Online Data Protection
Organizations should maintain multiple point-in-time copies of data for uninterrupted operation. Also, for a higher level of online data protection, consider replicating to another location in either real-time (synchronous replication), or very near real time (asynchronous replication).
Unencrypted data is always going to be subject to some level of risk. A recent survey by Enterprise Strategy Group noted that 60 percent of storage professionals said they never encrypt backup tapes and only 7 percent do so routinely. Storage professionals should focus on encrypting any data going outside the company or facility. Also, ensure there is a plan for decryption and the appropriate individuals have access to the encryption keys.
Physical security measures
In addition to encryption, add another layer of security by using shipping boxes that canít be easily opened when transporting backup tapes. Also, determine if unused ports to the network are disabled and lockable racks and cabinets are locked. Consider using a backup product that includes a vault option for keeping track of containers full of media. Also, be particularly careful about securing and encrypting data while itís in transport and keep track of all of the organizationís backup tape with a detailed inventory. Create a plan for finding missing backup tapes.
Lock down process, manage data throughout the lifecycle
Storage professionals should avoid retaining backup tapes longer than necessary. One organization kept data longer than required, leaving information vulnerable and ultimately resulting in a recent security breach. A plan for managing data and information from creation to deletion will ensure that only the information that is needed remains accessible. Information should be analyzed when itís created or received and then assigned an appropriate policy for management and deletion or retention.
In addition to taking the obvious step of not using manufacturersí default passwords for data storage access, organizations should also have a clear plan for changing passwords often and use separate IDs and passwords for each user. Also, storage professionals should ensure that they are choosing the correct storage option for their data. For example, data that does not need to be accessed often can be easily saved on tapes, rather than wasting space on more expensive disk-based storage options.
Access control is another basic security measure that should be in place within any organization. IT should implement granular control of who can access data and the applications that manage data, providing appropriate rights and permissions to various types of data.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.