Beyond the firewall: Embrace proactive cyber defence

In the world of cybersecurity, the old saying ‘forewarned is forearmed’ has never been more relevant. Yet, too many organisations still operate on a ‘wait and see’ basis, only reacting to threats once the damage is done.

This traditional, reactionary approach is like installing a smoke detector but having no plan for an actual fire. It’s a strategy that’s becoming increasingly ineffective against the sophisticated and persistent nature of modern cyberattacks.

As cyber threats grow more sophisticated, cyberattacks have shifted from a potential threat to an unavoidable certainty. Despite massive global investment in cybersecurity, data breaches continue to be widespread.

The Veeam 2025 Ransomware Trends and Proactive Strategies report highlights this trend, showing that 94% of companies plan to increase their recovery budgets for 2025, and 95% are allocating more funds toward prevention.

The problem is, even with bigger budgets, many are still on the back foot. Instead, a proactive stance is essential for genuine cyber resilience.

Let’s explore what proactive threat detection involves and how your organisation can shift from merely reacting to threats to actively hunting them down before they can cause significant harm.

The overconfidence trap

It’s easy to believe you’re more prepared than you actually are. In fact, Veeam’s 2025 Risk to Resilience Report reveals a stark reality: while 69% of ransomware victims felt prepared before an attack, that confidence plummeted by over 20% after the incident.

This gap between perceived readiness and actual recovery capability highlights a critical flaw in many cybersecurity plans.

Waiting for an alert means the adversary is already inside your network. A proactive strategy, on the other hand, assumes that threats may have already bypassed initial defences and actively seeks them out.

This is the core principle of proactive threat detection.

From defence to offence: The role of threat hunting

Proactive threat detection involves a practice known as cyber threat hunting. Instead of waiting for automated security tools to flag a problem, threat hunting is the process of actively searching for cyber threats that are lurking undetected within a network.

Think of it as the difference between a security guard who only responds to alarms and one who actively patrols the premises, looking for anything out of the ordinary.

Threat hunters operate on the assumption that attackers may already be inside. They use their expertise, supported by advanced tools and threat intelligence, to uncover stealthy malicious actors who have slipped past initial defences.

These adversaries can remain hidden for months, quietly gathering data, escalating privileges, and preparing for a larger attack. Threat hunting is crucial for finding them before they succeed.

Adopting a Continuous Threat Exposure Management (CTEM) program

To operationalise proactive detection, organisations are turning to structured approaches like Continuous Threat Exposure Management (CTEM). Gartner defines CTEM as ‘a pragmatic and systemic approach that organisations can use to continually evaluate the accessibility, exposure, and exploitability of their digital and physical assets.’

Instead of just scanning infrastructure for vulnerabilities, a CTEM program aligns its focus with specific threat vectors or business projects.

This allows for a more realistic assessment of risk and helps prioritise remediation efforts where they matter most. It highlights both patchable vulnerabilities and unpatchable threats that require different mitigation strategies.

The potential impact is significant. Gartner predicts that by 2026, organisations that prioritise their security investments based on a CTEM program will experience a two-thirds reduction in breaches.

Security leaders must consistently oversee their hybrid digital environments to quickly identify and effectively prioritise vulnerabilities, strengthening the organisation’s defences against potential attacks.

Don’t forget the shared responsibility model

A common misconception, particularly with the widespread adoption of cloud services, is that the cloud provider handles all aspects of security. This is dangerously incorrect.

The shared responsibility model is a fundamental concept in cloud security that outlines the division of responsibilities between the cloud service provider (CSP) and the customer.

While the CSP is responsible for the security of the cloud (i.e., the underlying infrastructure), the customer is responsible for security in the cloud.

This includes securing your data, applications, access management, and network configurations.

People often assume that because their data is in the cloud, it’s automatically backed up and protected from all threats. It is not.

For example, with Microsoft 365, Microsoft ensures the service is running, but you are responsible for protecting your data from accidental deletion, internal threats, or ransomware attacks.

This is why having a robust, third-party backup and disaster recovery strategy is non-negotiable, even for cloud-based data. It’s a critical component of your proactive defence, ensuring you can recover your data no matter what happens.

Build a proactive defence today

Moving from a reactive to a proactive cybersecurity posture is a strategic shift that requires expertise, the right tools, and a deep understanding of the threat landscape.

Don’t wait for an attack to reveal the gaps in your defence. Take a proactive stance and build a security strategy that is as dynamic and relentless as the threats you face.

