For the last few years businesses have been trusting the storage and transmission of their data to remote locations through Internet circuits. This trend is due to the improvement of security and risk mitigation of your critical data. Expense occurs when keeping up with the growing hardware, growing software, and hiring trained employees to handle the backup procedures. Online backup solutions can reduce this cost. Automation during the online backup process leaves little need for additional investments. Traditional backup plans often overlook security of backups within an organization's walls. Online backups can be compared to the physical security of a locked door. It does not make sense to leave the door open that should be closed and locked with exception of certain personnel. Most online backups transmit your data encrypted with only you and certain personnel holding the key to that door. Additionally, a trained staff, usually with a 24/7 service policy can assist in the event that recovery of data is necessary.
The key to successful Risk Management is to protect your most
important/critical assets. The importance/criticality of an asset might
change over time. The goal of this online backup risk
assessment is to calibrate the Ponchatoula Police Department's risks based on the current state of
security.
Most online backup systems utilize a secure 128-bit SSL encryption during the
backup process and 448-bit Blowfish encryption or 256-bit AES
encryption while your files are in storage.
Criticality: High
Accessibility to unauthorized external parties: Medium
Measures taken to reduce risk of penetration
- Insure rigorous checks on the authenticity of the server's certificates, alert in the event a certificate expires
- Inspect all authentication traffic for plain text and/or hashes to prevent unwanted traffic from authentication attempts
- Keys and/or Credentials must be kept in more than one location off-site to guarantee security and recoverability
- All installed client software versions must be tested with md5 checksums by their providers md5 checksums
Likelihood of hacker break in: Low
Actions to be taken in the event of a break in:
- Isolate any network
equipment involved - Contact the vendor
- Inform the Chief, Mayor, and Sheriff of the situation
- Contact Information
Technology Administrator - Restore data from
backup, if needed - Determine what
information has been compromised, and if any loss to critical data
has occurred - Document specific
details of incident - Schedule a post-mortem
review to determine what needs to be done differently and what was learned
from the experience - Make procedural changes
that are needed as a result of the incident
References:
http://www.h-online.com/security/Some-online-backup-services-insecure--/news/110771
http://blogs.vembu.com/2009/01/synthetic-full-backup-in-the-online-backup-world-are-we-inviting-trouble/
http://www.idrive.com/online-backup-security.htm
http://www.carbonite.com/blog/post/2008/05/Security-and-Online-Backup.aspx
http://www.backuphelp.com/backup/security.htm
https://www4.ibackup.com/online-backup-security/
Thank You,
David Burgess
Redbean Data, LLC
http://www.redbeandata.com
