Cloud Backup Security: 5 Top Concerns
Cloud-based backup services are a great match for companies, particularly small-to-medium sized businesses (SMBs) whose IT time is already stretched thin, and larger companies with remote and branch offices (ROBOs) in need of automatic backup.
In selecting from the growing number of cloud backup providers, one important topic to examine is cloud backup security — what technologies, policies, and procedures does the provider use to ensure that your data will be safe? In other words, “What are you doing to ensure nobody else can see or steal my data?
Secure Cloud Backup: What Threats are you Protecting Data Against?
Keeping your backup data safe includes:
- Protection against “sniffing” (eavesdropping) as it goes from your machines to the backup cloud
- Protection against electronic theft
- Protection against physical theft
- Protection from storage hardware or software glitches
- Protection against physical events
1. Securing Data in Transit
“Data in motion,” a.k.a. “data in transit,” refers to data being moved over a network, versus “data at rest,” which means data residing on a storage media or device.
It is impossible (or close enough to impossible) to guarantee that the network devices and links in a connection are physically protected against electronic “eavesdropping.” Therefore, data in motion has to be protected via encryption, so that any captured traffic is unreadable by unauthorized parties. Data in transit can be secured in one of the following ways:
- Encrypting the data by the backup client at the source (gives rise to password and/or key management problems)
- Using a data transfer protocol that offers an encrypted mode (for example, sFTP, FTPS, and Secure WebDav over HTTPS)
- Using a secure tunnel such as an IPsec VPN.
Make sure your backup solution provides a guaranteed, enforced method of data encryption.
2. Protecting Data Against Electronic Theft
Once your backup data has arrived at the cloud provider and stored (become “data at rest”), how secure is it from being accessed by unauthorized parties — either internally, e.g., by provider employees, or by network intruders, malware attacks, etc?
One feature to look for in your secure cloud backup is “logical partitioning” within the cloud backup service. Virtualization and other techniques can ensure that your company’s access point to the service is just for you – and that your backup security is effective.
Encryption should also protect your stored “data at rest,” insuring that even in the unlikely event of the datacenter media being compromised, the data itself is unusable. Zetta encrypts data at rest so that when hard drives fail they can be repaired or replaced instead of physically destroyed.
3. Protecting Data From Physical Theft
If the data center is not physically secured, your data is still at risk — unsecured drives or storage systems could be stolen.
Physical security includes locked doors and video surveillance, for example. Look for facilities that have received operational certifications like SAS70 Type II or the new SSAE-16 SOC 2, which reflect they meet validated best practices for administration operations.
In the case of Zetta, we not only use facilities that are under SAS70 Type II auditing, but also have our storage service procedures under SAS70 Type II (to be SSAE-16) auditing
4. Protecting Data From Storage Hardware or Software Glitches
Backups ensure recovery from problems with the primary copy of the data, but backups, too, need protection. Hardware and software are subject to failures, but proper technology can also be used to prevent many failures, or avoid data loss caused by failures.
For example, Zetta uses a combination of continuous data validation plus advanced RAIN technology so that the backup data is protected.
To ensure the preservation of data integrity, Zetta software performs ongoing integrity monitoring and remediating. Zetta employs consistent use of strong cryptographic hashing via SHA1 at the file level and CRC at the chunk level, and constantly monitors these on writes, reads and at-rest, rooting out potential data corruption and proactively self-repairing — without impacting performance.
And where traditional RAID-6 encodes data across separate disks, Zetta’s RAIN-6 software takes this one step further, encoding the data across separate computers, to further reduce the potential impact of any failure, e.g. for more than just failed disks. This approach yields a level of redundant protection not available even in enterprise storage hardware.
5. Protecting Data Against Natural Disasters
Like all buildings, data centers are potentially subject to damage from weather — like flood, winter emergencies, hurricanes and tornadoes — or earthquakes, power outages, accidents, and other events.
Backup data centers are often situated in low-risk areas, and the physical plant “hardened” to withstand and survive most events, keeping your data safe and secure.
For extra cloud backup security, services may have multiple sites, replicating your backups — a backup for the backup, as it were.
Before you select a backup provider, don’t just ask about performance or price. (But do ask about these as well.) Find out what cloud backup security they offer — and what certifications they have validating their claims.
Zetta provides complete cloud backup security addressing all five of these concerns. Learn more about how disaster recovery planning can keep your data protected.