By Matthew Brady, Daymark Consultant
With so many pieces of modern business moving to the cloud, sometimes it’s hard to know where to start. Backup has quickly found its way to the top of the list of processes, and perhaps headaches, that are driving companies to the cloud. The advantages are vast. Data is backed up offsite. Backups are managed and monitored which frees up IT staff to focus on other tasks. And backup services can be coupled with DR services. It makes sense.
However, this jump to the cloud with a company’s critical data may not be an easy sell. Cloud backup means there is no more tape or disk to look at and say “There’s our backup.” Before, IT controlled data security, and its own destiny. With the cloud, a once cumbersome task moves from being at center stage to an unseen, invisible place.
As a company moves to cloud backup, the question of security is bound to not only come up, but be at the center of the discussion. . So, what does secure cloud backup mean?
Enter the C-I-A Triad
The answer lies where all security questions lie: The C-I-A triad.
- Confidentiality
- Integrity
- Availability
Answering the big question means answering several smaller ones first. Do only authorized users have access to your backups? Is the data intended to be backed up the data that actually is being backed up and is it restorable? Can you restore the data when you need to restore it? If cloud backup answers “No” to any of these, the solution is not secure.
A multifaceted approach to security looks at not only making sure the data is safe from prying eyes, but it ensures restorability. It means that when you need to connect to do a restore that you will be able to do so. Taken to a larger scope, it means that when you need to restore a large amount of data, there will be a mechanism to do so. Secure cloud backup deals with the software and hardware as well as the service provider and how they operate. A truly secure cloud backup solution addresses the C-I-A triad, and it addresses each aspect fully.
Next blog: What features are needed to meet confidentiality requirements?