How to Strengthen the Security of Your Business Backups
by Andrew Mullen on December 23, 2016
These days every IT manager or CIO understands the importance of data backups. Whether it's a ransomware attack from criminal hackers, or a natural disaster such as a fire or flood, the threats to a company's vital information have become too apparent to ignore. So most businesses, large and small, are taking steps to ensure that important data can be recovered if it is somehow compromised.
Yet, what many of those otherwise diligent managers fail to consider is that those very backups can be a source of vulnerability if they are not handled correctly. That's especially true when a company's data is dispersed among several branch offices, each of which has its own backup system. Every location where data is stored or backed up represents an additional potential entry point for malicious intruders seeking unauthorized access to sensitive information. What's more, since many of those local backups are being stored on-premises, a single natural or man-made disaster could wipe out both the original and the backup at the same time.
That's why consolidating your company's backup operations in the cloud, rather than allowing them to be done at branch sites, should be an important part of your data security strategy. In fact, most enterprise backup best practices can be handled much more safely and securely when data is consolidated in the cloud.
To see why let's look at some of the issues that must be addressed when formulating a secure backup strategy.
Physical access to backup servers and storage
The first line of defense against having critical data compromised is to control access to the locations where it is physically stored. In branch locations this is often a room or office that houses a single server through which all backups are controlled. There are many recorded instances in which sensitive information has simply walked out the door of such facilities on a thumb drive or compact disk..
Yet at many branch sites, little attention is paid to limiting physical access to servers and attached storage units. In many instances, any employee can come, without being challenged, into the locations where such equipment is housed.
But when data is consolidated in a cloud-based datacenter that is dedicated to that purpose, stringent access controls will be enforced, so that physical entry by unauthorized individuals is much more difficult.
Security of Backup Media
If some of your company's data is being stored and backed up in branch facilities, are you confident that you know where all your backup media are? Perhaps most backup files are on a disk array attached to a local server. But could it be that some important data is backed up only to a thumb drive sitting in some employee's desk drawer, or that they lost last week in the airport? Or maybe it's on CD-ROMs stored on a shelf in the same informal datacenter as the server, where a fire or flood could wipe out both the originals and the backups at the same time.
In contrast, when all a company's data is consolidated in the cloud, all storage media, wherever located, will be physically protected and managed as a single resource by sophisticated software. Backups can (and should) be regularly tested to insure completeness and recoverability, and storage units that fail can be seamlessly replaced.
In many remote facilities, data backups are carried out using the local area network that connects the branch's servers, workstations, and data storage resources. And in today's BYOD (Bring Your Own Device) environment, the branch's network may also allow WiFi access by smart phones and other mobile devices. Yet in many cases these in-house LANs are not adequately secured: data travels around the net in the clear, without any kind of encryption.
Such networks are vulnerable to intrusion, whether by hackers who gain access through social engineering schemes such as phishing, or who perhaps sit in a car in the branch's parking lot sniffing out WiFi access codes.
On the other hand, when your data is consolidated and controlled by a good managed cloud services provider, top-tier security protocols will be applied to every phase of the backup and recovery process. Sophisticated authentication procedures will be used to restrict access only to authorized users. And the data itself will always be encrypted, both while it is in transit to and from the cloud, and while it is resident in storage.
When data storage and backup is handled by branch offices, every site must have one or more individuals with full data access privileges to handle local issues as they arise. This might include system administrators, engineering staff who require total system access for maintenance tasks, or even help desk workers who must have extensive data access privileges to allow them to assist other employees with backing up and recovering their data.
That means that across the enterprise there may be dozens of individuals who have full access to all of the organization's sensitive information, and who can initiate backup and recovery actions from and to any devices on the network.
But when storage and backup are consolidated in the cloud, only a single set of well-vetted staff members need to have such wide-ranging access. Moreover, by the very nature of their business, a good cloud storage services provider will have a level of expertise regarding user authentication that is far beyond what a part-time branch office IT administrator can be expected to demonstrate.
But this is an area where the major responsibility for insuring that only authorized individuals can access your data remains with you. You'll need to ensure that data security best practices, such as least-privileged user accounts, role-based access control, granular account control, and regular password and access rights reviews are in place and enforced.
Insuring the security of your business backups is not a trivial task. But it's a lot easier when you need only deal with a single virtualized set of consolidated data, rather than with a number of different backup strategies and implementations scattered among company sites around the world. If you'd like to know more about what your organization can do to make its data backups as secure as possible, please download the Talon FAST™ data sheet.