Bereitgestellt von: Iron Mountain Digital / Iron Mountain
Backup encryption should be one of many activities that formulate a comprehensive security strategy. This Whitepaper shows best practices for protecting backup data.
Implementing secure data protection strategy requires planning and preparation. Getting started begins with developing the strategic policies concerning what data needs to be protected and then identifying that data and any copies of it within the enterprise storage environment.
The next step is selecting the most secure method for protecting the most critical data. This could mean electronic vaulting or data encryption. When it comes to encryption, the type and quantity of data to be encrypted, the capabilities of the existing reference architecture, constraints imposed by time windows, physical logistics and RTO requirements must all be considered. These considerations are true for electronic vaulting as well. For environments where limited amounts of data are to be encrypted, application/database encryption or backup application-level encryption may be appropriate. It also may be appropriate to vault this data electronically. For encryption of large amounts of data on selected hosts, file system encryption might be a good choice. For wide-scale encryption needs, a network-based encryption appliance would be the best option.
With any approach, the management process around secure data protection needs to be addressed. This process includes good encryption key management. Keys need to be totally secured yet readily available in time of need, and readily returned after the need has passed. Some appliances provide assistance in this area, making them even more attractive. Operating system vendors provide guidance in this process as well.
The standard operating procedures (SOPs) governing security of data at rest must contain a metrics base that tracks not only completion and compliance, but also the logistics management of both the physical data container and most importantly, the encryption key itself.
Finally, everyone who manages, administers or operates IT infrastructure needs to become security
conscious. Data protection security is as much a culture of awareness as it is a corporate policy directive.
To truly protect the organization’s critical data, continuous focus on culture, practice and control is
imperative to a successful, secure data protection strategy.
Dieser Download wird Ihnen von Dritten (z.B. vom Hersteller) oder von unserer Redaktion kostenlos zur Verfügung gestellt. Bei Problemen mit dem Öffnen des Whitepapers deaktivieren Sie bitte den Popup-Blocker für diese Website. Sollten Sie weitere Hilfe benötigen, verwenden Sie bitte unser Kontaktformular.
Publiziert: 01.04.09 | Iron Mountain Digital / Iron Mountain