Protecting Your Data Backups from Security Risks

From The System Administrator Zone

Data backups may be an essential element of storage security, but are often the source of security grief. A large percentage of security breaches can be attributed to the mishandling of data backups. If you review the Privacy Rights Clearinghouse's Chronology of Data Breaches, you will spot many incidents where adequate data backup controls were lacking. In fact, millions of records were compromised in 2008 in backup-related errors. Of course, these are only the ones that have been found, while it is likely that others exist under the radar of trained eyes. Intellectual property losses were equally abundant. The following measures may help to run your data backup more efficiently:

  1. Ensure your security policies include backup-related systems within their scope.
  2. Include your data backup systems in your disaster recovery plans.
  3. Assign backup software access rights only to those who have a business need to be involved in the backup process.
  4. Store your backups offsite or at least in another building.
  5. In whichever way you choose to control your back ups, be sure to control access to the room/car/house in which the backups are stored.
  6. Use a fireproof and media-rated safe. Many people store their backups in a "fireproof" safe, but typically one that's only rated for paper storage.
  7. Find out the security measures that your off-site storage vendors, data center providers and courier services are taking to ensure that your backups remain safe in their hands.
  8. Password-protect your backups.
  9. Encrypt your backups if your software and hardware support it.
  10. Test your backups occasionally -- especially if you're using tape. Imagine yourself recovering from a loss only to find out that you have recovered the wrong data.

It is always worthwhile to investigate where your data might be vulnerable, even if you think it is not. Chances are good that a few steps have been overlooked. If you cannot see the gaps, but believe they are still there, it may be a good idea to hire an unbiased third party to help you close them. Like most things in life, simple steps can protect us from experiencing great loss.