Hi-Tech Security Solutions Hi-Tech Security Solutions
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
   
 




















 

Securing information
October 2011, Information Security

Regardless of the size of your company or the volume of data, paper or video footage you accumulate, it would be irresponsible not to have suitable backup and archiving methodologies in place. Hi-Tech Security Solutions spoke to ContinuitySA, Metrofile and StorVault Africa about the ins and outs of these essential services.

Let us begin by differentiating between data backups and data archiving. Data backups are for disaster recovery or restoring lost or corrupted files. Speed of restoration is crucial. Data archives are for discovery and are used to store data that is no longer in day-to-day use, but must be retained. Here speed is not the issue, but the ability to expedite easy searches is of vital importance.

So the million-dollar question is – can companies backup and archive data on-site or should they move these functions offsite? Two critical factors come to the fore – space considerations and risk mitigation. Office floor space comes at a premium and, since the volume of data increases exponentially with the number of years a business has been in operation, it makes good business sense to outsource your storage needs.

As far as risk mitigation is concerned, are you really equipped to ensure the complete safekeeping of valuable data? Is environmentally sensitive data, documentation and footage stored in a humidity and temperature controlled room at your facilities? Is your building sufficiently secure to ensure complete protection of records and backups?

“Hurricanes, floods, tornadoes, earthquakes and other natural disasters, as well as violent strikes and protests, can threaten the viability of your businesses if you are not prepared. The best way to thwart this is to routinely back-up to an offsite data centre. That data centre should be both adequately remote, professionally managed and certified secure so you are absolutely certain of recovering from a disaster,” said StorVault Africa’s country manager, Derek Friend.

Bob Eedes, GM, information solutions at Metrofile, said that as the volume of data creation has proliferated over the years, so the need to store data offline has become more critical to save space. “There has been an increasing predilection of keeping everything online and backing it up accordingly, on a regular basis. With regard to archiving data, pragmatists would argue that the ideal time to do this would be at the financial year-end so that, from a SARS regulatory perspective, you would have a financial snapshot of the business at that point.”

“If you back up data more frequently, you reduce the amount of potential lost data and allow users to resume business faster. Determining how often you need to do this in order to retain crucial data is referred to as your recovery point objective (RPO). It makes sense to consider a solution that automates backups according to the schedule you require,” said Friend.

Friend suggests sorting data into three categories. “The first is important data, but you will be satisfied if it takes longer than 48 hours to recover it. The second category is data you will definitely need within 25 to 48 hours. Third is data you need in less than 24 hours. This is referred to as the time to return-to-operations (RTO).”

What is your core business?

“Keeping your business successful means doing more with less. Your priorities are sales and service, not the details of data management. This means you may want to outsource functions, such as data protection and management, which do not directly add value to your business,” said Friend.

“However, if you hand over management of your data protection to a local consultant, ensure he has the tools to set up, monitor and administer everything about your data backup and recovery from his remote location,” he cautioned.

Eedes agreed that often data storage becomes an inefficient management function within an organisation. “It is often delegated to a low level employee who is situated in the lowest level of the building (often the basement). This employee generally is unaware of the critical nature of the data and is oftentimes unable to administer correct procedures for safe storage and easy retrieval. This is where offsite storage comes into its own. With predetermined retention period protocols in place, your consultant will automatically inform you when this retention period is due to expire and discuss the various options open to you at that point. These could include extending the retention period or destroying the data.”

How long is long enough?

Justin Lord is the GM for hosting services at ContinuitySA, a company that works closely with clients to ensure the protection of critical data through suitable storage methodologies. “We discuss the logistics around retention policies and all video footage is stored on hard disks for a period of 60 to 90 days. If there is an incident, this provides a large enough timeframe for data retrieval. The client can then choose to backup this data to tape and we can then store it for a period of 12 to 24 months. However, financial institutions require data and footage to be retained for periods of seven to 14 years.”

Justin Lord
Justin Lord

Eedes said that in South Africa we have a mix of First World and Third World practices. “Therefore, while much of the data can be stored electronically by scanning it to disk or automatic transfer in the case of electronic data, there will still be a need for the storage of paper records in the foreseeable future.”

How does it work?

Eedes explained that one of the options available for backing-up electronic data is to send it online to a storage platform where, when transmitted, it is encrypted and undergoes, for example, delta blocking to reduce its physical size. “This is part of the technology that ensures that the offsite data is a complete and accurate copy of the original.”

