July 13th, 2010
One of the major players in cloud computing – Amazon, are SAS 70 compliant. A small step forward towards safer environments as many commented but I see it as an important move – well done Amazon! As I stated in previous articles, cloud computing has to proof that that it is getting safer and safer. Ernst & Young carried out Amazon’s SAS 70 Type II audit, quite an assurance that the job was done to high standards. This means that remote online backup providers that use Amazon as their backend have one important layer SAS 70 certified, however, the backup service provider remains responsible and should implement the necessary security measure to protect their customers’ data.
Read more »
Tags: cloud computing, SAS 70, service providers, Type II
Posted in Audit, enterprise
» No Comments
March 1st, 2010
A good backup policy starts with a clear objective such as, – The Company’s Data Backup is the responsibility of the relevant user, department manager or asset owner, who must define which data/information are to be backed up, the Recovery Point Objective (RTO) and the Retention Time (RT). The RPOs and RTs must be updated on regular basis. All backed-up data/information should be stored both locally and off-site on backup media such as, tapes and must be encrypted using adequate encryption methods.
The best way to turn any policy into practice is by defining every single step required to achieve the statement goals. The main entities mentioned in the above statement are data requirements (RTO and RT elements), data owners and users, off-site storage and security. Such statement does not define specific technical details such as, data integrity checks and jobs schedules, however, it is important to include these steps without details in your procedure. Another procedure or document would be needed to show such details. Remember, that policy statements are initiated by a member of senior management and need to be implemented by lower levels in the hierarchy of the organization. Furthermore, such procedure in the form of a flow-chart should be understandable by senior management, otherwise they would be reluctant to approve.
Read more »
Tags: backup policy, data owner, enterprise, flow-chart, procedure
Posted in Audit, enterprise
» No Comments
February 15th, 2010
A remote or online backup solution is the way forward for off-site data protection. Due to regulatory compliance some corporations are holding back from going to this direction, however, much work is being made in this area and soon we have providers that will provide such conformity. On the other hand, the majority of SMBs that have no specific regulatory requirements and certainly most households should consider this platform as their main off-site backup solution.
Nevertheless, SMBs and households should not forget to backup their data locally first and then use a remote storage location as a second means of protection - my advice is:
Read more »
Tags: backup media, costs, management consoles, online backups, remote backup
Posted in Audit, Remote Backups
» No Comments
December 15th, 2009
How many computer users rely completely on application wizards? I have nothing against application wizards, in fact, I do recommend users to make use of these when they are using new applications and lack experience with that application. However, wizards most often set certain parameters to default values rather than adding an extra screen or step to allow the user to verify some advanced parameters! Wizards are tools with a sole purpose of making your life easier and hence, would assume many assumptions! Hopefully, safe assumptions rather than deceiving ones! But, is this ok with backup applications? Without debating whether this is correct or not, I would prefer to share with you the most important parameters to look for when performing a data backup: Read more »
Tags: data backup, restore, wizard
Posted in Audit
» No Comments
