.st0{fill:#FFFFFF;}

Shifting from Business Continuity to Continuous Business in Cyber 

 October 25, 2024

By  Jane Frankland

As cybersecurity matures, the concept of resilience has taken on new dimensions, at least according to Commvault’s CEO, Sanjay Mirchandani.

Attending their annual global event series, SHIFT, in London recently, he redefined the future of business resilience in his keynote address and positioned the concept of continuous business—a ground-breaking state of perpetual availability and robustness which revolves around four pivotal elements:

1.     Continuous security,

2.     Continuous rebalance,

3.     Continuous readiness, and

4.     Continuous recovery.

Mirchandani passionately visioned a world where you could withstand numerous digital challenges from cyberattacks to power failures, with hardly any downtime, rapid recovery, and seamless operations. A scenario where you could face any looming cyber crisis knowing that you’d emerge unscathed.

As ITDMs, CISOs and cyber risk owners this is our dream scenario, and he got me thinking.

At the heart of continuous business is the integration of cybersecurity into the very fabric of your operations, ensuring that your business remains resilient and always ready to tackle whatever comes its way. No longer is it sufficient for businesses to maintain operations in the face of adversity; the goal should now be to achieve continuous business.

It’s a subtle shift in focus, and requires a fundamental change in how we, as ITDMs, CISOs and cyber risk owners view and action resilience—not as a one-time project, but as an ongoing programme that provides strategic advantage.

That’s what this thought leadership blog is about. In it, I’ll be examining the importance of shifting from business continuity to continuous business for cloud-first enterprises, and the key elements that are required to achieve this vision. I’m partnering with Commvault to highlight the transformative power of Commvault® Cloud. This platform offers a comprehensive solution for risk assessment, recovery testing, and rapid business restoration post-breach, all while maintaining full compliance. It delivers enterprise-grade resilience tailored for the speed and scale demands of today’s cloud-centric world.

Let’s dive in.

Rethinking Resilience

Resilience shouldn’t be an endpoint but an inherent capability that enables businesses to operate seamlessly regardless of challenges. It’s about being in a constant state of readiness, ensuring that your business is always on.

Available. Operational. Resilient.

This continuous approach not only enhances operational stability but also strengthens the ability to adapt to future disruptions, including the ability to innovate, which always occurs after a crisis. Just think about what happened at the last financial crisis in 2008, or more recently with the COVID 19 pandemic.

It means ensuring that you’re future ready and better equipped than your competitors to meet the demands of new technologies and threats.

When it comes to cybersecurity, it means you’re thinking about cyber right at the very start not as an afterthought or a bolt-on to your existing operations. It means you’re being proactive not reactive. Open to business, not closed off.

It means truly understanding your organisation’s business strategy, and garnering support from other stakeholders within it, as cyber must be a shared responsibility across the business.

It means understanding your ambitions and limitations for resilience in your organisation and addressing all cyber risk decisions – whether to accept, transfer/share, or mitigate. And it all starts with a mindset shift—from business continuity to continuous business.

A Proactive Approach to Security

Embracing the future of resilience isn’t (just) about building the best SaaS platform. It’s about thinking expansively and creating a new environment and ecosystem for the modern, cloud-first enterprise: one that empowers every customer with the insight, partnership, and innovation they need to stay ready for a cyberattack and drive continuous growth in the era of AI.

During SHIFT, Mirchandani shared three fundamental principles that are essential for enabling this transition:

1.     Own your own cloud

To be truly resilient, you must own your own cloud-first environment. When it’s your environment you hold the keys to the kingdom –

the power to scale, shrink, manage, and secure it however you choose. And the best part? You can adapt and change your decisions whenever you like.

However, when you do this, understand that having another party manage the infrastructure doesn’t absolve you of your responsibility in overseeing its performance and security. This is a common misconception that has caught many ITDMs, CISOs and cyber risk owners out. It’s your responsibility and liability. As Mirchandani pointed out,

If your business is in the cloud, then the cloud is your business, and it’s up to you to keep it secure and compliant!”

2.     Embrace multi-cloud

Multi-cloud is universal, and embracing it is not just a choice but a strategic imperative for businesses aiming to thrive amidst challenges and uncertainties, such as now. By leveraging its flexibility, diversity, portability, and scalability, you can strengthen your infrastructure against disruptions.

You can increase your reliability by reducing your reliance on one data vendor or hypervisor. You can improve your redundancy for global regulations – essential when regulation is increasing, and regulators are levying hefty fines for non-compliance. And you can embrace its scalability by seamlessly integrating new workloads and users, ensuring uninterrupted performance without sacrificing efficiencies or performance.

The beauty of multi-cloud is despite its many moving parts, it’s reinforced by robust built-in security and comprehensive support for cloud-native and SaaS applications, safeguarding continuity and operational integrity – a no brainer!

3.     One size doesn’t fit all

Every business faces unique challenges and requirements, making it essential to tailor solutions to fit specific needs. For example, protecting virtual machines requires a different approach compared to securing cloud-native applications. The strategies for safeguarding and reconstructing cloud application configurations are distinct from ensuring the resilience of data in platforms like Salesforce or Microsoft Dynamics. Additionally, defending and recovering vast cloud-scale GenAI applications, which involve billions of objects, present unique challenges unlike those faced with traditional relational databases.

That’s why to bring about a continuous business strategy, Mirchandani recommends starting with a strong foundation in continuous security, emphasising a “shift left” approach.

By integrating security considerations early in the development process and throughout automation, you gain an opportunity to acquire proactive protection. For instance, with Commvault® Cloud, using intelligent decoys and cybersecurity systems, you gain a seamless method for responding to early warning signals via a unified interface for both SecOps and InfraOps. This comprehensive approach ensures end-to-end security for both your data and environment.

