classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory


Securing information
October 2011, Cyber Security

Regardless of the size of your company or the volume of data, paper or video footage you accumulate, it would be irresponsible not to have suitable backup and archiving methodologies in place. Hi-Tech Security Solutions spoke to ContinuitySA, Metrofile and StorVault Africa about the ins and outs of these essential services.

Let us begin by differentiating between data backups and data archiving. Data backups are for disaster recovery or restoring lost or corrupted files. Speed of restoration is crucial. Data archives are for discovery and are used to store data that is no longer in day-to-day use, but must be retained. Here speed is not the issue, but the ability to expedite easy searches is of vital importance.

So the million-dollar question is – can companies backup and archive data on-site or should they move these functions offsite? Two critical factors come to the fore – space considerations and risk mitigation. Office floor space comes at a premium and, since the volume of data increases exponentially with the number of years a business has been in operation, it makes good business sense to outsource your storage needs.

As far as risk mitigation is concerned, are you really equipped to ensure the complete safekeeping of valuable data? Is environmentally sensitive data, documentation and footage stored in a humidity and temperature controlled room at your facilities? Is your building sufficiently secure to ensure complete protection of records and backups?

“Hurricanes, floods, tornadoes, earthquakes and other natural disasters, as well as violent strikes and protests, can threaten the viability of your businesses if you are not prepared. The best way to thwart this is to routinely back-up to an offsite data centre. That data centre should be both adequately remote, professionally managed and certified secure so you are absolutely certain of recovering from a disaster,” said StorVault Africa’s country manager, Derek Friend.

Bob Eedes, GM, information solutions at Metrofile, said that as the volume of data creation has proliferated over the years, so the need to store data offline has become more critical to save space. “There has been an increasing predilection of keeping everything online and backing it up accordingly, on a regular basis. With regard to archiving data, pragmatists would argue that the ideal time to do this would be at the financial year-end so that, from a SARS regulatory perspective, you would have a financial snapshot of the business at that point.”

“If you back up data more frequently, you reduce the amount of potential lost data and allow users to resume business faster. Determining how often you need to do this in order to retain crucial data is referred to as your recovery point objective (RPO). It makes sense to consider a solution that automates backups according to the schedule you require,” said Friend.

Friend suggests sorting data into three categories. “The first is important data, but you will be satisfied if it takes longer than 48 hours to recover it. The second category is data you will definitely need within 25 to 48 hours. Third is data you need in less than 24 hours. This is referred to as the time to return-to-operations (RTO).”

What is your core business?

“Keeping your business successful means doing more with less. Your priorities are sales and service, not the details of data management. This means you may want to outsource functions, such as data protection and management, which do not directly add value to your business,” said Friend.

“However, if you hand over management of your data protection to a local consultant, ensure he has the tools to set up, monitor and administer everything about your data backup and recovery from his remote location,” he cautioned.

Eedes agreed that often data storage becomes an inefficient management function within an organisation. “It is often delegated to a low level employee who is situated in the lowest level of the building (often the basement). This employee generally is unaware of the critical nature of the data and is oftentimes unable to administer correct procedures for safe storage and easy retrieval. This is where offsite storage comes into its own. With predetermined retention period protocols in place, your consultant will automatically inform you when this retention period is due to expire and discuss the various options open to you at that point. These could include extending the retention period or destroying the data.”

How long is long enough?

Justin Lord is the GM for hosting services at ContinuitySA, a company that works closely with clients to ensure the protection of critical data through suitable storage methodologies. “We discuss the logistics around retention policies and all video footage is stored on hard disks for a period of 60 to 90 days. If there is an incident, this provides a large enough timeframe for data retrieval. The client can then choose to backup this data to tape and we can then store it for a period of 12 to 24 months. However, financial institutions require data and footage to be retained for periods of seven to 14 years.”

Justin Lord
Justin Lord

Eedes said that in South Africa we have a mix of First World and Third World practices. “Therefore, while much of the data can be stored electronically by scanning it to disk or automatic transfer in the case of electronic data, there will still be a need for the storage of paper records in the foreseeable future.”

How does it work?

Eedes explained that one of the options available for backing-up electronic data is to send it online to a storage platform where, when transmitted, it is encrypted and undergoes, for example, delta blocking to reduce its physical size. “This is part of the technology that ensures that the offsite data is a complete and accurate copy of the original.”

