How To Protect Your Online Backup From Being Hacked



Similar documents
Hybrid cloud computing explained

Preparing for the cloud: Understanding the infrastructure impacts Eight essential tips for a successful cloud migration

E-Guide CLOUD COMPUTING FACTS MAY UNCLENCH SERVER HUGGERS HOLD

Solution Spotlight BEST PRACTICES FOR DEVELOPING MOBILE CLOUD APPS REVEALED

5 ways to leverage the free VMware hypervisor Key tips for working around the VMware cost barrier

Benefits of virtualizing your network

E-Guide HOW THE VMWARE SOFTWARE DEFINED DATA CENTER WORKS: AN IAAS EXAMPLE

Securing the SIEM system: Control access, prioritize availability

E-Guide SIX ENTERPRISE CLOUD STORAGE AND FILE-SHARING SERVICES TO CONSIDER

Exchange Server 2010 backup and recovery tips and tricks

Evaluating SaaS vs. on premise for ERP systems

7 remote office backup options: Which is right for you?

5 free Exchange add-ons you should consider Eliminating administration pain points on a budget

HOW MICROSOFT AZURE AD USERS CAN EMPLOY SSO

Managing Data Center Growth Explore Your Options

Hyper-V 3.0: Creating new virtual data center design options Top four methods for deployment

3 common cloud challenges eradicated with hybrid cloud

E-Guide NETWORKING MONITORING BEST PRACTICES: SETTING A NETWORK PERFORMANCE BASELINE

E-Guide CONSIDERATIONS FOR EFFECTIVE SOFTWARE LICENSE MANAGEMENT

MDM features vs. native mobile security

Software Defined Networking Goes Well Beyond the Data Center

Is Your Data Safe in the Cloud?

VANGUARD ONLINE BACKUP

The Do s and Don ts of Server Virtualization Back to basics tips for Australian IT professionals

Virtualization backup tools: How the field stacks up

Getting Started With Cloud Storage

How to Define SIEM Strategy, Management and Success in the Enterprise

Cloud Backup and Recovery for Endpoint Devices

Don't Wait Until It's Too Late: Choose Next-Generation Backup to Protect Your Business from Disaster

A Modern Guide to Optimizing Data Backup and Recovery

Is Cloud Backup good insurance for your brokerage?

Solution Spotlight KEY OPPORTUNITIES AND PITFALLS ON THE ROAD TO CONTINUOUS DELIVERY

HYBRID CLOUD BACKUP 101. Top Five Benefits of Cloud-Connected Appliances

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

Secure Your Business with EVault Cloud-Connected Solutions

HOW TO SELECT THE BEST SOLID- STATE STORAGE ARRAY FOR YOUR ENVIRONMENT

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

Backup & Disaster Recovery for Business

Manufacturers Need More Than Just Backup... But they don t need to spend more! axcient.com

Online Backup Solution Features

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

TechTarget Virtualization Media. E-Guide

How To Choose A Cloud Computing Solution

Moving to the Cloud? DIY VS. MANAGED HOSTING

E-Guide WHAT IT MANAGERS NEED TO KNOW ABOUT RISKY FILE-SHARING

Financial Services Need More than Just Backup... But they don t need to spend more! axcient.com

IT is complicated. There are so many moving pieces and parts, and your business is dependent on all

Avoid the Top 5 Epic Fails of Enterprise Endpoint Backup

Meeting the Top Backup Challenges in Small and Medium Business Environments

The state of cloud adoption in India The use cases, industry trends, business demands, and user expectations driving cloud adoption in Indian

BUYING PROCESS FOR ALL-FLASH SOLID-STATE STORAGE ARRAYS

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

Total Cost of Ownership Analysis

HOW TO SELECT A BACKUP SERVICE FOR CLOUD APPLICATION DATA JUNE 2012

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

Online Backup by Mozy. Common Questions

Cloud, Appliance, or Software? How to Decide Which Backup Solution Is Best for Your Small or Midsize Organization.

What you need to know about cloud backup: your guide to cost, security and flexibility.

Diagram Cloud Computing

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late.

