Information is an asset that, just like other important business assets, should be adequately safeguarded, in order to maintain competitive advantage. Information is not only the software files, like spreadsheets and reports. Its also the knowledge that we carry in our heads. Its the Intellectual property of an organization.
Imagine, losing your data, during a system upgrade, or due to hardware
problems. Unlike your hardware, information not insurable. Loss of
information or its compromise can be devastating to a company, and
an unimaginable gain for its competitors.
An important aspect of Information security is Information Backup.
Information Backup, unlike data backup, is not limited to technical
backing up of a few computers. It is an organizational strategy of
maintaining the integrity and availability of information and the
Information processing facility. It includes well-oiled and rehearsed
strategies on recovering data.
Organizations that implement Information Backup properly, will experience
minimum downtime and smooth recovery in the event of a failure.
The organization should decide ``what'' should be backed up, and
up to what level. A priority list of important information should
be classified and levels assigned, based on the importance of the
information. Something like this ...
- Code repository (Level 5 protection)
- Financial data (Level 5 protection)
- Employee email (Level 4 protection)
- Sales reports (Level 3 protection)
Define what Backup procedures need to be maintained for each of these
levels. Something like this
- Level 5 - Fail-over backup, off-location backup for disaster recovery,
Weekly and daily backups, Weekly Mock recovery.
- Level 4 - Weekly and daily backups, Weekly mock recovery.
- Level 3 - Weekly backups. Monthly mock recovery.
Mock recoveries are conducted to make sure that the restoration process
works well, in the event of an actual failure.
The extent and frequency of backups should reflect the business requirements
of the organization. Put up a question like this. If this information
were to get lost, can we restore a week old copy. Will the information
change a lot during a week or month.
Also consider the Criticality of the information to the continued
operation of the organization. Maybe the information doesn't change
a lot during the week, but it has to be restored with Zero Downtime,
in the event of a failure. In such conditions, a Fail-over solution
would be ideal.
In case of critical systems, the backup should cover all systems information,
applications and data necessary to recover the complete system in
the event of a disaster.
Accurate and complete records should be maintained of the backup process
and the backup copies. This helps to track who did the last backup
and when. Logs should also be maintained for the Mock Restorations,
in order to track that the restorations were successful or not. Mock
restorations help discover flaws in the backup process. For example,
if all the files were not backed up, or the script was bad.
Backups should be stored in a remote location, at a sufficient distance
to escape any damage from a disaster at the main site. What remains
to be decided, is the mode of such storage. Whether it has to be a
fail-over server, or whether the information can simply be stored
in tape drives.
Consider the security requirements of the information involved. Is
it safe to replicate the information in another off-location site?
Maybe, your agreement with your clients, doesn't allow you to transfer
the information to another location.
Backup information should be given appropriate level of physical and
environmental protection. What this means is whatever controls that
you apply to media at the main site, should be extended to cover the
Back-up site.
In certain cases, where confidentiality is of importance, the backups
should be protected by means of encryption.
OK, you did everything great so far, backing up your information.
Now assume, that the backups didn't restore well, during an emergency.
The entire effort of backing up information goes down the drain. Make
sure that the Backup media is regularly tested to ensure that they
can be relied upon for emergency use when necessary.
Use Mock restoration procedures, so that you are sure that you are
sure that the Backups are effective. Also ensure that Backups can
restore in the time alloted for Recovery. For example, if the Operational
procedure for recovery is 2 hours, make sure that the Backup can be
effectively restored in 2 hours. Of course, it goes without saying
that the Mock restoration procedures ``should'' be logged.
The backups should be retained for as long as the organization determines
that the information is useful. Backup media is cheap, and the hours
that are required to clean the data may be more expensive. In most
cases, it may be cheaper to retain the backups.
In effect, the organization needs to decide the Retention period,
and also any requirement for archive copies to be permanently retained.
About the author: Sangeetha Naik heads Bobcares.com. She is the co-founder of Poornam Info Vision Ltd., Software and IT services company specializing in Linux based solutions for Webhosts and ISPs. Poornam Info Vision is an ISO 9001:2000 certified company with a team of over 140 engineers.
Sangeetha is a Computer Engineer based in India and has over 7 years of experience in the Hosting industry. Her articles have been published both online as well as in print.
|
US: 1-602-288-9145
|
Sitemap
