Protecting data availability in the age of cloud

Article 24 Apr 2025 Read time: 1 min

By Tony De Bos, Vice President of Security and Resiliency at Kyndryl, and Allen Downs, Vice President of Security and Resiliency at Kyndryl

Online methods to break into data systems are on the rise. Adopting a cloud-native approach to cybersecurity can help businesses respond to these threats more effectively. But in doing so, organizations must recognize the difference between “availability” and “recoverability.” Today’s cyber threats can include corrupting or restricting access to digitally-stored data, as well as its theft or malicious deletion. In a cloud-based or hybrid IT system, business continuity hinges on data availability in the face of cyberattacks — whether targeting the main system, the suppliers and subcontractors connected to it, or even the power grid that the data center depends on.

Before the online, digitally-connected era of computing, companies backed up their operational and customer data onto analog tapes. These backups allowed businesses to restore operations during catastrophic hardware failures. This was a solid strategy before the internet, but such methods are no longer sufficient to address the complexities of modern cyber threats.

The 2024 Kyndryl Readiness Report revealed that while 90% of business and technology leaders are confident their IT infrastructure is best-in-class, only 39% say their IT is ready to manage future risks. Why? According to cross-industry operational data from Kyndryl Bridge, a whopping 44% of servers, networks and systems are near end-of-life. These aging systems are no longer supported with updates that would help fortify them against the latest cybersecurity threats.

For example, legacy systems won’t be able to run quantum-safe encryption software that helps guard against the emerging threat of attacks that can pierce even today’s strongest data-protection shields. Organizations need systems that protect against quantum threats and allow operators to change compromised encryption keys quickly. To put it bluntly, you need the latest equipment to stay safe.

Getting started

The first step for any organization is to evaluate and update its data backup policies. Then, it should invest in cyber-tolerant backup platforms that incorporate advanced, role-based access controls to protect against insider threats. In other words, decide what you need, modernize your systems and determine who controls them.

Next, companies must accept that cyberattacks will happen and proceed accordingly. As organizations implement the cyberattack detection and prevention controls essential for cloud-based and hybrid systems, the process must include running cyber threat simulations to identify gaps in protection and establish appropriate recovery plans.

Recovery planning should also include developing protocols specific to business continuity. What are your critical business operations? How much will disruption cost? What are the workarounds, and which should you implement first?

Beyond the tech

Strategy alone is not enough. It is important to have a basic understanding of the dangers of cyber threats. For leadership, this means knowing the risks and potential outcomes of cyberattacks and relying on that knowledge to make informed decisions about cloud adoption and application design. For employees, it means immersion into a culture of security and continuous learning. This could include everything from knowing how to spot suspicious emails to shutting down unattended workstations.

Comprehensive data protection across environments

Data security should span both cloud and on-premises environments. Automated systems for data discovery and classification provide critical visibility across the entire data landscape, helping to enable effective risk management even in the most complex IT environments. Proactive security strategies with continuous monitoring capabilities can help mitigate threats before they escalate to breaches, with encryption, data loss prevention and compliance controls as the foundation of modern protection.

Preparation, prevention and recovery are the watchwords of cybersecurity in the cloud and hybrid era, and everybody must be involved. Organizations should review and update their security plans regularly, with input from both business and technical leadership. Working with a trusted partner to get it right the first time — and then get it right again as situations change — will be your best bet to maintain security and business continuity in the increasingly perilous world of cyber threats.