classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory

Securing information
October 2011, Information Security

Regardless of the size of your company or the volume of data, paper or video footage you accumulate, it would be irresponsible not to have suitable backup and archiving methodologies in place. Hi-Tech Security Solutions spoke to ContinuitySA, Metrofile and StorVault Africa about the ins and outs of these essential services.

Let us begin by differentiating between data backups and data archiving. Data backups are for disaster recovery or restoring lost or corrupted files. Speed of restoration is crucial. Data archives are for discovery and are used to store data that is no longer in day-to-day use, but must be retained. Here speed is not the issue, but the ability to expedite easy searches is of vital importance.

So the million-dollar question is – can companies backup and archive data on-site or should they move these functions offsite? Two critical factors come to the fore – space considerations and risk mitigation. Office floor space comes at a premium and, since the volume of data increases exponentially with the number of years a business has been in operation, it makes good business sense to outsource your storage needs.

As far as risk mitigation is concerned, are you really equipped to ensure the complete safekeeping of valuable data? Is environmentally sensitive data, documentation and footage stored in a humidity and temperature controlled room at your facilities? Is your building sufficiently secure to ensure complete protection of records and backups?

“Hurricanes, floods, tornadoes, earthquakes and other natural disasters, as well as violent strikes and protests, can threaten the viability of your businesses if you are not prepared. The best way to thwart this is to routinely back-up to an offsite data centre. That data centre should be both adequately remote, professionally managed and certified secure so you are absolutely certain of recovering from a disaster,” said StorVault Africa’s country manager, Derek Friend.

Bob Eedes, GM, information solutions at Metrofile, said that as the volume of data creation has proliferated over the years, so the need to store data offline has become more critical to save space. “There has been an increasing predilection of keeping everything online and backing it up accordingly, on a regular basis. With regard to archiving data, pragmatists would argue that the ideal time to do this would be at the financial year-end so that, from a SARS regulatory perspective, you would have a financial snapshot of the business at that point.”

“If you back up data more frequently, you reduce the amount of potential lost data and allow users to resume business faster. Determining how often you need to do this in order to retain crucial data is referred to as your recovery point objective (RPO). It makes sense to consider a solution that automates backups according to the schedule you require,” said Friend.

Friend suggests sorting data into three categories. “The first is important data, but you will be satisfied if it takes longer than 48 hours to recover it. The second category is data you will definitely need within 25 to 48 hours. Third is data you need in less than 24 hours. This is referred to as the time to return-to-operations (RTO).”

What is your core business?

“Keeping your business successful means doing more with less. Your priorities are sales and service, not the details of data management. This means you may want to outsource functions, such as data protection and management, which do not directly add value to your business,” said Friend.

“However, if you hand over management of your data protection to a local consultant, ensure he has the tools to set up, monitor and administer everything about your data backup and recovery from his remote location,” he cautioned.

Eedes agreed that often data storage becomes an inefficient management function within an organisation. “It is often delegated to a low level employee who is situated in the lowest level of the building (often the basement). This employee generally is unaware of the critical nature of the data and is oftentimes unable to administer correct procedures for safe storage and easy retrieval. This is where offsite storage comes into its own. With predetermined retention period protocols in place, your consultant will automatically inform you when this retention period is due to expire and discuss the various options open to you at that point. These could include extending the retention period or destroying the data.”

How long is long enough?

Justin Lord is the GM for hosting services at ContinuitySA, a company that works closely with clients to ensure the protection of critical data through suitable storage methodologies. “We discuss the logistics around retention policies and all video footage is stored on hard disks for a period of 60 to 90 days. If there is an incident, this provides a large enough timeframe for data retrieval. The client can then choose to backup this data to tape and we can then store it for a period of 12 to 24 months. However, financial institutions require data and footage to be retained for periods of seven to 14 years.”

Justin Lord
Justin Lord

Eedes said that in South Africa we have a mix of First World and Third World practices. “Therefore, while much of the data can be stored electronically by scanning it to disk or automatic transfer in the case of electronic data, there will still be a need for the storage of paper records in the foreseeable future.”

How does it work?

Eedes explained that one of the options available for backing-up electronic data is to send it online to a storage platform where, when transmitted, it is encrypted and undergoes, for example, delta blocking to reduce its physical size. “This is part of the technology that ensures that the offsite data is a complete and accurate copy of the original.”

Eedes said that video footage can be stored on an external hard drive and collected for secure off-site storage on a rotational basis. “At the end of this period the external hard drive will be delivered to the client to continue the backup cycle, as required. By taking responsibility for the collection and delivery away from the client, the client is free to continue with their core business functions. A positive spin-off is that this scheduled cycle instils discipline in the client environment and when the client is aware that rotation is about to take place, he is prompted to ensure that backups are completed and up to date which further reduces the risk of losing crucial data.”

Due diligence

Eedes said that governance issues such as the King III Report and the Companies Act need to be considered when storing data. “These outline the duties of the responsible officers regarding due diligence in ensuring records are accessible to the right (read ‘restricted’) people and are kept in an appropriate environment.” Friend said that it is important to ensure that your backups are secure and comply with regulations like end-to-end encryption and that the data centres are suitably certified. “Look for a solution that encrypts your data during transmission and in storage. Get a vendor who moves your backups to an offsite data centre that is SAS 70 Level II certified. If you need to comply with regulations such as SOX, GLBA, or HIPPA – and who does not anymore – make sure the vendor you select helps you conform to your industry-specific requirements.”

Apart from the obvious risk mitigation of data subjected to disastrous conditions or the loss of data due to IT systems crashing, and the desirable reduction in physical storage footprint, one should also consider the time and money saved in the medium to long term by storing data offsite with a reputable company. “If you consider that the average employee spends 30% of their time looking for information, does it not make good financial sense to consider placing your critical data in the hands of people who specialise in data risk mitigation?” Eedes concluded.

  Share via Twitter   Share via LinkedIn      

Further reading:

  • Protecting the Wiegand protocol from attack
    November 2015, Access Control & Identity Management, Information Security
    In these attacks, a credential’s identifier is cloned, or captured, and is then retransmitted via a small electronic device to grant unauthorised access to an office or other facility.
  • Leveraging ERP investment with WFM
    November 2015, AWM360 Data Systems, Access Control & Identity Management, Information Security
    Many companies have an enterprise resource planning (ERP) system in place but fail to leverage its potential for saving them manpower costs and boosting produc­tivity.
  • The new security perimeter
    November 2015, Access Control & Identity Management, Information Security
    CA Southern Africa’s Security B.U. manager, Michael Horn, expands on the new security perimeter and how ID and access management ensure the business environment is protected against outside intruders.
  • Managing identities across the ­organisation
    November 2015, Access Control & Identity Management, Information Security
    Identity management (IDM) is essentially the management and administration of individual identities within a system, such as a business or a network.
  • Five reasons for IT to get ­physical with access control
    November 2015, Access Control & Identity Management, Information Security
    While many network security systems are now built to support IT best practices and standards, such as, virtualisation, physical access control systems (PACS) have traditionally been designed without IT professionals in mind.
  • Increased complexity complicates identity management
    November 2015, Access Control & Identity Management, Information Security
    Mobile identity and access management services can help organisations ensure ­security in the digital revolution.
  • P@$$wORD_1: How secure is your password?
    November 2015, Access Control & Identity Management, Information Security
    One of the simplest means of acquiring this information, for an attacker, is to enter an organisation with the key to the door itself, users’ passwords.
  • The what, who and why of RBAC
    November 2015, Access Control & Identity Management, Information Security
    In the world of identity and access management, Role-Based Access Control is gradually becoming a frequently used term.
  • The Internet of Things is the Land of Opportunity
    November 2015, This Week's Editor's Pick, Information Security, Security Services & Risk Management
    The Internet of Things is happening now because two important drivers are in place: opportunity and necessity.
  • 10-Port PoE+ full gigabit managed switch
    November 2015, Products, Information Security, IT infrastructure in security
    Antaira Technologies’ LMP-1002G-SFP and LMP-1002G-SFP-24 series are cost-effective 10-port industrial gigabit PoE+ managed Ethernet switches.
  • Banking malware grows
    November 2015, Information Security, Enterprise Solutions
    South Africa is well known for its concentration of financial resources and any region that transacts using the English language or deemed as affluent is always high on the target list for the adversaries.
  • Data security in an insecure world
    October 2015, Enterprise Solutions, Information Security
    Copiers retain sensitive data on their built-in hard drives creating security risks due to the potential for malicious retrieval.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.