In case you missed the online Rubrik Public Sector Summit on Oct. 8, all sessions are now available for replay. Please hit the link here to listen to industry leaders from Rubrik and SAIC discuss the importance of continuous adaptation of data backup and recovery plans when it comes to cybersecurity. Our Oct. 9 news story from their remarks follows…
As the Federal government progresses in implementing cybersecurity frameworks to safeguard its networks, private sector leaders underscore that continuous adaptation of data backup and recovery plans are essential components of these frameworks.
During the Rubrik Public Sector Virtual Summit powered by MeriTalk, industry experts stressed that data backup strategies are essential for maintaining mission resilience in both civilian and defense sectors, pointing out the importance of continuously adapting strategies.
Michael Mestrovich, chief information security officer at Rubrik, acknowledged that civilian and defense agencies frequently strive to have effective continuity of operations and disaster recovery plans, which is a “good first step.” However, he said those plans oftentimes do not adapt to an agency’s changing nature.
“A lot of organizations strive to have effective continuity of operations and disaster recovery plans, and certainly that’s a good first step. [But] oftentimes they don’t revise those as their business operations change over time [and], being mission resilient is being able to continuously adapt your operations to provide services,” Mestrovich said.
Josh Jackson, executive vice president of the Army Business Group at SAIC, echoed Mestrovich’s insights adding that data backups and recovery plans must be baked into an organization’s ecosystem because there could be “potential fallouts from inadequate backup measures.”
“Backup and recovery are obviously foundational to mission resilience. It serves as that safety net that allows you to recover lost data and maintain critical functions during or after an incident, regardless of how that happens. So, it’s important that we view that as a part of a broader strategy,” Jackson said.
Jackson and Mestrovich highlighted regular testing of recovery plans as a key tool for continuous adoption of backup and recovery plans.
“[Regular testing] is critically important. But I think it often in the resource-constrained environment … [it] gets cut or just gets a cursory view. The testing phase is really a critical component of just regular good hygiene and cadence,” Jackson said. “That impact assessment and the prioritization of testing what you have is important not only to guide the frequency [of] how often you’re testing but also to establish some targets.”
Mestrovich highlighted that regular testing also allows agencies with budget restraints to “put [their] resources to the things that are absolutely critical.”
By “consistently testing on a routine basis, I find problems in my test, and I’ll have a little feedback loop where I can go back and make changes,” he said, adding, “[Testing] allows us to provide the structure to assign resources where we find deficiencies and make sure that we have the resources necessary to protect our critical workflows.”
