Five Best Practices for Protecting Backup Data

Assess storage risk as it pertains to information security

Perform a risk analysis of the entire backup process

Managers must examine each step of their backup methodology looking for security vulnerabilities. Could a tape administrator secretly create copies of backup tapes? Are boxes of tapes left out in the open? Is there a tight, end-to-end chain of custody for your backup tapes? If data is backed up and transported in clear text, vulnerabilities like these could make mission-critical data easy prey.

Execute a cost/benefit analysis on backup data encryption

If a risk analysis exposes numerous vulnerabilities, organisations should seriously consider whether encryption is warranted. This project should go deeper than software licensing or device cost alone, and include the costs of encryption-related operational tasks in backup and disaster recovery processes, as well as the impact of encryption on recovery time. The total cost of encryption should be compared to potential risks and the likelihood of a security breach to determine whether it makes economic sense to implement encryption broadly, narrowly, or not at all. Given the series of recent publicity, tape encryption of sensitive data is a worthwhile investment.

Identify sensitive data

Know what files, databases, and columns are considered sufficiently sensitive by business units to warrant the additional cost of protection. Additionally, know where your data resides. Many times data is duplicated throughout the environment. It is important to have policies and procedures that provide a good understanding of where data lives at any point in time. For example, companies have information on laptops that may also exist in duplicate on a network drive or in a backup repository used by the PC.

Develop an Information Protection Programme

Adopt a multi-layered security approach

Adopt a multi-layered approach to data protection by applying best practices for the data network to the storage network, while adding layers unique to the characteristics of data at rest. These include the areas of:

• Authentication: Apply multi-level authentication and anti-spoofing techniques.
• Authorisation: Enforce privileges based on roles and responsibilities rather than full administrative access. Where available, leverage role-based administrative capabilities of storage management applications – especially backup.
• Encryption: All sensitive data should be encrypted when it is stored or copied. In addition, all management interface data transmitted over any non-private network should be encrypted. Sensitive data is usually defined as information containing either personal information or trade secrets.
• Auditing: Logs of administrative operation by any user should be maintained to ensure traceability and accountability.

Copy your backup tapes

Depending on a single copy of data is never a good idea. While tape media can have a long life, it is susceptible to environmental and physical damage. The recommended best practice is to copy backup tapes and then send the copy off-site. The advised method of copying backup tapes is to write a new tape by reading the original tape. This method has the benefit of both verifying that the backup data is readable as well as eliminating the single point of failure of the backup tape.

The reason most often given for not having a tape duplication policy is lack of time. From a practical standpoint, backups take too long, making it difficult to duplicate the data in a timely fashion. There are various methods of addressing this issue. The first method starts with optimising the backup system to decrease the amount of time it takes to complete the original backup. Then, multiple high-speed tape drives can be used to create the second copy for off-site purposes. Another way is to use the ability of some backup software packages to create both an original and a copy simultaneously.

While this method does not have the verification benefit discussed in the previous paragraph, it saves the time needed to make copies – and any type of copy is better than no copy. Regardless of the size of your environment, a combination of high-speed tape devices, virtual tape libraries, and professional services can help meet this important requirement.

Implement a tight, end-to-end chain of custody process for media management

Chain of custody refers to the act, manner, handling, supervision and/or control of media or information (usually, but not always, tape). The ultimate goal of successful chain of custody is to preserve the integrity of the resources. The following should be considered concerning chain of custody.

Removable media should be tracked by bar codes and reports should be generated detailing the current location of the media. A best practice is to report daily on tapes that are to be sent off-site, and those that have expired and should be retrieved from off-site storage to be recycled or destroyed. Documented standard operating procedures should be in place to ensure that these measures are carried out.

The off-site location and the process used to access the off-site storage should be analysed for security practices. Media should be placed in locked containers before leaving the data centre and subsequent tracking done at the “container” level. Tracking should be performed by scanning bar codes every time a tape container is moved, including at data centres and at off-site locations. Media containers should be signed for and never left exposed for someone to take.

Reconcile the inventory of media that is stored off-site on a regular basis (at least monthly) with tapes that may be kept in house. At the end of each month, a physical scan of the off-site storage should be compared to the records of the backup/archive application to discover inconsistencies. If media is not accounted for, then appropriate steps must be taken.