Eedes said that video footage can be stored on an external hard drive and collected for secure off-site storage on a rotational basis. “At the end of this period the external hard drive will be delivered to the client to continue the backup cycle, as required. By taking responsibility for the collection and delivery away from the client, the client is free to continue with their core business functions. A positive spin-off is that this scheduled cycle instils discipline in the client environment and when the client is aware that rotation is about to take place, he is prompted to ensure that backups are completed and up to date which further reduces the risk of losing crucial data.”

Due diligence

Eedes said that governance issues such as the King III Report and the Companies Act need to be considered when storing data. “These outline the duties of the responsible officers regarding due diligence in ensuring records are accessible to the right (read ‘restricted’) people and are kept in an appropriate environment.” Friend said that it is important to ensure that your backups are secure and comply with regulations like end-to-end encryption and that the data centres are suitably certified. “Look for a solution that encrypts your data during transmission and in storage. Get a vendor who moves your backups to an offsite data centre that is SAS 70 Level II certified. If you need to comply with regulations such as SOX, GLBA, or HIPPA – and who does not anymore – make sure the vendor you select helps you conform to your industry-specific requirements.”

Apart from the obvious risk mitigation of data subjected to disastrous conditions or the loss of data due to IT systems crashing, and the desirable reduction in physical storage footprint, one should also consider the time and money saved in the medium to long term by storing data offsite with a reputable company. “If you consider that the average employee spends 30% of their time looking for information, does it not make good financial sense to consider placing your critical data in the hands of people who specialise in data risk mitigation?” Eedes concluded.


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Keeping data secure
    April 2014, Securicom IT Solutions, Information Security
    With the ongoing trend to move data offsite on mobile devices, can we truly find ways of ensuring that this data is secure from prying hands and eyes? And is data security for mobile devices different from that for supposedly office- or home-bound data?
  • Mobile security from the cloud
    April 2014, Information Security
    Despite the widely publicised losses resulting from targeted attacks, many SMBs have not taken action to address mobile device security. Research Now found that fewer than half of the enterprises surveyed had implemented a security solution.
  • Cybersecurity in The Surveillance Age
    April 2014, Information Security
    Strong encryption guards against data integrity compromises, which are typically treated by network engineers or mobile security experts as hostile and untrustworthy.
  • New Titanium Backup Appliance
    April 2014, Information Security
    Attix5, a data protection software and cloud solution provider, has announced the release of the Titanium Appliance, a complete onsite backup and recovery solution preinstalled with Attix5 software.
  • Protecting critical data
    April 2014, Information Security
    Quartile Capital ensures sensitive client information is encrypted and secured, by unifying data protection and backup across physical and virtual environments.
  • POPI is here: start getting compliant
    April 2014, Securicom IT Solutions, Information Security
    E-mail security, archiving, and data loss prevention should be high on the agenda for South African companies in 2014 with PoPI around the corner.
  • Over the NSA spying hype? Don’t be
    April 2014, Information Security
    Hybrid cloud solutions – a mix of the best services provided by an outside environment and an internal infrastructure – are the latest buzzword. But even as they are touted as a ‘best of both worlds’ solution, they come with their own concerns.
  • What’s inside Pandora’s box?
    April 2014, iFacts, Information Security
    Cybercrime doesn’t just happen to large corporations. Small businesses are increasingly becoming prey for hackers, espionage, online fraud and social engineering. It is a growing and pervasive plague across the world.
  • Keep control over your data
    March 2014, Information Security
    Safesync provides enhanced data protection features such as DLP, persistent file encryption and document tagging, and is touted as a secure alternative to cloud based file sharing solutions such as DropBox.
  • Costly content at risk
    March 2014, Information Security
    The average cost of multimedia files that a user might lose from a device as a result of a cyber attack or other damage is estimated at $418, according to a Consumer Security Risks Survey, conducted by B2B International and Kaspersky Lab.
  • Don’t be a hostage to ransomware
    February 2014, Information Security
    Latest-generation ransomware can permanently encrypt business files, unless you pay to free them. Doros Hadjizenonos, sales manager at Check Point South Africa, takes a look at how ransomware is on the rise, and how firms can defend their data against being taken hostage.
  • TSB Sugar RSA feeling sweet
    February 2014, Information Security
    Kaspersky Lab has signed a three-year deal with TSB Sugar RSA to protect 1200 endpoints with Kaspersky Endpoint Security for Business.

 
 
 
Search...
Hi-Tech Security Solutions Business Directory


         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.