Data backups are an essential element of storage security, but they are often the source of security grief. A large percentage of security breaches can be attributed to the mishandling of data backups. If you review the Privacy Rights Clearinghouse’s Chronology of Data Breaches, you will spot many incidents that were caused by the lack of adequate data backup controls. In fact, millions of records were compromised in 2008 in backup-related errors. Of course, those were only the ones that were discovered. It is likely that others exist. Intellectual property losses were equally abundant.
The following ten measures will help to run your data backups more efficiently and securely.
- Ensure your security policies include backup-related systems within their scope.
- Verify that your data backup systems are covered in your disaster recovery plans.
- Assign backup software access rights only to those who have a business need to be involved in the backup process.
- Store your backup media in a secure location, offsite or at least in another building.
- Whatever way you choose to control access to your backups, be sure to control access to the room/car/house in which the backups are stored.
- Use a fireproof and media-rated safe. Many people store their backups in a “fireproof” safe, but typically one that’s only rated for paper storage.
- Find out the security measures that your off-site storage vendors, data center providers and courier services are taking to ensure that your backups remain safe in their hands.
- Password-protect your backups.
- Encrypt your backups if your software and hardware support it.
- Test your backups on a regular basis.
It is always worthwhile to investigate where your data might be vulnerable, even if you think it is not. Chances are good that a few steps have been overlooked. If you cannot see the gaps, but believe they are still there, it may be a good idea to hire an unbiased third party to help you close them. Like most things in life, simple steps can protect us from experiencing great loss.
Companies have gone out of business because their backup scheme was poorly designed.