Wondering if your leap to cloud was the right move?

There’s a right way of doing things, for all the right reasons.

And then there’s the other way. The kneejerk reaction to significant (and often scary) changes in the financial, business, and social climate. The one that keeps you up at night wondering if you did the right thing by jumping on the cloud transformation bandwagon, just because it was going past, rather than because it was going in the direction you’d already planned to take.

Despite the rush to the cloud prompted by COVID, Deloitte says that “46% of businesses are not quite ready for cloud technology, which means they are not set to maximise the business benefits that cloud can bring.”

While we’re all tired of (and even hate) technology buzz words and phrases like digital transformation, disrupt, pivot, and cloud, they are largely inescapable. And due to COVID (another word we want to put behind us) digital transformation has led most of us to the cloud, ready or not.

Cloudy outcomes

On the whole, moving to or accelerating adoption of cloud technologies has been a good thing. But it’s important to understand the difference between cloud transformation and cloud optimisation – and which part of the journey you are on. Here’s a quick 101 recap:

Cloud transformation is the process of transitioning all or some of your data, apps, and software to the cloud with the aim of becoming more efficient and adaptable, gaining the ability to quickly scale and flex at will, and improve your data security. And of course, it helps you save and manage costs as you wave goodbye to investing in physical infrastructures and on-premises software support and updates.

Then, there’s cloud optimisation.

This is the process of continuously eliminating cloud resource wastage so you’re not overspending. So, you have a strategy to judiciously select, provision, and right-size what goes where in the cloud, and which costly cloud features you consume. To put this in perspective, multiple cloud technology vendors are already reporting that 50-60% of organisations have said that optimising cloud costs is one of their goals for 2022.

A waste of cloud space and budget

When Forbes says that 30% of cloud spending is wasted, you can understand why cloud optimisation is such a hot topic right now with CEOs around the world.

So, what mistakes did so many make that backed them into an overly expensive cloud corner? What can we all learn from the mistakes of others – and ourselves?

  1. Failing to track unused instances. The cost of maintaining aging, or inactive instances in your environment can run up your cloud infrastructure costs, without even offering a ROI.
  2. Letting your instance size get away on you. If your cloud environment doesn’t have right-sized, strategically customised cloud instances, it can blow your budget out of the water.
  3. Saying ‘no’ to a hybrid or multi-cloud strategy. All clouds are not created equal, and some are more cost effective for some uses than others.
  4. Not showing orphans to the door. Orphaned volumes and snapshots of terminated instances, that is. Some cloud providers continue to charge you for keeping them handy.
  5. Expecting your IT team to keep track of everything – manually. Sorry, in this day and age, especially at an enterprise level, this just isn’t feasible. Automation exists for a reason.

Did you do it right to start with?

Now, backing up to one of our original points, did you make the right cloud transformation decisions to start with? Or was it just a matter of expedience hastened by COVID? And what wouldn’t you do again?

  1. Not adopting the right (or any) cloud strategy from the outset. You have several options when moving to the cloud, and they each impact the outcomes you experience. A cloud-first strategy means you put cloud solutions at the top of your shopping list, in preference to non-cloud solutions. Then there’s cloud-only, where you replace everything with cloud solutions regardless of whether, for example, a hybrid strategy which rationalises a balance of cloud and on-premises, makes more sense. Then there’s a cloud-workload strategy which focusses on your goals and existing application/data portfolio and to identify how and where these would be best served in terms of cost and performance). And lastly, a lift and shift strategy where legacy on-premises applications are virtualised and dropped into your cloud.
  2. You just weren’t ready. Ignoring change management and the need for training are dangerous shortcuts to take, as are failing to get top-down support or aligning the project to meet your business processes. Those are three big ‘nos’ in a row.
  3. Assuming you know everything about security. Public cloud breaches have almost all been driven by enterprise customers’ insecure configurations. And Gartner predicts that through to 2025, 99% of cloud security failures will be the fault of the customer’s security team.
  4. Perceiving cloud as a money-saving scheme. When, in fact, its potential for money making through improved productivity, efficiency, and superior analytics is far greater.

The right outcomes stem from the right decisions

While COVID certainly hastened the rush for the cloud, it also forced some businesses into making hasty digital transformation decisions which resulted in a less than stellar payback. This is apparent in the 70-95% failure rate cited by KPMG, McKinsey, BCG, and Bain & Company.

