When it comes time to evaluate cloud to cloud backup solutions, security and compliance (as they relate to your data) will be major factors in your decision. It is for this exact reason that we dedicate the second post in this series to data encryption, data retention, and SLAs. Read on and ensure that the criteria below are absolutely included when its time to evaluate a cloud to cloud backup vendor. And if you missed our first post about data storage and backup functionality, check it out here.
Encryption & Security
While there is no such thing as perfect security, understanding the safeguards built into the storage of your backups is critical: how protected is your data in the event of a breach?
First, you should make certain that your data is encrypted when at rest. That is to say, the data in your backup system is encrypted at all times, such that a hacker stealing the file does not expose the data.
Second, you should understand the encryption-key management techniques used by your future cloud to cloud backup vendor. The two primary key management options are:
- Single Key for All Customers: This option is the least secure because if this one key is compromised then all customer data is at risk.
- Key per Customer, User or Object: This is more secure as long as these keys are likewise protected by some other master key. In these cases, an intruder would need to compromise progressively more keys to get access to your data. Finally, you should understand how the application (and thus the employees of your backup vendor) manages the keys and provides access to your data. If your application offers restore or export functionality, it needs to decrypt the data, and therefore needs to manage keys that can decrypt. Find out the policies within the company for managing the keys and what employees (if any) can see your organization’s data.
Retention policies are quite different depending on the industry and range from company to company as well. Assuming you know your company’s policy for retaining data, compliance around the timing of a permanent deletion of your backed up data should be considered. If your company has specific data-retention requirements, determine whether or not the vendor can support these. Some cloud to cloud backup vendors offer the ability to set a specific time period after which backups are cleaned out, while others will require you to do so manually.
SLA and Data Integrity
When it comes to a cloud to cloud backup service, the most important aspect of the SLA (Service Level Agreement) should relate to the reliability of the service to back up your data and if you need to restore data, must first have the right data backed up. This is different than durability, which guarantees that your backups won’t degrade or become lost over time. Backup integrity ensures that your data is accurately duplicated during the backup process. Be sure to ask your vendor what their SLA guarantees as to the integrity of a backup data.
Want to learn more about the necessary requirements for a cloud to cloud backup evaluation? Download the ebook below.