What is worth remembering when choosing a cloud for backup
In the age of information technology, more and more companies are emerging for whom data is their bread. Losing data for them means losing everything. There are cases when businessmen and small companies have been ruined due to an incorrectly organized approach to backups. That is why we told and continue to tell both our users and the entire community of readers about the importance of backups and the correct approach to their creation and storage. Today we want to take a quick look at such a great backup tool, like cloud technologies, and bring to your attention a few fairly obvious, but sometimes forgotten, recommendations for choosing the best cloud for your data and using it.
Encryption is vital for data security and most backup services offer it. However, encryption is not always a guarantee of the security of your working data. Are you sure your data is safe if someone has access to the encryption keys?
')
Some providers have responded to this situation in this way: they transfer the key for storage separately from the data and periodically change it. However, regardless of the steps taken, as long as the backup service provider has access to the encryption keys, your personal data is still not personal. And any subpoena, for example, will force providers to submit decrypted data, even if the keys have been deposited.
Another way to store keys is to place them on the server behind the client’s firewall to ensure exclusive ownership. But for cloud backup this solution is not suitable, because it still requires hardware for configuration and management, which in itself contradicts the idea of ​​a cloud service. In addition, an additional point of potential failure appears on the server, requiring additional data protection.
For maximum security, two-level encryption key management is recommended. The key is additionally encrypted using client credentials, and only a token is placed in the cloud. Thus, the provider does not have access to client encryption keys, and the user avoids the hassle of supporting servers. Only the user after authorization has access to the keys and, accordingly, to the data. And for even more security, the access token is destroyed after each session.
Naturally, most of the clouds are actually located on the ground and are supported by many servers and other devices that require energy and protection from natural phenomena. Even though the reliability of the data center has greatly increased over time, the servers are still subject to failures related to energy, sabotage and natural disasters.
Therefore, it is important to understand exactly what level of service all providers are offering. Many of them do not provide data backup across multiple data centers. In the event of a power failure, the servers fail and the files become inaccessible until the problem is resolved. Natural events, such as floods, can completely destroy your critical corporate data.
Leading providers offer data backup for individual sites, each located in areas with the lowest risk of flooding and connected to unrelated power sources. These capacities are connected to different networks in order to ensure the highest possible reliability and stability of the data center.
Typically, cloud backup providers create a number of data centers and place them within a particular country. And capacity expansion in such conditions is a multistage process, cumbersome and gradual. If you run an international business, then such providers cannot provide you with premium-free service issues. By definition, an international enterprise has a staff that ensures the operation of the enterprise in accordance with the laws of each country. Attracting localized cloud backup providers to work is not just ineffective, but can also lead to a violation of the laws of the country of location.
In contrast, the leaders of the backup industry have equipped DCs around the world and allow the client to receive information about which DC is used to store their data. Such providers also adhere to the concept of “elastic placement”, allowing customers to increase capacity as needed, without worrying about increasing storage space requirements.
One of the reasons why backup is slow is the need for the software to compare the previous structure of files and directories with the current goal of identifying what has changed. Unfortunately, at least 80% of the data is duplicated within an average enterprise. This is because users usually have multiple copies of the same file located locally, also shared or on removable drives. This significantly slows down the transfer of cloud data, incredibly expanding storage requirements.
When deduplication occurs, the time that is required for the backup is reduced just incredibly, because a lot of identical data is deleted.
For a quick recovery of the enterprise, backup should be carried out across multiple channels to ensure parallel transfer of multiple files. Using multi-channel recovery can significantly speed up the process of data recovery on the user's PC. Optimization of the global computer network (WAN) will also accelerate the backup recovery of recent changes, because the optimized network provides greater bandwidth. In the event of a network failure, you are guaranteed to be able to recover the most recent data.
Using the old principles of redundancy, some companies cannot perform a federated search, which quickly determines the location of information anywhere on the network. It is a risk to try to track down a file or implement new methods. Since federated search searches for files immediately over the network and across all devices in the enterprise, the location of the file is quite easily definable and you can collect files for legalized storage and to prevent data from being available for electronic search.
On the other hand, modern data backup solutions provide IT with transparency and simplify the practice of backups, storage and access to data. Leading companies in this area keep strict records to ensure enhanced IT oversight to preserve the integrity of information, such as intellectual property, from the possibility of unauthorized access in the face of growing mobile workforce resources. Detailed audit logs retain data on the activities of all users and administrators, giving the opportunity to review in real time and allowing organizations to fulfill their management and coordination needs.
