Sikov - stock.adobe.com

When data protection is not enough

Organisations should take a holistic approach to data protection and cyber security in what the CEO of Acronis deems a “cyber protection” strategy

With cyber security and data protection being two sides of the same coin, it is no longer tenable for organisations to take a siloed approach to protecting data from cyber threats, according to backup and recovery software provider Acronis.

Speaking to Computer Weekly in an interview, Acronis CEO Serguei Beloussov noted that data protection should be part of a larger “cyber protection” strategy, drawing similarities with the current measures to stem the Covid-19 coronavirus pandemic.

He said: “You can’t be measuring fever, but not washing hands, or only washing hands and measuring fever but not doing tests on people who are sick. You need a combination of those measures.”

That is why Singapore-based Acronis made a concerted move last year to launch its Cyber Protect service, which protects organisations against what it called the “five vectors of cyber protection”.

“Cyber protection should include the security, accessibility and authenticity of data and applications, not just privacy and safety,” said Beloussov, a Russia-born Singaporean. “Data protection is primarily related to privacy and, to some extent, safety and security, but not so much on accessibility and authenticity.

“And the reality is that the data itself can be protected, but without the applications and systems, you can’t really use it.”

Enterprises are gradually seeing the need to take a holistic approach to data protection and cyber security, said Beloussov, noting that they have become more aware of the importance of IT and cyber protection to keep their businesses going amid the outbreak.

“Keeping IT operating at all times is really what cyber protection is all about – and it’s absolutely mission-critical for every business,” he added.

But governments are behind the curve from a regulatory standpoint in addressing cyber security and data protection, said Beloussov. Citing the European Union’s General Data Protection Regulation (GDPR), he said the data protection regime can sometimes contradict security directives.

“For example, if you want to ensure security, you need to know who is accessing your office so that you can verify who was in your office when a breach happens because that person has inserted a malicious device into your network,” he said. “But that will contradict the GDPR because you will then know the identity of the person.

“It’s one directive going against another and there is an opportunity for governments to synchronise their directives and remember that it’s about balancing between safety, security, privacy, simplicity and accessibility.”

Read more about data protection and cyber security in APAC

  • Singapore is reviewing its personal data protection laws to keep up with the changing technology landscape, such as growing adoption of the internet of things where seeking consent from consumers for the collection and use of personal data may not be practical.
  • A group of universities, certification bodies, law firms and data protection experts have banded together to form an industry network that hopes to shore up the data protection capabilities of organisations in Southeast Asia.
  • The number of data breaches continues to grow in Australia, underscoring the need for local companies to shore up their cyber hygiene amid mounting cyber attacks.
  • The Australian government is reviewing the nation’s cyber security strategy, but is it looking at the right issues? 

The focus on cyber protection will expand the market opportunity for Acronis to protect data, applications and systems, which the company collectively refers to as workloads.

Beloussov said Acronis currently protects about five million workloads, a small number compared to the five billion workloads it estimated could be protected with its software.

“We want to more than double the number of workloads we are protecting by the end of this year,” he said. “But that doesn’t mean we will double our revenue – it just means we will protect more workloads.”

To achieve its goals for the year amid the Covid-19 outbreak, Beloussov said Acronis will adjust its sales, marketing and product strategy to tap opportunities in markets that are recovering faster from the outbreak, such as South Korea and China, as well as to cater to the needs of industries such as healthcare and life sciences.

Meanwhile, Beloussov is concerned that the outbreak could become more than just an economic problem. He said with more people likely to work remotely even after the outbreak has passed, cyber attackers could cripple critical IT and communications infrastructure to create chaos in what he deemed a doomsday scenario.

“If that happens, nobody will have communications or the ability to work from home, and the economy completely collapses,” he said. “Our priority is to do everything to decrease the likelihood of this scenario.”

Read more on Data protection, backup and archiving