However, it’s reassuring to see Deloitte say that of the organisations surveyed for its Cloud Imperative paper:

  • Around 80% stated that ‘by implementing cloud they were better prepared to address future challenges and organisation needs’ and that ‘cloud enables them to innovate more quickly and frequently’
  • That 70% indicated that cloud allows them to instantly scale up or down.

The key, it seems, is to have a goal, a strategy, and a good dose of common sense. And a partner that knows the ropes.

Are you constantly playing ‘spot the difference’ with your cloud costs?

While the pressure is on for organisations to embrace the myriad benefits and opportunities for transformation and innovation that cloud brings, there’s also an undercurrent of despair. It seems that the much-touted predictability of cloud costs isn’t all it’s been made out to be.

A central failing of most cloud services is that they bill customers for resources that are never used or fully utilised – so costs spiral out of control. Gartner’s report on ‘How to Manage and Optimise Costs of Public Cloud IaaS and PaaS’ estimates that as much as 70% of cloud costs are wasted. (Take a moment to read that again: 70%!).

Many organisations reliant on their cloud infrastructures have learned the hard way to expect the unexpected – on a regular basis. They’re challenged by OPEXs that vary from month to month, unregulated cloud costs delivering surprising price hikes, and the need to scale their requirements up and down constantly.

If those challenges sound familiar, and you count yourself amongst those organisations looking for ways to reduce cloud costs and eliminate waste, you’re not alone.

A sharp new focus on cloud cost optimisation

It’s no surprise that the appetite for transformation using cloud technology continues to grow. The 2022 Cloud Infrastructure Report found that 63% of the IT and business decision-makers (all responsible for significant public cloud infrastructure investments) that they surveyed say that they plan to increase their use of cloud technology.

While many intend to ramp up cloud utilisation, 50% of respondents also called out optimising their cloud costs to improve ROI as a transformational goal for 2022. And 62% plan to focus on and improve cost management capabilities for their cloud infrastructure (which makes it one of the top priorities for decision-makers alongside security, automation, resource inventory, and utilisation).

However, this new determination to address organisational costs comes alongside a drop in confidence in visibility into public cloud costs. Last year, 31% were ‘very’ confident in their visibility. This year it’s dropped to just 21%. And the inability to monitor and optimise their public cloud costs is a major issue for 70% of those surveyed.

While signalling a clear intention to optimise their cloud spend, it’s clearly a struggle for many organisations to make headway. Although 91% use cloud purchase options, such as reserved instances or savings plans, most – and we are talking 68% here – report they aren’t using them effectively. For example, they are finding that committing for a 1- or 3-year period to the discounts promised through reserved instances can be a false economy. What may start by saving money now, may create significant inefficiencies later.

Likewise, spot instances which fire-sale spare computing capacity can offer dramatically lower prices (with discounts up to 90%), but availability can be terminated at short notice. Which isn’t ideal if your workload is critical. Rightsizing is another trap for even the savviest technology or business team and requires constant finetuning – especially in a complex, multi-cloud environment.

So, what are the options to effectively control cloud costs and eliminate waste?

FinOps, and why it’s so hot right now

In this cloud context, FinOps is the acronym for Finance and DevOps. The FinOps Foundation defines FinOps as “an evolving cloud financial management discipline and cultural practice that enables organisations to get maximum business value by helping engineering, finance, technology and business teams to collaborate on data-driven spending decisions.”

FinOps is a worldwide movement rather than a set of proprietary processes. It’s gained considerable traction in its first decade with its rate-optimisation analysis approach to technology, using real-time reporting and just-in-time processes in conjunction with teams working collaboratively.

The desired outcome of investing in a FinOps practice is to promote the cost accountability and business agility needed to control and optimise cloud costs without sacrificing speed or innovation.

So, what – when done well – does FinOps deliver?

A mature FinOps practice will help your organisation to accelerate how quickly you realise value from your investment. So, your ROI is faster. It will drive financial accountability and visibility, meaning you’ll always know how much you’re spending and where. It will provide transparency and granular reporting, enabling your organisation to optimise cloud usage and become cost-efficient.

And because FinOps is a cross-organisation initiative (from finance to product, to engineering and more), it builds trust and collaboration. Lastly, it identifies and controls the dreaded sprawl of uncontrolled (and often unknown) cloud spending.

This quote from the FinOps Foundation sums up successful FinOps outcomes beautifully: “If it seems that FinOps is about saving money, then think again. FinOps is about making money.”

You’re not alone

It must be noted that while 96% of all respondents in the report cited earlier acknowledge that they view FinOps as important to cloud success, in actuality, only 10% have a mature FinOps practice in place. So, there’s still a long way to go.

