When budget constraints demand cut backs, the first causality is security. CIOs know that global surveys repeatedly underscore the point that there is a high likelihood that the enterprise network will be hacked and costs to recover will escalate. Yet, they are helpless. Day to day business activities consume IT resources and budgets; and there is very little left over to allocate for security. The management is always willing to take a chance that their systems will not get hacked.
Desperate CIOs will, therefore, find the cloud backup and the guarantees of data security extremely attractive. We are now entering the Post PC era where security is not the concern of the CIO. The Cloud Backup Service Provider defines a security policy and implements it as part of the service. The service level agreements detail the security arrangements and all that the CIO needs to do is to evaluate whether the cloud backup and recovery service that has been chosen gives the enterprise the necessary security guarantees and is in a position to implement it.
What should be looked for?
Cloud backup and recovery systems have a sound security policy in place. Since data is being transmitted over the Internet, source based encryption is made automatic and mandatory. The encryption protocol itself is sufficiently hacker proof and robust to withstand any kind of brute force attack. The algorithm used often meets the international cryptographic standards and is often evaluated and certified by third party certifying agencies. The data remains encrypted in storage and is accessible only to authorized personnel of the data owner. The key used to encrypt the information is user defined and available only to the user who defined it.
The cloud backup and recovery management console facilitates configuration of user machines and users. Once configured, the user management system allows access only to machines/users that have been identified by the system administrator and have been given the appropriate rights and permissions for access.
Alarm and event settings are integral to the cloud backup and recovery system. Alarms and events are graded according to severity and flagged for attention. Events such as “failure of backup” or “attempt at unauthorized access” generate alarm and alert reports and trigger off emails to the system administrator for immediate action. User logs and event logs are available for detailed analysis for potential and existing issues with the security system.
In short, the security problems of silos are history. CIOs can ride cloud backup and recovery systems and leave worries of security to the cloud backup vendor!