![]() ![]() ![]() Make sure physical access is carefully regulated and facilities are secured appropriately. Evaluate and track security aspects of any off site location or service used to store backups.Institute a tracking and chain of custody system for backup media to ensure you’re always aware of its location and any media that should be destroyed.Make more than one copy of your backup data and assign different staff to perform and manage each backup. #DATA BACKUP BEST PRACTICES SOFTWARE#Keep track of known backup software security flaws and updates.Make sure backup configuration files are only accessible to authorized users. Ensure that sensitive data can only be accessed by those who absolutely need it, and that they have the trust and authority to do so. Make sure your backup software offers lots of granularity in assigning administrator roles, so one administrator does not have access to all your data.Encryption can affect performance and backup volume, which is why you want to encrypt only the data that needs it and why it’s important to perform Step 2. Encrypt sensitive backup data in transit and at rest to prevent prying eyes in the event of man in the middle attacks or media theft.You don’t want a thief setting up a rogue backup server and initiating his or her own backup. Make sure you set up your backup software so the backup client and server authenticate each other before a backup is performed.Some data might need a lot of protection and have compliance implications while other data is public anyway and doesn’t need much security. Run a comprehensive risk analysis of the data you back up regularly to determine its sensitivity and appropriate measures to protect it.Examine every step for vulnerabilities and remedies. Perform a security risk assessment of your entire backup process.Here are some important security best practices to consider when crafting a backup strategy. For the storage folks, the focus is likely to be on convenience and speedy recovery, perhaps sometimes at the expense of security. That’s why your organization should make sure that its security professionals, not just the storage folks, are involved in crafting and monitoring backup strategies and procedures. Threats can also come from unregulated personal backups, including the use of personal file storage services. Threats are not just about data theft, but inattention to proper procedures, and intentional destruction of backup media and data that suddenly become critical in the event of a disaster. Threats to backups come from external hackers, company insiders, loss or theft of backup data and media in transit, and the employees of services you entrust your backup data and media to. In early April, for example, Emory Healthcare in Atlanta lost the personal information of 315,000 patients when it discovered that 10 backup discs were missing. Network and mobile data breaches get much of the publicity today, but there’s another less publicized avenue susceptible to both insider and outsider attacks: backup. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |