Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory


Securing information
October 2011, Information Security

Regardless of the size of your company or the volume of data, paper or video footage you accumulate, it would be irresponsible not to have suitable backup and archiving methodologies in place. Hi-Tech Security Solutions spoke to ContinuitySA, Metrofile and StorVault Africa about the ins and outs of these essential services.

Let us begin by differentiating between data backups and data archiving. Data backups are for disaster recovery or restoring lost or corrupted files. Speed of restoration is crucial. Data archives are for discovery and are used to store data that is no longer in day-to-day use, but must be retained. Here speed is not the issue, but the ability to expedite easy searches is of vital importance.

So the million-dollar question is – can companies backup and archive data on-site or should they move these functions offsite? Two critical factors come to the fore – space considerations and risk mitigation. Office floor space comes at a premium and, since the volume of data increases exponentially with the number of years a business has been in operation, it makes good business sense to outsource your storage needs.

As far as risk mitigation is concerned, are you really equipped to ensure the complete safekeeping of valuable data? Is environmentally sensitive data, documentation and footage stored in a humidity and temperature controlled room at your facilities? Is your building sufficiently secure to ensure complete protection of records and backups?

“Hurricanes, floods, tornadoes, earthquakes and other natural disasters, as well as violent strikes and protests, can threaten the viability of your businesses if you are not prepared. The best way to thwart this is to routinely back-up to an offsite data centre. That data centre should be both adequately remote, professionally managed and certified secure so you are absolutely certain of recovering from a disaster,” said StorVault Africa’s country manager, Derek Friend.

Bob Eedes, GM, information solutions at Metrofile, said that as the volume of data creation has proliferated over the years, so the need to store data offline has become more critical to save space. “There has been an increasing predilection of keeping everything online and backing it up accordingly, on a regular basis. With regard to archiving data, pragmatists would argue that the ideal time to do this would be at the financial year-end so that, from a SARS regulatory perspective, you would have a financial snapshot of the business at that point.”

“If you back up data more frequently, you reduce the amount of potential lost data and allow users to resume business faster. Determining how often you need to do this in order to retain crucial data is referred to as your recovery point objective (RPO). It makes sense to consider a solution that automates backups according to the schedule you require,” said Friend.

Friend suggests sorting data into three categories. “The first is important data, but you will be satisfied if it takes longer than 48 hours to recover it. The second category is data you will definitely need within 25 to 48 hours. Third is data you need in less than 24 hours. This is referred to as the time to return-to-operations (RTO).”

What is your core business?

“Keeping your business successful means doing more with less. Your priorities are sales and service, not the details of data management. This means you may want to outsource functions, such as data protection and management, which do not directly add value to your business,” said Friend.

“However, if you hand over management of your data protection to a local consultant, ensure he has the tools to set up, monitor and administer everything about your data backup and recovery from his remote location,” he cautioned.

Eedes agreed that often data storage becomes an inefficient management function within an organisation. “It is often delegated to a low level employee who is situated in the lowest level of the building (often the basement). This employee generally is unaware of the critical nature of the data and is oftentimes unable to administer correct procedures for safe storage and easy retrieval. This is where offsite storage comes into its own. With predetermined retention period protocols in place, your consultant will automatically inform you when this retention period is due to expire and discuss the various options open to you at that point. These could include extending the retention period or destroying the data.”

How long is long enough?

Justin Lord is the GM for hosting services at ContinuitySA, a company that works closely with clients to ensure the protection of critical data through suitable storage methodologies. “We discuss the logistics around retention policies and all video footage is stored on hard disks for a period of 60 to 90 days. If there is an incident, this provides a large enough timeframe for data retrieval. The client can then choose to backup this data to tape and we can then store it for a period of 12 to 24 months. However, financial institutions require data and footage to be retained for periods of seven to 14 years.”

Justin Lord
Justin Lord

Eedes said that in South Africa we have a mix of First World and Third World practices. “Therefore, while much of the data can be stored electronically by scanning it to disk or automatic transfer in the case of electronic data, there will still be a need for the storage of paper records in the foreseeable future.”

How does it work?