It doesn’t need to be a solo journey, though. In fact, it shouldn’t be unless you are determined to take your eye off the ball of what your organisation does to stay in business. (And we’d suggest that your future is probably not in cloud optimisation).

For those companies that have already adopted FinOps (whether it’s a work-in-progress or fully-fledged practice), 83% have chosen to leverage the skills, knowledge, abilities, and advanced optimisation technology of their Managed Service Partner (MSP). They look to their MSP to lead, support or collaborate with their internal teams in varying degrees, or in some cases, to manage the FinOps practice in its entirety.

Due to their investment in proven, innovative cost optimisation technology and years of expertise, your MSP can fast-track your FinOps practice’s ability to drive down cloud costs and eliminate overspending and waste – and start talking about a positive ROI.

Announcing the Global Storage Partnership with NetApp

Global Storage are excited to announce their partnership with NetApp Australia Pty. Ltd. The five-year agreement will allow Global Storage to offer Managed Services now in partnership with NetApp using NetApp data management platforms.

“The NetApp partnership will showcase a number of options for storage management to customers wishing to adopt in cloud or on-premise managed services. Primarily we will be focussing on backup, disaster recovery, infrastructure and Office365 managed services, with additional products to follow.”
Gavin Hoffmann, Sales & Marketing Director – Global Storage.

The partnership with NetApp highlights Global Storage’s focus to strengthen its holistic approach to data management and protection. The joint teams will work together to ensure customers have superior options for data management, data protection, analytics, IOT and security.

As customers demand more freedom-of-choice in these areas, and consider the best outcome in terms of cloud, hybrid cloud and on-premise locality, the idea of a universal data management service becomes an ever more important value add to Business and to the protection of business critical data and operations.

NetApp is the data authority for hybrid cloud, providing a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with our partners, we empower global organisations to unleash the full potential of their data to expand customer touch-points, foster greater innovation, and optimise their operations. For more information, visit www.netapp.com. #DataDriven

Get in touch with the Global Storage team now to learn more about how our full suite of data management solutions can help your Business achieve their data management goals.

Data Protection in the Cloud

With the increasing trend of organisations thinking of or currently migrating critical production workloads to the cloud whether it’s a hybrid or public provider model it is still important to look at your data protection, there are the obvious advantages and benefits over the private cloud model and these have been documented numerous times and there is no need to go into detail about them again, but just to refresh a cloud should provide infrastructure, environmental, human resource and software licensing savings; this in turn allows the business to focus strategically on core business services.

The advantages are clear but what other critical requirements are there? Does disaster recovery, business continuity, backup and archiving compliance ring a bell? It is important when an organisation is in the process of choosing a cloud provider that along with providing robust IaaS SLAs that the provider can also provide data protection SLAs.

Has the provider had previous disaster recovery experience? Can it provide your organisation with a clear path during a disaster? Does the provider in fact provide backup, archiving and restore functionality at all? Who maintains the backup, archive and disaster recovery? Is the disaster recovery tested? Cloud providers located at Tier 3 data centres provide numerous N+1 redundancy features but the fact remains there have been two Tier 1 vendor outages in the last 6 months that affected hundreds of customers. So whether you organisation is looking or currently moving towards either a public or hybrid cloud strategy ask the provider about data protection, your data is your business.

Get in touch for a Free, No‑Obligation Consultation

Arrange a chat with our experienced team to discuss your data protection, disaster recovery, cloud or security requirements.

  • Arrange an introductory chat about your requirements
  • Gain a proposal and quote for our services
  • View an interactive demo of our service features

Prefer to call now?
Sales and Support
1300 88 38 25

This field is for validation purposes and should be left unchanged.

By filling out this form you are consenting to our team reaching out to you. You may unsubscribe at any time. Learn more by visiting our Privacy Policy

This field is hidden when viewing the form

© 2021 Global Storage. All rights reserved. Privacy Policy Terms of Service

The Global Storage website is accessible.

Download
Best Practices For Backing Up Microsoft 365

This field is for validation purposes and should be left unchanged.

By filling out this form you are consenting to our team reaching out to you. You may unsubscribe at any time. Learn more by visiting our Privacy Policy

Download
5 Myths About Backing Up Microsoft 365 Debunked

This field is for validation purposes and should be left unchanged.

By filling out this form you are consenting to our team reaching out to you. You may unsubscribe at any time. Learn more by visiting our Privacy Policy