The allure of online backup isn’t difficult to see: easy, convenient and seemingly effortless, online backup also appears to add an extra layer of security to your data. It’s no wonder so many organisations are climbing atop the online backup bandwagon. But before you settle on online backup as the miracle answer to all your organisation’s data security concerns, it pays to tread carefully and make note of the very real vulnerabilities and questions associated with online backup. Here we examine the top seven data security concerns and questions organisations must grapple with today to ensure data security.
[ Cloud Services are becoming an integral part of daily operations for Small and Medium Sized Enterprises (SMEs). The Mobile & Remote Working in 2011 white paper outlines some of the ways that successful SMEs are using cloud-based services and business tools to their advantage to drive their business forward.]
Backing up what matters
The near-invisibility and seamlessness of the online backup process can make it difficult to see whether you’re backing up all that matters. Is every critical file getting backed up? Does the online backup service support Macintosh and Linux systems, and does it back up everything, including the OS? And how will a server failure affect business continuity and recovery time?
Not having enough space online to store all critical data can lead to business, and even disaster recovery, issues. Organisations must be willing to think and plan ahead to ensure they secure sufficient online backup space.
False sense of security
Online backup can lull you into a false sense of security. In truth, there are several scenarios where a scheduled online backup fails to materialise: backup services that can’t handle open files, uncompleted backups due to system shut downs or reboots, and dropped Internet connections that interrupt the backup process. It’s important to plan for these interruptions and make sure that data is still being backed up no matter what.
[ To stay secure in 2011 and beyond, it’s vital that we understand how threats worked in 2010. The 2011 Security Threat Report by Sophos identifies the threats, the way they work, and provides insight into the tools and techniques available to protect your systems and data. ]
Backing up multiple systems is bound to present bandwidth issues. The initial full backup phase in particular can present a singular challenge: will the process prevent employees from getting work done, or customers from reaching your online presence? What about local resource requirements? Will file compression take place before data is uploaded?
Online data retention
What happens when backup data is removed from the online provider? Is it actually removed, or is there the possibility of future data retention and e-discovery liabilities? These questions are best asked before the adoption of a new online backup service.
Is data automatically encrypted once uploaded? Most of the time, this is not a huge concern, and security risks only come into play if you are to forget your online backup password. Another matter is securing data in transit. Is the data encrypted during transit? Although generally not a high priority issue, it’s important to find out whether there is the possibility of a loophole in the service provider’s process that allows data to be backed up over unsecure channels.
Web interface security
This should be a major focal point for all organisations striving for data security. How secure is the security of the Web interface used to manage online backups? Common issues include weak login mechanisms such as inadequate password requirements, accounts that don’t lock after a number of failed attempts and easily-manipulated URLS. Firewalls, SSL and passwords should not be the sole features of today’s Web interface security.