigation and prevention. Knowing that they had a reliable backup to house corporate data while they track down and isolate threat actors would be reassuring for the CISO and the organization at large.
“Although this policy is specific to the needs of the business. It would entirely depend on the culture of the organization. But expect to see cases where this will happen in the next 12 months,” he added.
At the same time, as more organizations have turned to cyber insurance policies to mitigate the risks of a cyber incident, insurers have responded by increasing premiums and, in some cases, reduce the scale and scope of the policies they propose to mitigate some of the risks they face.
As a result, ADP said, companies are beginning to contact data protection service providers to obtain or retain access to appropriate levels of insurance coverage.
ADP Europe, Middle East and Africa (EMEA) CTO, Stewart Pakin, said: “We are already seeing a change with more and more clients coming to us asking for audit reports or assurance questionnaires. to provide validation to insurers that their backups are immutable. Businesses view vendors and MSPs as trusted third parties who can ensure their data is protected and secure. »
Pakin said it was understandable for insurers to seek to mitigate their risk exposure, but even then, end users still needed to be confident that they had reliable resources to protect their data and recover it in the event of a disaster. breach. or incidence, as insurance guarantor.
He suggested that this approach of turning to trusted third parties in this way would become more widespread in 2023, potentially opening up new opportunities for managed security service providers (MSSPs).