Eedes said that video footage can be stored on an external hard drive and collected for secure off-site storage on a rotational basis. “At the end of this period the external hard drive will be delivered to the client to continue the backup cycle, as required. By taking responsibility for the collection and delivery away from the client, the client is free to continue with their core business functions. A positive spin-off is that this scheduled cycle instils discipline in the client environment and when the client is aware that rotation is about to take place, he is prompted to ensure that backups are completed and up to date which further reduces the risk of losing crucial data.”

Due diligence

Eedes said that governance issues such as the King III Report and the Companies Act need to be considered when storing data. “These outline the duties of the responsible officers regarding due diligence in ensuring records are accessible to the right (read ‘restricted’) people and are kept in an appropriate environment.” Friend said that it is important to ensure that your backups are secure and comply with regulations like end-to-end encryption and that the data centres are suitably certified. “Look for a solution that encrypts your data during transmission and in storage. Get a vendor who moves your backups to an offsite data centre that is SAS 70 Level II certified. If you need to comply with regulations such as SOX, GLBA, or HIPPA – and who does not anymore – make sure the vendor you select helps you conform to your industry-specific requirements.”

Apart from the obvious risk mitigation of data subjected to disastrous conditions or the loss of data due to IT systems crashing, and the desirable reduction in physical storage footprint, one should also consider the time and money saved in the medium to long term by storing data offsite with a reputable company. “If you consider that the average employee spends 30% of their time looking for information, does it not make good financial sense to consider placing your critical data in the hands of people who specialise in data risk mitigation?” Eedes concluded.


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Securing your security systems
    May 2016, CCTV, Surveillance & Remote Monitoring, Cyber Security
    Today’s cyber criminals are easily able to exploit unprotected surveillance cameras and other hardware to break into an organisation’s network.
  • Is your CCTV system secure from cyber attack?
    May 2016, CCTV, Surveillance & Remote Monitoring, Cyber Security, This Week's Editor's Pick
    Visual surveillance is more integral to society than ever before, helping organisations to safeguard their most valuable assets. However, the DVR systems traditionally employed in CCTV networks can make those very organisations vulnerable.
  • Cyber threats faced by the financial sector
    May 2016, This Week's Editor's Pick, Cyber Security
    MWR’s research has uncovered six different types of threat actor, each with their own methods, context and incentives, but all similar.
  • Hook, line and sinker
    May 2016, Galix Networking, This Week's Editor's Pick, Cyber Security
    If whaling is the new phishing, here’s how to protect your organisation’s big phish.
  • Taking risk out of the payments channel
    May 2016, Cyber Security
    Online security breaches are becoming the order of the day and such incidences are set to rise as the economy comes under increasing pressure.
  • When advertising becomes dangerous
    May 2016, This Week's Editor's Pick, Cyber Security
    “Leveraging an attack through a supplier proves an easier path to success than a direct attack on the intended victim.”
  • Surviving in the IoT world
    May 2016, Cyber Security
    Taking a random selection of the latest Internet-of-Things (IoT) products, Kaspersky Lab researchers have discovered serious threats to the connected home.
  • Privacy and visitor management
    April 2016, Impro Technologies, Ideco Biometrics, iPulse Systems, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security, Integrated Solutions, IT infrastructure in security
    The right to privacy and the guarantee thereof is becoming more important in visitor management, and penalties for neglecting this issue will soon be enforceable.
  • Digitally transforming identity ­relationships
    April 2016, This Week's Editor's Pick, Access Control & Identity Management, Cyber Security
    A reliable digital identity determines the success of corporate digital transformation projects.
  • Fortinet strengthens African presence
    April 2016, News, Cyber Security
    Fortinet has further invested in the African market through the appointments of three new members.
  • Integrated security key
    April 2016, This Week's Editor's Pick, Cyber Security
    South African companies need to automate and integrate their IT security solutions to meet increasingly sophisticated threats, writes Intel Security’s Trevor Coetzee.
  • Why your cloud app should be SAML-enabled
    April 2016, Cyber Security
    David Meyer, VP of product at OneLogin discusses the benefits of SAML (Security Assertion Markup Language).

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.