Stacy Hayes, EVP (Americas) at Assured Data Protection, was recently asked for his 2023 predictions for data protection, privacy and disaster recovery by DR Journal:
"It’s an understatement to say that 2022 saw a lot of change for all sectors, due to the ever-changing impact of the COVID-19 pandemic, hyperinflation, and the war in Ukraine.
Despite these challenges, Gartner estimates that global IT spending is expected to grow to more than $4 trillion dollars in 2023. Many organizations are deliberating on how to tackle the ever-rising influx of data, and assessing the ever-present reality of cyber-risks, disasters and data protection legislation."
Stacy said: "DR and backup have always been the domain of the CTO and the IT teams, but a shift is happening within organizations that could see these critical functions fall under the jurisdiction of the CISO, CSO and cyber security teams. The IT stack is in a state of constant flux anyway because of hybrid cloud deployments, and the emergence of microservices and cloud native applications. The CTO departments of this world have their work cut out for them piecing all of these new elements together and adopting new DevOps strategies. So the responsibility of data management could easily be transferred to the CISO and security operations teams who are growing in influence across organizations as cyber threats continue to escalate.
The role of the CISO has developed over the last couple of years, as budgets and teams have grown to help protect company data, assets and infrastructure. At the same time many players in the backup space have repositioned as complementary providers of security solutions, which in turn has attracted the attention of CISOs. We’ve had interesting discussions with CISOs ourselves. They’re genuinely interested in managed solutions that can bridge the gap between IT and security. Consequently, they’re looking for immutable backup solutions that they can fall back on in the event of a ransomware attack or data breach.
It would make sense for them to own the DR and backup function to strengthen their defensive security posture. They could expand their role to support business continuity besides threat mitigation and prevention. Knowing they had a reliable backup in place to host company data while they track down and isolate threat actors would be reassuring to the CISO and the wider organization. Although, this policy would be specific to the needs of the business. It would depend entirely on the culture of the organization. But expect to see instances of it happening over the next 12 months.”
Click here to read the full article on DR Journal.