Companies also need to make sure that their backup, retention and recovery policies comply with industry standards and government regulations when thinking about the security of their storage. Industry guides such as the International Standards Organization (ISO) 17799 and government regulations such as the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Sarbanes-Oxley Act help provide a framework for improved corporate governance and controls. Accurately written and enforced, information security policies enable organizations to not only demonstrate their adherence with these critical regulations and standards but also articulate their own.
Combine Backups with Other Security Technologies
Companies also should plan beyond back up storage and use preventative measures to ensure systems are safe guarded. This includes the use of antivirus software, firewalls, and intrusion detection software. Intrusion detection, which acts as an alarm system protecting vulnerable data from both internal and external threats is vital because it monitors critical files for tampering and checks network traffic for "attack signatures." If an anomaly is detected, an alarm notifies the administrator for further investigation or action. With intrusion detection, if an attack should occur, companies will have early warning to quarantine the threat and their current backup data, before damage can be done to critical systems. Also, using products and best practices for integration from the same vendor creates continuity planning, resulting in an easily managed comprehensive solution.
Survival in the modern business world requires strong backup and recovery plans. Companies can no longer sit back and wonder if something will happen, but must plan what to do when something does happen. Disaster recovery needs to be addressed immediately before disaster strikes. While disaster recovery is unique to each company and its environment, the guidelines mentioned above can serve as a solid foundation. The only way to make sure companies are protected as much as possible before an attack is to integrate security policies with regular and effective backups of their systems and important data. Additionally, they must have a recovery plan in place. Although creating a plan can appear overwhelming, trying to quickly recover from a disaster is near impossible without one—and that is something no company can afford.