rvlsoft - Fotolia

Q
Problem solve Get help with specific problems with your technologies, process and projects.

What backup security measures protect against data breaches?

Backup security varies across different storage media. What works for tape-based backup may not work for disk backups, so plan your data protection strategy accordingly.

Hardly a day goes by when there isn't news of a new data breach.

Even though each one has been unique, the breaches have collectively demonstrated that hackers will exploit any available resource in an effort to gain access to data. This includes backup systems. The question therefore becomes a matter of how best to protect backups.

Backup security measures inevitably vary from one organization to the next. For example, protections for tape-based backup are different from protection for disk backups.

If your organization is backing up to tape (or other removable media), then one of the most important backup security measures to consider is that the tape could walk right out the door. As such, it is important to physically restrict access and to ensure that, if a tape is stolen, its data is unusable. You can accomplish this protection through certificate-based encryption.

Having the tape drives reside in a data center already provides some degree of physical protection, because a random person off of the street probably can't just walk in unimpeded. However, there are other backup security measures you can take. If, for example, tape backups run overnight, then schedule the backup jobs so that they complete just as the backup operator is arriving for work in the morning. That way, the backup operator can immediately remove and secure the tapes.

In the case of disk-based backups, the backup storage must be physically secured against theft, but there are also other considerations. Make sure that the backup target is on a dedicated network backbone that only includes backup servers and targets. Additionally, all traffic in and out of the backup servers should be encrypted using Internet Protocol Security or something similar. You can add an additional layer of security by moving backup traffic -- between your backup servers and the resources that they are protecting -- to a dedicated virtual LAN.

Just as an organization needs backup security measures for tapes to be protected against theft, the disks in your backup appliance need protection as well. Encrypt the disks using BitLocker or something similar. It's also important to have a rigid protocol in place for securely disposing of used backup disks whenever they are replaced.

If you opt to use cloud-based backups, then set up a dedicated account for use with those backups, rather than using your cloud administrator account. Some organizations have also been known to use erasure coding techniques to stripe backups across multiple clouds, as a way of preventing any one cloud provider from having a complete and readable copy of the data. This technique can also provide a degree of redundancy that enables you to restore your data, even if a particular provider drops offline. Finally, if you are using a cloud storage gateway, then make sure to follow all of the manufacturers' recommendations for securely configuring the device.

This was last published in June 2018

Dig Deeper on Data backup security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Which type of backup storage do you find most difficult to keep secure, and why?
Cancel

-ADS BY GOOGLE

SearchDisasterRecovery

SearchStorage

SearchITChannel

Close