Data resilience is an all-encompassing mission that covers identity management, device and network security, and data protection principles like backup and recovery. It is a massive de-risking project and for it to be effective it requires visibility and senior buy-in, explains Rick Vanover at Veeam.
The AI hype gripping every industry right now is understandable. The potential is big, exciting, and revolutionary, but before we run off and start our engines, organisations need to put processes in place to power data resilience and ensure their data is available, accurate, protected, and intelligent so that their business continues to run no matter what happens. Look after your data, and it will look after you.
It is far easier to manage with training and controls early on when it comes to something so pervasive and ever-changing as a company’s data. You do not want to be left trying to unbake the cake. The time to start is now.
The latest McKinsey Global Survey on AI found that 65% of respondents reported that their organisation regularly uses Gen AI, double from just ten months before. But the statistics that should give IT and security leaders pause is that nearly half of the respondents said they are heavily customising or developing their own models.
This is a new wave of shadow IT – unsanctioned or unknown use of software, or systems across an organisation. For a large enterprise, keeping track of the tools teams across various business units might be using is already a challenge. Departments or even individuals building or adapting large language models, LLMs will make it even harder to manage and track data movement and risk across the organisation.
The fact is, it is almost impossible to have complete control over this, but putting processes and training in place around data stewardship, data privacy, and IP will help. If nothing else, having these measures in place makes the company’s position far more defendable if anything goes wrong.
It is not about being the progress police. AI is a great tool that organisations and departments will get enormous value out of. But as it quickly becomes part of the technology stack, it is vital to ensure these fall within the rest of the business’s data governance and protection principles.
For most AI tools, it is about mitigating the operational risk of the data that flows through them. Broadly speaking, there are three main risk factors:
- Security, what if an outside party accesses or steals the data
- Availability, what if we lose access to the data, even temporarily
- Accuracy, what if what we are working from is wrong
This is where data resilience is crucial. As AI tools become integral to your technology stack, you need to ensure visibility, governance, and protection across your entire data landscape. It comes back to the relatively old-school CIA triad – maintaining confidentiality, integrity, and availability of your data. Rampant or uncontrolled use of AI models across a business could create gaps.
Data resilience is already a priority in most areas of an organisation, and LLMs and other AI tools need to be covered. Across the business, you need to understand your business-critical data and where it lives. Companies might have good data governance and resilience now, but if adequate training is not put in place, uncontrolled use of AI could cause issues. What is worse, is you might not even know about them.
Ensuring data resilience is a big task – it covers the entire organisation, so the whole team needs to be responsible. It is also not a one-and-done task, things are constantly moving and changing. The growth of AI is just one example of things that need to be reacted to and adapted to.
Data resilience is an all-encompassing mission that covers identity management, device and network security, and data protection principles like backup and recovery. It is a massive de-risking project, but for it to be effective it requires two things above all else: the already-mentioned visibility, and senior buy-in.
Data resilience starts in the boardroom. Without it, projects fall flat, funding limits how much can be done, and protection, availability gaps appear. The fatal not my problem, cannot fly anymore. Do not let the size of the task stop you from starting. You cannot do everything, but you can do something, and that is infinitely better than doing nothing. Starting now will be much easier than starting in a year when LLMs have sprung up across the organisation.
Many companies may fall into the same issues as they did with cloud migration all those years ago, you go all-in on the new technology and end up wishing you had planned some things ahead, rather than having to work backwards. Test your resilience by doing drills, the only way to learn how to swim is by swimming.
When testing, make sure you have some realistic worst-case scenarios. Try doing it without your disaster lead, they are allowed to go on holiday, after all. Have a plan B, C, and D. By doing these tests, it is easy to see how prepped you are. The most important thing is to start.
Data freedom and data integrity
The movement of data poses one of the most significant risks to data integrity, with the lack of pre-migration testing as the main cause of issues such as data corruption and data loss. This can cause unexpected downtime, reputational damage and loss of important information.
Data integrity begins with awareness. Many organisations do not fully understand what data they have, when it was added or what was updated over time, making it challenging to conduct data audits or integrity checks. Building awareness of data assets is the first step towards validating data and detecting abnormalities based on historical analyses.
Then, rigorous and ongoing testing for migration is crucial. This includes testing for both functionality and economics. Functionality refers to how well the system operates after migration, ensuring that it continues to meet expectations; economics refers to the cost-effectiveness of the system or application, which is particularly important with cloud-based migrations.
Economics testing involves examining resource consumption, service costs and overall scalability to ascertain whether the solution is economically sustainable for the business.
Organisations must liken preparing for migration to how pilots train to resolve the unexpected. By planning for the potential problems businesses may encounter during the transfer of data across systems and platforms, the risk and impact of compromised data can be minimised.
Most importantly, companies should prepare for migrations even if they do not anticipate immediate changes. Just as pilots do not wait for poor flying conditions to train for an emergency landing or response, businesses also should not wait to be notified of imminent change to initiate data checks and testing. The volatile and fast-paced technological environment means we need to always be prepared to avoid being caught off-guard.
Data freedom is not just about having the ability to move data, it is about ensuring data remains accurate, secure, and usable during migrations or platform changes. Regular testing and data assessments help maintain both integrity and freedom, ensuring businesses can rely on their data when it matters most.