E-Guide UNDERSTANDING PCI MOBILE PAYMENT PROCESSING SECURITY GUIDELINES

Disk-to-Disk-to-Offsite Backups for SMBs with Retrospect

Transcription:

Cloud Backup: Pros, Cons, and

Cloud backup has taken the storage world by storm, and most IT professionals have given some serious thought to implementing it. But before you get started on your cloud backup business case, it's important that you perform proper due diligence. This E-Guide discusses the security concerns surrounding online backup and provides a checklist to ensure that you don't overlook any key points as you navigate the evaluation process. Discover backup scenarios that can create a false sense of security and learn how to address potential capacity issues and data protection gaps if you execute a cloud-based backup strategy in your organization. By: Kevin Beaver Everyone seems to be on the online backup bandwagon. It's convenient, it requires little effort, and it'll ensure you get those backups completed and offsite once and for all. Oh, it adds a much-needed layer of data security, too. After all, what if someone were to break into your office and not only steal your computers but also your external drives or other media your precious backups are sitting on? Or what if something happens to your building and you lose everything? These things happen. But wait a minute. The marketing minds can put a positive twist on anything. Online data backup offers a lot of value, however, there are downsides you absolutely need to be aware of. There's too high a price to pay to bury your head in the sand over something so important. Here's what you need to consider: You still have to make sure you're backing up what matters. Every network I've come across has unstructured data scattered across hundreds, often thousands, of unprotected islands. Users almost Page 2 of 8

always have critical business files on their local systems. Is every file critical to your business getting backed up? What about Macintosh and Linux systems -- are they supported? Furthermore, does your online backup service allow you to back up everything, including the OS? Probably not, if it can't handle open files. How's that going to affect your business continuity and/or recovery time when a drive in one of your laptops or servers dies? That's easily a day or more worth of work just to get a base install up and running. You'll still have to factor in restoration time, which can be considerable if you have to download a lot of data. Capacity planning is something you'll want to consider, too. Are you going to end up needing more online backup space than you originally thought? Not having enough space to store what really needs to be protected is not only a financial issue, but it could also end up being a business continuity/disaster recovery concern. You have to think ahead about what you're going to rely on if something happens to all of your critical servers and workstations, or even your building. In the event an unauthorized outsider or rogue employee obtains login credentials into the online backup environment, what happens if they try to restore data to their system? Once they're in, will they have free rein to everything you've backed up? There are several scenarios that can create a false sense of security that everything's backed up and secure: 1) you have open files in Outlook, Word and so on when the backup runs, and those files don't get backed up because the service you're using can't handle open files; 2) users shut their systems down or Microsoft decides your computers need to reboot due to a forced patch and the backup never completes; and 3) the Internet connection at your business and especially at your users' offsite locations drop and the backups don't complete. Given the speed differential and the Internet component in the equation with online backups, the window of Page 3 of 8

"backup opportunity" can narrow considerably and something's bound to come up and get overlooked. If you're backing up multiple systems to an online repository, there are bandwidth issues you've got to consider. Is this process -- especially during the initial full backup phase -- going to gobble up precious Internet bandwidth and prevent your customers from reaching your online presence or your employees from getting their work done? You also can't overlook the local resource requirements -- especially if file compression takes place on the system before data is uploaded. Is something like this going to get in the way of your users doing what they need to do like virus scans and disk defragmentation often do? Once backup data is removed from your online provider -- be it a single file or an entire backup set -- is it actually removed or does it linger online forever? This could create data retention and e- discovery liabilities. Better ask your lawyer. Is the data encrypted once it's uploaded? This is typically the case and not a big issue you need to be concerned with. The risk comes into play, however, if you ever forget your online backup password(s). This is especially important if your users are responsible for their own backups, which I think is very risky. Is the data encrypted in transit? Securing data in transit is typically not a high priority to me but there are some exceptions so you need to find out for sure. All it would take is some loophole in a service provider's process that allows data to be backed up or restored over an unsecured channel from, say, a user's unsecured wireless network. Perhaps most importantly is the security of the Web interface used to manage your online backups. Building on the previous point, it's ironic that so many businesses tout their online services as being secure because they use SSL. It's hardly that simple. With any Web Page 4 of 8

