Security Considerations When Selecting a Backup Solution
Whether you are implementing a tape backup solution, using a cloud backup solution or working with a managed backup company, the following are some security considerations to keep your data safe.
Encryption is a dense topic on its own and the level of encryption required should be determined by each organization. For reference, most industries that need to comply with security and privacy guidelines need to use a backup solution that use asymmetric 256 bit encryption (AES 256 bit encryption)
Data should be encrypted at rest. However, if you plan to use a cloud based solution or backup your data to another location over the internet, data needs to be encrypted during transit.
Data Center Security
If you choose to backup your data offsite in the cloud, the security of the data center where your data will be hosted is important to consider. There are many security controls and it’s impossible to assess the practices of a data center. Service Organization Control (or SOC) compliance is one way to review the security and controls of a data center. Set forth by American Institute of Certified Public Accountants, SOC compliance applies to data centers in the United States.
Physical security considerations apply to any on-premise backups as well as off site backups where secondary copies of your backups are stored. Access to these sites need to be secured and monitored by camera. Furthermore these sites need to be evaluated for risks such as flooding, fire and natural disasters.
If your backup solution is hosted in the cloud or managed by a service provider, ransomware detection services can be helpful to provide an extra added layer of security. While the first line of defense for protecting your organization against ransomware is educating your employees, this added layer of ransomware detection will serve as a good fail safe measure.
Access to backups should be given to a minimum number of individuals and your organization should ensure secure access controls are being used, such as 2 factor authentication (2FA) or multi-factor authentication (MFA).
818 528 5600