If the activity of the enterprise is subject to industry regulation, then it is worth referring to providers that have already passed the necessary certification (HIPAA, PCI-DSS, ITAR) of their data centers and activities.
Take care of encryption key security
Encryption is vital for data security and most backup services offer it. However, encryption is not always a guarantee of the security of your working data. Are you sure your data is safe if someone has access to the encryption keys?
')
Some providers have responded to this situation in this way: they transfer the key for storage separately from the data and periodically change it. However, regardless of the steps taken, as long as the backup service provider has access to the encryption keys, your personal data is still not personal. And any subpoena, for example, will force providers to submit decrypted data, even if the keys have been deposited.
Another way to store keys is to place them on the server behind the client’s firewall to ensure exclusive ownership. But for cloud backup this solution is not suitable, because it still requires hardware for configuration and management, which in itself contradicts the idea of ​​a cloud service. In addition, an additional point of potential failure appears on the server, requiring additional data protection.
For maximum security, two-level encryption key management is recommended. The key is additionally encrypted using client credentials, and only a token is placed in the cloud. Thus, the provider does not have access to client encryption keys, and the user avoids the hassle of supporting servers. Only the user after authorization has access to the keys and, accordingly, to the data. And for even more security, the access token is destroyed after each session.
Find out who you trust data
Naturally, most of the clouds are actually located on the ground and are supported by many servers and other devices that require energy and protection from natural phenomena. Even though the reliability of the data center has greatly increased over time, the servers are still subject to failures related to energy, sabotage and natural disasters.
Therefore, it is important to understand exactly what level of service all providers are offering. Many of them do not provide data backup across multiple data centers. In the event of a power failure, the servers fail and the files become inaccessible until the problem is resolved. Natural events, such as floods, can completely destroy your critical corporate data.
Leading providers offer data backup for individual sites, each located in areas with the lowest risk of flooding and connected to unrelated power sources. These capacities are connected to different networks in order to ensure the highest possible reliability and stability of the data center.
Specify the nuances of the legislation of the country of placement
Typically, cloud backup providers create a number of data centers and place them within a particular country. And capacity expansion in such conditions is a multistage process, cumbersome and gradual. If you run an international business, then such providers cannot provide you with premium-free service issues. By definition, an international enterprise has a staff that ensures the operation of the enterprise in accordance with the laws of each country. Attracting localized cloud backup providers to work is not just ineffective, but can also lead to a violation of the laws of the country of location.
In contrast, the leaders of the backup industry have equipped DCs around the world and allow the client to receive information about which DC is used to store their data. Such providers also adhere to the concept of “elastic placement”, allowing customers to increase capacity as needed, without worrying about increasing storage space requirements.
Take care to avoid excessive duplication.
One of the reasons why backup is slow is the need for the software to compare the previous structure of files and directories with the current goal of identifying what has changed. Unfortunately, at least 80% of the data is duplicated within an average enterprise. This is because users usually have multiple copies of the same file located locally, also shared or on removable drives. This significantly slows down the transfer of cloud data, incredibly expanding storage requirements.
When deduplication occurs, the time that is required for the backup is reduced just incredibly, because a lot of identical data is deleted.
For a quick recovery of the enterprise, backup should be carried out across multiple channels to ensure parallel transfer of multiple files. Using multi-channel recovery can significantly speed up the process of data recovery on the user's PC. Optimization of the global computer network (WAN) will also accelerate the backup recovery of recent changes, because the optimized network provides greater bandwidth. In the event of a network failure, you are guaranteed to be able to recover the most recent data.
Follow the trends in backup systems
Using the old principles of redundancy, some companies cannot perform a federated search, which quickly determines the location of information anywhere on the network. It is a risk to try to track down a file or implement new methods. Since federated search searches for files immediately over the network and across all devices in the enterprise, the location of the file is quite easily definable and you can collect files for legalized storage and to prevent data from being available for electronic search.
On the other hand, modern data backup solutions provide IT with transparency and simplify the practice of backups, storage and access to data. Leading companies in this area keep strict records to ensure enhanced IT oversight to preserve the integrity of information, such as intellectual property, from the possibility of unauthorized access in the face of growing mobile workforce resources. Detailed audit logs retain data on the activities of all users and administrators, giving the opportunity to review in real time and allowing organizations to fulfill their management and coordination needs.
If the activity of the enterprise is subject to industry regulation, then it is worth referring to providers that have already passed the necessary certification (HIPAA, PCI-DSS, ITAR) of their data centers and activities.
Source: https://habr.com/ru/post/234797/
All Articles