site/application -- even if there's a thin-client component on the user end -- there are way more things to be concerned with. I often find weak login mechanisms that don't lock accounts after so many failed attempts, minimal password requirements, URLs that can be manipulated leading to command execution and directory traversal and on and on. In my work, I've seen enough businesses put systems on the Web that are riddled with security holes all the while assuming that a firewall, SSL and passwords equal security. Further rubbing salt in the wound all of these Web weaknesses can be exploited even when SSL is enabled. So now the attacker has an encrypted channel to carry out his misdeeds. I dislike dealing with the administrative issues and security risks related to internal backup as much as anyone else. I do think there is promise in online backup. Just don't assume the grass is greener -- and more secure -- on the other side. Bottom line: know what you're getting into. Ask your vendor or prospective vendors about these issues and plan things out internally before you jump in. After all, it's your data and your business. By: Lauren Whitehouse Assessing your organization's challenges, abilities and assets will help to determine if deploying a cloud-based data backup strategy is a better alternative than relying on an on-site data backup and recovery strategy. Here's what to consider when trying deciding if cloud backup is right for your organization: Budget. Do you know what your current costs are for data protection? Have you evaluated staff costs to determine if eliminating any on-premises infrastructure, introducing automation or adopting more-advanced technology, would alleviate issues? A comparison of all capital and operational expenses for on-premises technology over three years vs. the operational expenses for cloud-based backup over three years may yield surprises. For example, for a backup tape strategy, the maintenance fees for Page 5 of 8

on-premises hardware and software, media purchases and storage fees, and operations overhead over three years could pay for three years of a hybrid cloud service. Daily capacity of backup data. How much data needs protecting (based on the total capacity of data and the daily change rate)? What's the frequency of backups required to meet recovery objectives? Calculate how much backup data needs to be transferred on a daily basis. And, given the available bandwidth, whether or not the transfer can be accomplished within the backup window. Data protection gaps. Do you have new directives to improve protection at remote office/branch offices (ROBOs) or with endpoints? Do you have the staff and capital budget to invest in these new initiatives? Do you currently have a disaster recovery (DR) strategy? If yes, do your people, processes and technology allow you to meet recovery time objectives (RTOs) and recovery point objectives (RPOs)? Leveraging a cloud backup vendor to augment current on-premises data protection processes may be more costeffective (no upfront capital investment in infrastructure and no additional headcount required) than extending on-premises capabilities. Infrastructure. Is the current infrastructure limiting your ability to meet the needs of the organization? Have budget constraints limited your ability to keep pace with technology advancements? Were you going to do a technology refresh soon anyway? Organizations without the capital budget to extend or refresh the IT infrastructure to meet data protection needs -- but with a sufficient operational budget -- can fund monthly service fees through their operational budget to improve data protection processes. Service-level agreements (SLAs) and compliance mandates. Can you successfully complete your backup within the prescribed window of time? Can you recover data to meet agreed-upon timeframes? If not, is the inability related to outdated technology or lack of sufficient operational staff? Can you meet corporate and/or regulatory requirements with your current people, processes and technology? Does your process for maintaining offsite copies introduce any security risks? If you have recovery service level Page 6 of 8

agreements that are more aggressive than what can be delivered by streaming data over your WAN link or physically transported on portable disk (not unlike tape media from offsite storage), cloud-based backup may not be for you. If you don't have the discipline and capabilities to meet compliance objectives, then outsourcing data protection to a vendor that can support compliance efforts may pay off. Staffing levels and expertise. Has the economic climate impacted your ability to appropriately staff the data protection function? Do your current backup/recovery infrastructure and processes rely too heavily on operational staff? Do you have in-house expertise to properly architect, build and maintain data protection infrastructure and processes to meet objectives now and in the future? An operations staff is often the most costly aspect of data protection, so adding data protection capabilities without necessitating additional staff could be more feasible. This article originally appeared in Storage magazine. Page 7 of 8

Free resources for technology professionals TechTarget publishes targeted technology media that address your need for information and resources for researching products, developing strategy and making cost-effective purchase decisions. Our network of technology-specific Web sites gives you access to industry experts, independent content and analysis and the Web s largest library of vendor-provided white papers, webcasts, podcasts, videos, virtual trade shows, research reports and more drawing on the rich R&D resources of technology providers to address market trends, challenges and solutions. Our live events and virtual seminars give you access to vendor neutral, expert commentary and advice on the issues and challenges you face daily. Our social community IT Knowledge Exchange allows you to share real world information in real time with peers and experts. What makes TechTarget unique? TechTarget is squarely focused on the enterprise IT space. Our team of editors and network of industry experts provide the richest, most relevant content to IT professionals and management. We leverage the immediacy of the Web, the networking and face-to-face opportunities of events and virtual events, and the ability to interact with peers all to create compelling and actionable information for enterprise IT professionals across all industries and markets. Related TechTarget Websites Page 8 of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information