Continuous rebalancing comes next as it gives you flexibility, choice, and portability across clouds, regions, and hybrid workloads. Since no two days are the same, this focus future-proofs your business, ensuring you’re prepared to adjust or scale swiftly.

Commvault’s Multi-Copy feature helps you achieve this. It enhances data protection and management by creating multiple data copies across various storage locations, ensuring redundancy and minimising data loss. It uniquely balances system load to prevent bottlenecks, maintaining optimal performance while automated rebalancing adjusts storage based on usage patterns for efficiency. Whist this feature enables easy scaling of resources and improves resilience, its comprehensive and automated compliance support also ensures consistent adherence to data retention policies – crucial for industries with strict regulations.

At a time where cyber threats are growing in scale and sophistication, continuous readiness is a non-negotiable for ITDMs, CISOs and cyber risk owners. When you have readiness anchored in, you have a robust cyber recovery plan that not only addresses theoretical “Armageddon” scenarios but is rigorously tested, refined, and updated.

Unfortunately, many organisations equate this with traditional disaster recovery, which is another costly mistake. That’s why it’s critical to distinguish between cyber recovery and disaster recovery to ensure comprehensive protection.

While disaster recovery focuses on restoring IT infrastructure and operations after events like natural disasters or hardware failures, cyber recovery zeroes in on the intricacies of cyber threats. It involves a proactive strategy to recover from cyber incidents such as data breaches or ransomware attacks.

An effective cyber recovery plan must be dynamic, involving more than just tabletop exercises though. It demands comprehensive, real-world simulations that rigorously test all mission-critical workloads. This includes the critical task of Active Directory recovery, which Gartner predicts will be targeted in 75% of cyber-attacks by 2025.

These simulations should assess the speed at which applications, configurations, SaaS data, and other essential components can be restored simultaneously across the enterprise, all while ensuring the integrity of the data. Integrating these simulations with data recovery processes is vital to guarantee swift and comprehensive resilience against evolving cyber threats.

This means you need to understand your minimum viable business operations. When you can pinpoint the core functions essential to your business’s survival post-attack, you ensure that these crucial elements are supported by a minimal viable IT environment, ready for quick deployment and recovery.

But a word of caution.

Cyber recovery should never be left to chance, and that’s why practicing these recovery scenarios frequently is vital. Research tells us that 98% of organisations that have been breached test their recovery plans afterward, and the most resilient companies are those that regularly test and validate their recovery strategies. Yet surprisingly, many ITDMs, CISOs and cyber risk owners lack confidence in their plans, with some not even having a recovery plan at all!

Commvault ensures continuous readiness through its comprehensive cloud platform, which includes features like early-warning ransomware detection, air-gapped immutable storage, and automated recovery testing. Their Cloud Cleanroom Recovery, one of my favourite features, allows you to test and validate recovery plans in a secure, isolated environment, ensuring rapid recovery from cyber incidents. This approach helps maintain readiness by continuously monitoring for threats, providing precise alerts, and enabling seamless integration with security solutions to minimise downtime and enhance data protection.

But that’s not the end of it. Education and training are essential. During a meeting with Commvault’s CMO, Anna Griffin, at SHIFT, she offered me valuable perspectives that showcase the critical role of continuous learning in strengthening cyber defences, which you can access in this video.

Continuous recovery is the final step in achieving continuous business. It’s essential for minimising downtime costs and maintaining customer trust. Commvault’s Cloud Rewind feature supports this with AI-driven automated recovery, ensuring reliable recovery points and rapid scaling to meet recovery objectives. It prioritises data integrity and security using zero trust access, air-gapped copies, and immutable storage. By offering point-in-time and granular recovery for efficient data management in hybrid environments, its cost-effective design optimises storage and reduces data replication needs, ensuring resilience against disruptions.

Clumio further strengthens this capability by extending cloud resilience on AWS. Following its recent acquisition, Clumio will be integrated into the Commvault Cloud, offering even more robust protection. It provides a secure cloud storage solution for backups, making them easily accessible whenever needed, without the usual delays.

To End

As a competent ITDM, CISO and cyber risk owner, you know that continuous business strategy is no longer optional—it’s essential. Resilience must be built into every aspect of your operations, from security to recovery. By embracing continuous business via a strategy of continuous security, rebalancing, readiness, and recovery, you can achieve the seemingly impossible – keeping your businesses agile and protected against any disruption.

You get the upper hand. The easier life. Kudos from your peers. Guaranteed bonus. 

Now I want to hear from you

How are you preparing your shift to continuous business?  Join me for a conversation on LinkedIn and let me know in the comments.

Then, if you’re ready to make this vision of continuous business achievable, head on over to Commvault. With Commvault Cloud and features like Cloud Cleanroom Recovery, Cloud Rewind, Multi-Copy, and Clumio, plus education resources contained within the Readiverse, Commvault you can ensure seamless, secure operations to empower your organisation to not just withstand cyber threats but thrive in an era of constant change.

Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this thought leadership blog for Commvault. Because your success is important to me, I only align myself with brands I believe in, and Commvault is one of them.

Did you enjoy this blog? Search for more blogs that you want to read!

Jane frankland

 

Jane Frankland is a cybersecurity market influencer, award-winning entrepreneur, consultant and speaker. She is the Founder of KnewStart and the IN Security Movement. Having held executive positions within her own companies and several large PLCs, she now provides agile, forward thinking organisations with strategic business solutions. Jane works with leaders of all levels and supports women in male dominated industries like cybersecurity and tech. Her book, IN Security: Why a failure to attract and retain women in cybersecurity is making us all less safe' is a best-seller.

 

Follow me

related posts:

Get in touch