How can data availability be compromised?

What is data availability?

Data availability, one of the three pillars of the CIA triad, describes the reliability, accessibility, and timeliness of data. It’s what ensures that authorized users are able to access what they need, when they need it.

Whether data is stored on-premises, in the cloud, or in hybrid-cloud environments that use a mix of on-premises and third-party public cloud services, data availability is essential to maintaining regular operations and business continuity. It’s also central to new technologies like blockchain, as it ensures that transaction data remains accessible and verifiable at all times.

In the United States, two major organizations set data center standards for data availability: the Telecommunications Industry Association (TIA) and the Uptime Institute. The latter offers five tiers to describe varying degrees of redundancy, infrastructure capacity, and minimum uptimes. The gold standard of data availability, 99.999% or “five nines,” equates to a high availability of just over 26 seconds of downtime a month and less than six minutes a year.

Many tools — from data inventories and backups to loss prevention tools — can help organizations maintain high availability. However, with the cost of both ransomware attacks and data center outages rising significantly year-over-year, data availability remains a major challenge.

Below, we’ll dive deeper into the definition of data availability, discuss common threats, and offer a solution to help organizations maintain better data availability in multi-cloud and hybrid-cloud environments.

Is data availability the same as data resilience or redundancy?

Data availability is a cornerstone of data resilience, but the two are not the same thing. Data resilience is a broader concept that comprises not only the on-demand access of data availability but also data redundancy, data integrity, disaster recovery processes, and more.

Similarly, data availability is not the same as data redundancy — although redundancy can help maintain high availability. Redundancy is the duplication of infrastructure components, on-premises systems, cloud storage, etc. in order to ensure that at least one set of data remains available during unexpected events.

IBM recommends a balanced approach to implement data availability and resilience: “Enterprises need to accelerate digital transformation while giving their workforce the flexibility to work on any device from anywhere in the world. In doing so, it is vital to protect the company’s systems, intellectual property and sensitive data—all without interrupting business performance”

What are common threats to data availability?

To understand how data availability can be compromised, it’s important to recognize how much potential there is for disruption in the current digital landscape. From cyberattacks to regular wear and tear, here are just a few of the events that can have a severe impact on critical data:

Cybersecurity attacks, including malware, ransomware, phishing, data theft, data extortion, and more
Extreme weather and environmental events, including storms, wildfires, earthquakes, and excessive temperatures
Outages, including network, data center, cloud provider, and power outages
Server crashes
Excessive age, wear, or defects in systems
Physical storage device failures
Unknown or uncorrected security vulnerabilities
User errors and misconfigurations
And more

Below, we’ll dive into some of the most common threats and explain how they can impact data availability and business continuity.

Ransomware and data availability

We’ve written at length about ransomware and why attacks are on the rise. We’ve also covered how its two-pronged approach can disrupt business operations. So it should be no surprise that ransomware affects data availability, since its modus operandus is to make data unavailable to authorized users via encryption.

What’s less known is that many organizations don’t receive all of their data after they pay the ransom. According to a May 2021 Forbes article, only 8% of ransomware victims got all their data back despite paying the ransom — and a full 29% couldn't recover more than half of their affected data.

This makes ransomware a major threat to data availability, and it makes solutions to mitigate its impact even more crucial.

Cloud provider outages and data availability

Cloud providers generally offer strong data resilience. That said, cloud computing is also highly centralized, with the majority of services being offered by just a handful of major cloud providers. An outage or issue at a single cloud provider can cause significant downtime for many hundreds of organizations using their services.

To give an example: The highly publicized December 2021 Amazon outage affected major corporations ranging from Netflix and Venmo to Tinder and Ticketmaster. Everyday consumers were affected as well, with reports of people being unable to use their Ring doorbells, Roombas, baby monitors, and voice-assisted devices.

Thanks to limitation of liability provisions, cloud providers typically do not pay large damages to customers for these kinds of outages. As the Cloud Security Alliance notes, customers are sometimes entitled to credits for downtime but rarely receive direct compensation for the loss of business they may suffer during that downtime. In other words, your cloud data may be unavailable — but without a solution in place to maintain data availability, there’s not much you can do.

Disasters, environmental threats, and data availability

TDWI, a data science research and IT consulting firm, gives an example of a disastrous March 2021 fire at the OVHcloud data center in Strasbourg, France. According to TDWI, it took OVHcloud (the largest hosting provider in Europe) a full 50 days to restore service to 118,000 of its 120,000 customers affected by the fire.

While the cause of this fire is inconclusive — and while this kind of catastrophic event is rare — disasters do happen. Severe weather events like floods, wildfires, tornadoes, and hurricanes are becoming more common, and they threaten data availability in the form of electrical outages, infrastructure damage, and more.

According to a 2022 analysis by the Uptime Institute, power-related outages accounted for 43% of significant outages this year. Additionally, one in five organizations has reported experiencing a serious or severe outage in the past three years. These outages threaten data availability, resilience, and business continuity.

Third parties and data availability

Third-party providers like MSPs and CDNs (content delivery networks) are an essential part of many companies’ daily operations. However, the more third parties your organization relies on, the more chances there are for an external outage that will affect your business.

Indeed, the Uptime Institute found that “the more workloads that are outsourced to external providers, the more these operators account for high-profile, public outages.” What’s more, the institute revealed, third-party IT providers accounted for a staggering 70% of all outages in 2021.

For example, third-party CDNs — global networks of servers that provide greater reliability and performance for high-traffic websites — can lead to major outages. In June 2021, a configuration error at the infrastructure provider Fastly, which handles 10% of the world’s internet traffic, made major websites inoperable.

Third-party providers are vital to the functioning of our digital world, and many have solid data resilience solutions in place to prevent disruptions. That said, the more complexity there is in a system, the more chances there are for failure.

Protect your data availability with Microshard technology

Through its three-step microsharding process, ShardSecure’s Microshard technology inherently maintains data availability. Our self-healing data means that we can rebuild Microshard containers whenever they’re tampered with, deleted, or lost in an outage — keeping your data accessible to authorized users.

Microshard technology also supports high availability: Each instance of ShardSecure is a virtual cluster that can be run on-premises or in the cloud, and customers can configure two or more virtual clusters for failover. These features mean that companies can mitigate the impact of ransomware, outages, and third-party issues without incurring costly downtime.