[BreachExchange] What backup security measures protect against data breaches?

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jun 29 15:01:02 EDT 2018


https://searchdatabackup.techtarget.com/answer/What-
backup-security-measures-protect-against-data-breaches

Hardly a day goes by when there isn't news of a new data breach.

Even though each one has been unique, the breaches have collectively
demonstrated that hackers will exploit any available resource in an effort
to gain access to data. This includes backup systems. The question
therefore becomes a matter of how best to protect backups.

Backup security measures inevitably vary from one organization to the next.
For example, protections for tape-based backup are different from
protection for disk backups.

If your organization is backing up to tape (or other removable media), then
one of the most important backup security measures to consider is that the
tape could walk right out the door. As such, it is important to physically
restrict access and to ensure that, if a tape is stolen, its data is
unusable. You can accomplish this protection through certificate-based
encryption.

Having the tape drives reside in a data center already provides some degree
of physical protection, because a random person off of the street probably
can't just walk in unimpeded. However, there are other backup security
measures you can take. If, for example, tape backups run overnight, then
schedule the backup jobs so that they complete just as the backup operator
is arriving for work in the morning. That way, the backup operator can
immediately remove and secure the tapes.

In the case of disk-based backups, the backup storage must be physically
secured against theft, but there are also other considerations. Make sure
that the backup target is on a dedicated network backbone that only
includes backup servers and targets. Additionally, all traffic in and out
of the backup servers should be encrypted using Internet Protocol Security
or something similar. You can add an additional layer of security by moving
backup traffic -- between your backup servers and the resources that they
are protecting -- to a dedicated virtual LAN.

Just as an organization needs backup security measures for tapes to be
protected against theft, the disks in your backup appliance need protection
as well. Encrypt the disks using BitLocker or something similar. It's also
important to have a rigid protocol in place for securely disposing of used
backup disks whenever they are replaced.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180629/f2e1e4f9/attachment.html>


More information about the BreachExchange mailing list