By Saaher Muzafer, Sales Director at SecurStore Online Backup
August 13, 2010

SecurStore Online Data Backup Expert Tips: Strategizing For Compliance

Does every audit check cause you nightmares? Do you find yourself dreading what kind of information your auditor will call for? Do you wonder whether you will be able to provide the information? Do you heave a sigh of relief if you get certified as compliant at the end of the audit and wonder how you managed it? You would not be thus embarrassed or agitated if you but remember that ‘compliance’ is not a set of items extracted from logs and configuration files to be ticked off by an auditor. It is a process, a project that must run in parallel with every data protection and data backup project that you undertake.

Compliance with reference to data generation, transmission and storage is a strategy with emerges from a sound understanding of the demands to compliance and the needs of the organization. A compliant business is one that integrates standard data generation and storage processes with security guarantees and continuous compliance. The compliance protocols must extend to physical and virtual environments. The intent to compliance implements best practices for security, data availability and protected access to IT resources.

The process of continuous compliance is often initiated with an exact inventory of the state of available infrastructure vis-à-vis the compliance requirements with an evaluation of data generation, transmission and storage protocols. Once this is known, the gaps in compliance can be cemented; standards can be created and every new server purchased or virtual environment created for data generation, transmission and storage can be measured against the compliance standard so determined. It will also be strategic to put in place a policy of data system scans at judicious intervals to ensure that data files are not damaged or changes have not been effected to data files by unauthorized entities between audits. In other words, the organization creates an accurate current status record and a system of verification that ensure that deviations or changes are all authorized.

Continuous compliance requires security of access to physical data resources and electronic data storage resources. It demands that the security awareness and implementation extends beyond data storage to the generation and transmission of data. So, continuous compliance implies that the organization meets the minimum standards required with regard to authentication and authorization systems and the soundness of the user management controls on customer information. In other words, the organization needs to ensure that only authorized users have access to physical and electronic IT data resources and customer information is handled only by persons authorized to do so. Organizations may also need to ensure that the customer data is encrypted and secure while it is being transmitted across networks and the key to decryption is available only to authorized individuals.

All the above efforts will make for faster and simpler compliance. It will keep the IT and audit on the same page and will help the operations teams figure out how to make changes intelligently and securely without compromising compliance. There will also be visibility across security and operations for policy making and monitoring of privileged accounts through any modification that may be required. Risks of non-compliance are reduced and audit teams can be presented with reports that show that the compliance rules exist for physical infrastructure and also for the virtual environment.

To summarize the steps to compliance:

  • Make an inventory of existing infrastructure and systems
  • Examine the items inventoried against compliance standards
  • Create standards of compliance
  • Cement the gaps between existing infrastructure and compliance requirements
  • Measure every new virtual or non-virtual environment against standards defined
  • Understand security risks and limit access to physical or electronic resources using authentication and authorization protocols and management controls
  • Monitor changes to existing data and ensure that such changes are carried out by authorized personnel

SecurStore provides a bespoke offsite backup solution catered for customers who have both mission critical data and non-critical data i.e. it provides customers with a secure & efficient backup and recovery solution which is sustainable over time. This coupled with agentless technology and advanced support for all environments and applications makes it suitable for any type of business, data centre provider or reseller.

About the Author: Saaher Muzafer is Director of Sales at SecurStore, an Asigra based cloud backup provider certified by British Standards Institute for ISO 27001 and ANAB. Established in 1991, SecurStore provides businesses and enterprise customers a technically advanced solution in UK, Europe, USA, Africa, Asia and the Middle East.

Like us on Facebook

Do you like this post? Subscribe to our RSS feed ===========================


Related posts:

  1. SecurStore Online Data Backup Expert Tips: What is ISO 27001?
  2. SecurStore Online Data Backup Expert Tips: Periodic Third Party Scans And Audits For Online Backup
  3. Securstore Online Data Backup Expert Tips: Unwise Moves – Crossing Bridges on the Fly
  4. Securstore Online Data Backup Expert Tips: The Problem of Securing Data Encryption Key
  5. SecurStore Online Data Backup Expert Tips: Face It! Data Security is a Pain in the Neck
  6. Data Deposit Box Online Backup Expert Tips: Challenges with Compliance
  7. SecurStore Online Data Backup Expert Tips: Certification by BSI for ISO 27001 Also Applies as an ANAB Certification
  8. Securstore Online Data Backup Expert Tips: Capturing Data from Traditional Backup Solutions
  9. Securstore Online Data Backup Expert Tips: Cost Savings while Using Cloud Backups
  10. Securstore Online Data Backup Expert Tips: Defense in Depth – Cloud Security Strategies

Tags: , , ,