Eedes explained that one of the options available for backing-up electronic data is to send it online to a storage platform where, when transmitted, it is encrypted and undergoes, for example, delta blocking to reduce its physical size. “This is part of the technology that ensures that the offsite data is a complete and accurate copy of the original.”

Eedes said that video footage can be stored on an external hard drive and collected for secure off-site storage on a rotational basis. “At the end of this period the external hard drive will be delivered to the client to continue the backup cycle, as required. By taking responsibility for the collection and delivery away from the client, the client is free to continue with their core business functions. A positive spin-off is that this scheduled cycle instils discipline in the client environment and when the client is aware that rotation is about to take place, he is prompted to ensure that backups are completed and up to date which further reduces the risk of losing crucial data.”

Due diligence

Eedes said that governance issues such as the King III Report and the Companies Act need to be considered when storing data. “These outline the duties of the responsible officers regarding due diligence in ensuring records are accessible to the right (read ‘restricted’) people and are kept in an appropriate environment.” Friend said that it is important to ensure that your backups are secure and comply with regulations like end-to-end encryption and that the data centres are suitably certified. “Look for a solution that encrypts your data during transmission and in storage. Get a vendor who moves your backups to an offsite data centre that is SAS 70 Level II certified. If you need to comply with regulations such as SOX, GLBA, or HIPPA – and who does not anymore – make sure the vendor you select helps you conform to your industry-specific requirements.”

Apart from the obvious risk mitigation of data subjected to disastrous conditions or the loss of data due to IT systems crashing, and the desirable reduction in physical storage footprint, one should also consider the time and money saved in the medium to long term by storing data offsite with a reputable company. “If you consider that the average employee spends 30% of their time looking for information, does it not make good financial sense to consider placing your critical data in the hands of people who specialise in data risk mitigation?” Eedes concluded.


  Share via Twitter   Share via LinkedIn      

Further reading:

  • The IoT is already here – will you be secure?
    September 2014, Information Security
    “We should question whether some of the great advancements in technology are designed to serve us or serve the interests of others.”
  • Malicious malware and your business
    September 2014, Information Security
    Businesses should be aware that their security system from last year might not be protected from today’s most common malware.
  • A look into the cybercriminal underground
    August 2014, Information Security
    Places in the Internet where cybercriminals converge to sell and buy different products and services exist. Like any other market, the laws of supply and demand dictate prices and feature offerings.
  • Manager’s guide: Tailor-made security policy
    August 2014, Information Security
    With the never ending number of security threats to business information it is imperative that managers take the initiative to establish working and evolving security policies that protect the business and its assets.
  • Practicing good information ­governance
    August 2014, Information Security
    The exponential growth of data, combined with increasing regulation, has left many organisations struggling with the complexity of compliance required to manage their information.
  • Worldwide security software market grew 4.9% in 2013
    July 2014, Information Security
    Worldwide security software revenue totalled $19.9 billion in 2013, a 4.9% increase from 2012 revenue of $19.0 billion, according to Gartner.
  • Securing enterprise cloud applications
    July 2014, Information Security
    With data now living on the wrong side of conventional internal defences in cloud-based server farms, the ground has shifted and a one-size-fits-all approach to data protection is not sufficient.
  • Public sector in the cloud
    July 2014, Information Security
    The public sector is displaying a newfound openness towards cloud delivery models, believes Andrew Soddy of Mimecast.
  • Consistent malware protection
    July 2014, Information Security
    Cisco expands advanced malware protection and data centre security solutions to address advanced threats from endpoint to network to cloud for customers in South Africa.
  • Business should anticipate greater cloud cover
    July 2014, Accsys, Information Security
    A reduction in the cost of data and reliability of data on fixed line and wireless media has driven more widespread use of cloud services.
  • Hosting in the cloud
    July 2014, Information Security
    Scalability, flexibility, security and cost saving are just some of the benefits associated with a move from traditional on-premise servers to a cloud-based environment – and the business case for initiating the process is clear and strong.
  • Security in the cloud
    July 2014, Information Security
    Panda Security has announced the availability of its new cloud offering, Panda Cloud Fusion, which combines comprehensive security, management and support in one solution.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.