• Mark Molyneux, CTO EMEA at Cohesity


• 28.04.2023 11:30 am
#finance

The finance industry is one of the most heavily regulated in the world, especially when it comes to data protection. So many of those with responsibility for a business’s technology could be forgiven for constantly looking over their shoulders, the vibe being more to protect the business, than looking ahead to enable it. Among the concerns are the constant threat of cyberattack, requirements of compliance and data protection, the need to ensure that software is up to date, that end-user security is strong, and the imperative to ensure every business unit has the tools it needs to work efficiently. Slowdowns and outages are the enemy.

A piecemeal approach to tech does you no favours

This situation exists because of a piecemeal approach to maintaining the technology estate and ensuring that it is secure. The typical investment cycle is a huge injection of capital expenditure every five years, which buys a smart new solution to add functionality and capability. Maybe a public cloud implementation during this cycle, maybe a private cloud solution, maybe a refreshed data protection system, maybe some other needed new items.

But it doesn’t have to be like this. Even at a time when budgets are extremely tight as Gartner points out in a recent report, there is a better option. It requires a much more holistic view of the technology estate and the needs of the business, and a rethink of how procurement, capital and operational expenditure are managed.

The resiliency total cost of ownership

The way to start thinking about technical capability, security, compliance and all the rest is to do a resiliency Total Cost of Ownership (TCO) exercise.

This might reveal that the petabytes of unstructured data stored for data protection or compliance purposes can be reduced to a few terabytes, that magnetic tape can be converted to digital storage, and that in doing this, hardware, storage space and energy costs can be reduced, and – possibly for the first time – this data can be made instantly searchable and fully protected .

This exercise in resiliency might also reveal that while the backup and restore service that’s in place can perform a full restore in minutes, in accordance with your defined business objectives, the decision on whether to make a restore might take many hours, involving discussions between numerous people, who may or may not be prepared to take the decision to shut everything down and restore. In those precious hours of downtime customers are not served, workers cannot work, news gets out, reputational damage is done. With so many businesses operating in commodity-like space, downtime might be the factor that finally breaks a customer’s inertia and causes them to take their business elsewhere.

Another aspect the exercise might reveal is the total cost of providing data security measures to hosted platforms, of managing access privileges to cloud, on-premise and any other systems used, and of implementing backup and restore across a patchy estate is made up of multiple components, perhaps even duplicated components, while some areas may not be covered at all.  To the sum of all these cost elements should be added the cost of cyber insurance, plus an understanding of what this insurance does and does not cover, the cost of manual recovery efforts and manual business efforts for the duration of recovery, and for the period immediately following recovery (catch-up to live), and an understanding that you can’t put a financial value on reputational damage.

Symbiosis

The holistic overview that a resiliency TCO exercise delivers allows a business to think differently. Instead of separating out security from applications and services, let’s think of them as connected, even symbiotic. Similarly, let’s stop thinking about compliance, data protection and the need to maintain data archives, everyday compute needs, backup, and restore as separate, but rather as necessary, equally important constituent parts of the whole, that can be managed centrally rather than individually. 

Spending to save

In our experience, a resiliency TCO exercise invariably reveals that a modern approach to data security and management, which combines the use of AI and Machine Learning threat detection measures, is more efficient and more effective than patching discrete systems. It can spot unusual behavior, it is scalable and extensible, so that new capabilities are added as they become available and incorporated into regular operational costs rather than waiting for a big capital upgrade.

What’s interesting about this approach is that it can be at its most powerful at a time when budgets are squeezed. By identifying gaps, double spending, overspend and underspend, it can often help a business make its tech spending work harder, achieve more and provide greater protection and resiliency to the estate.