Once the media has reached obsolescence or can no longer be relied upon for its integrity, the media must be appropriately destroyed. The destruction of magnetic media is usually accomplished by applying some destruction process to the cartridge, either scrambling the data on the tape or destroying the tape all together, rendering it useless. Data destruction can be performed on-site with the proper degaussing equipment, or via a third-party service. (If performing data destruction on-site, ensure that degaussing equipment is rated for the correct media.) Data destruction is best performed via an organisation that provides a certificate of destruction.

Understand your data's chain of custody process

Another critical element in secure media handling is to ensure that off-site storage vendors follow best practices. Here is a baseline of things to consider:

• On-site vulnerability: Do not leave tapes in an unlocked container like an open cardboard box at the reception desk to await pickup. Pickup should follow a standard operating procedure in which a responsible IT person hands over and receives a signature from a known, ID carrying vendor representative.
• Background checks: When a company stores your critical data, you must be certain it conducts background checks on every one of its employees.
• The company should have a complete chain-of-custody process: Talk to the off-site storage vendor about the entire process of how media is handled from start to finish. Look for an emphasis on physical security, along with audit and control mechanisms to ensure that the process is being followed. It is inadvisable to move sensitive data in a vehicle emblazoned with the vendor’s name, easily identifying it as carrying sensitive data.
• Container vaulting: Container vaulting tracks tubs or boxes, but not their contents. Most off-site storage vendors support this type of vaulting.
• Physical security controls: Facilities should be appropriately secured. No unauthorised person should be able to gain access to the vaults.
• Environmental controls: Tapes and other media should never be stored in a vehicle’s trunk, or any other non-environmentally controlled location. For tape storage, the environment must be strictly controlled, including temperature, humidity and static control. Dust is the enemy of most media and media recording devices. The backup and archive environment must remain clean and dust free. A soft, static-free cloth should be used to clean the outside of cartridges and dust should be removed from slots of a library or storage rack by using compressed air from a spray can. Tapes should be shipped in an electrostatic holder and not piled into a tub or a cardboard box. Although appearing quite durable, tapes can be easily damaged by being mishandled.

Consider Electronic Vaulting

One thing to consider is vaulting data electronically and bypassing the need to transport information on physical media in a vehicle. There are a number of companies today that offer IT professionals the ability to backup data over the Internet. Data can be encrypted and moved via the Internet to a secure backup data facility. Electronic vaulting may not be a practical solution for all company data, but it may be practical for data that is distributed on file servers or personal computers. Distributed data can represent 60% of a company’s information and is difficult for IT to control.

Make sure that the vendor offering these services encrypts data while being transferred and when it is at rest. Additionally, discuss with the vendor how the information is kept available. Is it backed up to tape? Is it replicated to another site? Ensure that the vendor’s disaster recovery practices meet an exceptional standard. Discuss with the vendor how the information is kept available for recovery or litigation support.

Communicate the processes around Information Protection and Security

Now that the process has been defined for ensuring that sensitive data is properly protected and handled, it is important to ensure that the people responsible for carrying out its security are informed and trained. Security policies are the most important aspect of assigning accountability, responsibility and authority.

Inform business managers of risks, counter measures and costs

Data loss and intellectual property theft are a business issue, not an IT issue. As such, the Chief Information Security Officer (CISO) should begin a data security effort by educating business executives on risks, threats and potential losses from security breaches, plus the cost of various security countermeasure options. In this way, corporate officers can make informed decisions on the cost/benefit profile of data security investments.

Assess risk and train staff

ESG’s data clearly demonstrates that “an ounce of prevention is worth a pound of cure.” Organisations that assess risks and train staff are more likely to implement security policies, procedures and technologies that protect vital assets. On the other hand, vulnerable infrastructure and unskilled staff are a problem waiting to happen – pointing to a real payback for doing the security “grunt work.”

Execute and test the information protection security plan

Secure data protection is not about technology; it is about process. That is why it is important to test the process. As a company grows, information and data protection needs change, so the information security practices must change as well. Once the end-to-end plan has been developed, defined and communicated to the appropriate people, it is time to begin execution. Ensure that the tools, technologies and methodologies are in place that need to be deployed for information classification.

Test the process once it is in place. Remember, the test needs to include both backup and recovery. Attempt to inject any conceivable threat into the process including server and tape loss, network issues, device issues, data classification issues and any other scenario that might affect the business. Test with staff who may be less familiar with the process. This testing can help ensure that the process is easy to follow and can be executed if the usual person is unavailable due to illness, vacation or termination.

Information has a life of its own, we’re to help at every stage

We can help you take care of your information at every stage of its life, cut costs and improve efficiencies.

Analyse and advise
Store and protect
Scan and digitise
Flexible access
Secure destruction