It is critical that your organisation protects its data, both in flight and at rest. You have probably implemented data protection measures – such as firewalls and antivirus – to protect your live system data. But what about your data backup security? Could this be a back door for cybercriminals to access your confidential, business critical data?
We’re going to start this blog with a strange question: do you know how many toner cartridges you have, and where they are stored? Most organisations will know this information, as it will be tracked on some form of stock control system or spreadsheet. The toner cartridges are probably stored in a locked store room.
Okay, so next question: how do you get access to the toner cartridges?
For many organisations, the standard process involves making a request to the IT team or office manager. They will get the toner cartridge from the (locked) store room or cupboard. They will then update their spreadsheet or stock control system to note that a toner cartridge has been used.
Now ask yourself where all the company data that you backup is stored.
For many, the answer will be ‘on backup tapes’. This leads us to the next important questions: where do you store your backup media? What data backup security is in place? And do you know who has accessed the data that you backup?
IT solutions for Data Loss Prevention (DLP) typically focus on protecting company data from leaking. This can be through direct external links, such as email and firewalls, or through the protection and encryption of data on mobile and other roaming devices. However, backup data is seen as one of the most vulnerable forms of data storage.
Do you know where all of your backup media is located?
For many organisations, the answer is typically that the tapes are stored in a box near the servers (which may or may not be in a secure location). Someone often takes the tapes off-site (at home or in the car boot) to protect against something happening to the building.
Do you track the location of every tape for its entire lifecycle?
Where is last month’s backup tape? How about last year’s? If you can’t locate and track all of your backup media until its destruction, then you potentially have a situation where your data backup security is not sufficient. You may be exposing your company data (which likely includes confidential and personal data) to loss or theft.
If data on a backup tape is a year or more old, it can still be damaging to your company if lost. If you hold confidential or personal information on individuals (which includes your staff members), you have a legal obligation under the Data Protection Act to ensure that this data is protected from falling into unauthorised hands.
There have been a number of data loss incidents related to backups that have occurred recently, affecting some high profile organisations: –
What can you do if your toner cartridge is more secure than your company data? Cloud-based backup services like the AssureStor backup2cloud platform deliver some key advantages when you need to ensure your data backup security.
The backup2cloud platform, powered by Asigra, delivers security and deep audit capabilities. These allow you to have confidence that your data is stored securely and restricted so that only you can access it, and you can also track and report on all data access requests from the backup platform.
Utilising in-flight and at-rest military grade encryption, along with guarantees that data is always stored within highly secure Tier III+ data centres, the backup2cloud platform delivers a solution that reduces your risk of data leakage and complements your Data Loss Prevention strategies.
And with the inclusion of Asigra’s Backup Lifecycle Management (BLM), AssureStor can deliver tiered backup storage that drives down your backup and archive costs whilst delivering audited destruction of your data at the end of its life.
If you would like more information on how AssureStor’s backup2cloud platform provides data backup security, please contact us for a free, no obligation review of your backup and recovery needs.