Subscribe
About

Taking care of the vulnerability lag

Exploring the ransomware risks resulting from accelerated digital transformation.
Julie Noizeux, Channel Manager: South Africa, Veritas Technologies.
Julie Noizeux, Channel Manager: South Africa, Veritas Technologies.

Ninety-nine percent of South African organisations now have gaps in their IT strategies due to COVID-led digital initiatives, and 85% predict it will take at least a year to close those gaps. These findings come from The Vulnerability Lag, a recent Veritas report that surveys the impact of the rapid changes that were made during the pandemic.

The numbers are astounding. Yet once you unpack the concepts behind these findings, it's hard to imagine any company dodging this particular bullet.

"Makes you wonder who the 1% are with no gaps!" says Julie Noizeux, Veritas Technologies' Channel Manager, South Africa. "Maybe they just haven't been changing much because the lag we're talking about became more obvious during the pandemic. Companies had to evolve and change so quickly that it created vulnerability gaps in their environments faster than anticipated. Transformations happen at a certain pace, but risk mitigation that comes with the transformation hasn't necessarily kept up."

Gaps created by digital transformation are not a new challenge and are often described as a lack of visibility or control. Still, as the report found, the pandemic drastically amplified those gaps when it prompted projects to deliver much faster than anticipated. What should have taken years turned into months. This eventually created a lag between transformation, control and security. Hence, we now speak of the vulnerability lag: problems that companies won't naturally rein in.

The roots of the vulnerability lag

Why can't we anticipate that the lag will eventually catch up? Much of it goes back to the problem of transformation running faster than other areas such as compliance and budgets. Starting with the latter, budgets took a big pounding in the past two years. Even if they increased, the majority of that spend addressed real-time challenges such as making applications accessible to remote workers. Now, as budgets seem to shrink again, there aren't resources to directly tackle gaps in estates.

"Within the vulnerability layer, the vast majority of what we call 'gaps' that we have seen are specifically focused around budgets," says Noizeux.

Data compliance is another issue. Opening the doors to remote workers and cloud environments introduced many new legislative complexities – 48% of executives polled by Veritas said they have serious compliance gaps.

"Companies are increasing the number of applications that they're using, which makes it more difficult to manage the data being created and still meet the regulatory requirements."

Finally, underpinning all of these is the continued push for adopting cloud operating models. The significant problem is that while companies add new systems and other digital capabilities, the speed of adoption tends to create new silos. Naturally, such 'silofication' exploded during the pandemic. Companies steadily started losing more control over the gaps, particularly with security (60%), budgets (55%) and cloud technologies (52%).

Data and plugging the gaps

Complexity is not the issue, as Noizeux points out: "Companies want to have all these complexities, they want to be able to do all these amazing things. But ideally, they want to manage it in the simplest way possible."

When left to its own devices, complexity creates silos and gaps that, under pressure, become the vulnerability lag. How can companies gain back their control? The solution, Noizeux proposes, is through data and the correct management thereof.

"If you focus on getting visibility and control over your data, you have a substantial ability to manage everything else. That's because data is not just about the files you use, but applications and workloads as well. If you can manage your company data in a holistic way – meaning you don't just focus on point solutions – you start getting a clear picture of what's going on with your IT."

She elaborates: "Using data as the means to manage IT has only started to make real sense in recent years. Primarily we can thank data protection and management platforms, which take that holistic approach and manage data across different silos. They inform your security choices, cloud exposure, compliance levels and where your money is going. Even chasing down irrelevant data can save money and improve oversight. For example, something silly like a canteen menu saved on a desktop that is then placed in a backup. If you have thousands of employees, that type of file can be duplicated and shared many times over. That's money wasted on unnecessary storage, and there are lots of such data types in every business."

If you can see where your data resides and control it, you have a gateway to finding those gaps and, ultimately, address your vulnerability lag. Doing this correctly is crucial: respondents to the Veritas report said it would cost, on average, US$2.3 million and require 37 full-time IT employees to fix their gaps. These problems are not going away, and taking them in your current stride could become very expensive.

There is another way: the data visibility and control way. Consider using modern data protection and management platforms to get to the root of your vulnerability lag. Then you can worry less about catching up and focus more on what next you can accomplish.

Share