TECH GUIDE - Online Backup for PCs
By Cloud Direct • 28 May 2014
ONLINE BACKUP FOR PC: SECURITY OVERVIEW
Most company data originates with PC users, whether in the office, or on laptops or home computers. Cloud Direct's Online PC Backup service can capture and store this vital information regardless of its source - inside or outside the firewall - while dramatically reducing storage costs.
However, it’s not enough to backup the data: stored backups must also be secure from outside threats. Cloud Direct meets this need with a subscription service solution that truly and comprehensively protects the PC data that belongs to your company. Cloud Direct follows rigorous standards to keep this data safe, by following security best practices.
The bottom line: Cloud Direct takes data protection seriously, and goes to great lengths to protect customer data from all credible threats. The Professional PC Backup subscription service solution provides security at every level, from backup through storage through data retrieval. Hitachi calls the technology used by Cloud Direct's Online PC Backup solution “the gold standard for PC data protection.'
This document introduces the many security measures currently in place within the Cloud Direct data protection architecture to prevent unauthorized access or damage to customer data.
WHAT IS CLOUD DIRECT'S PROFESSIONAL PC BACKUP SERVICE?
Cloud Direct's Online PC Backup service solution is a client-server system for file backup from personal computers, over any TCP/IP network, to ultra-secure off-site facilities. The service has been developed specifically to meet the needs of UK-based small-medium sized businesses.
ONLINE PC BACKUP: SECURITY
Cloud Direct Online PC Backup service provides a level of security for the customer's data that is better than alternative practices for handling computer data. The following sections show how Cloud Direct uses technology that creates a secure environment for data transfer, data storage, and account management. Cloud Direct's security objectives have four aspects:
- Data Transfer Security: Prevents access to customer's data during transfer for backup or retrieval.
- Storage Security: Prevents unauthorized access to backed up data stored on the server.
- Management Security: Prevents unauthorized access while providing client account management.
- Facility Security: IBM and Iron Mountain physical security practices and facility hardening.
KEY SECURITY ASPECTS OF ONLINE PC BACKUP SUBSCRIPTION SERVICE
Data Transfer Security
The Agent is a small software application that runs on each PC under protection to manage all backup, retrieval, and heal activities at the client level. For example, the Agent scans the PC's disk, and determines what data to send to the Data Center servers at off-site, highly available, mirrored facilities.
Data transfer security features include:
- The Agent always initiates contact with the Data Center.
- SSL encryption (TLS 1.0) protects all customer information during transmission between Agent and Data Center.
- The Data Center server authenticates the Agent connection using the user encryption key, while the Agent authenticates the server using a digital certificate embedded in the Agent installation package.
- After authentication, the Agent encrypts every file flagged for backup with 128-bit Advanced Encryption Standard (AES) and sends the encrypted data to the Data Center. If enterprises use third-party encryption products, such
- as Microsoft’s Encrypting File System (EFS), to encrypt files on PCs, the Agent backs up the encrypted files.
- The Agent requires a valid password, or a valid technician ID and password, when a user tries to retrieve files. This can prevent unauthorized individuals with physical access to another person's client from performing retrieves.
- Changing the account status can temporarily or permanently prevent an Agent from backing up or retrieving files from stolen or unused clients. For example, when an employee leaves the organization, canceling their account prevents unauthorized individuals from accessing files that the former employee backed up.
- The Account Management Website is an administration tool that allows users to modify their own profile information, such as their password. The user must enter a valid password to access the Account Management Website. The optional MyRoam® administration tool allows users to retrieve backed-up files using a Web browser instead of the Agent user interface. Only specified users and communities can access the MyRoam tool.
All backup data is stored in secure, off-site facilities.
Storage security features include:
- The Data Center stores the 128-bit AES-encrypted files without decrypting them.
- Every account has a unique encryption key, used to encrypt and decrypt each file that the Agent backs up. Only the Agent that encrypted the file can decrypt it. The Agent uses 112-bit Triple DES encryption to send the encryption key to the Data Center securely. The Data Center escrows the encryption key on its secure server.
- Since facility servers do not provide a view to customer data, in the highly unlikely event that an individual were able to gain access to data files on the server, that individual would not be able to view the data.
Support Center technicians possess credentials, consisting of a valid Technician ID and an associated password. Technician accounts can have varying levels of access to Support Center's features, based on the permissions granted to the technician ID. For example, a given technician might have access only to specific communities.
Staff security features include:
- Access to Data Center areas is restricted to facility administrators only.
- Only Cloud Direct employees and signed-in escorted guests can gain access to the facilities.
- All Cloud Direct employees receive a picture ID/card-key for entry to the facility. Cloud Direct employees must display these badges at all times. Card key use logs are reported and reviewed regularly.
The data centres used by Cloud Direct currently protect over 3 petabytes (3 million gigabytes) of PC data for some 3 million users in its secure off-site facilities worldwide. These data centres are highly resilient and have achieved 99.99 percent uptime for the past ten years, with most months 100 percent.
Facility security features include:
- All data received by either mirrored facility is immediately replicated to its mirror by high-speed links.
- Outages or disasters at either facility do not interfere with the availability of the data.
- All servers run a hardened version of Microsoft® Windows Server, using Microsoft best practices and security patches and service packs.
- Up-to-date virus protection: never a business interruption due to viruses.
- Intrusion detection systems monitored by an Underwriter Laboratories-listed station.
Physical security features include:
- Cloud Direct uses data centres managed by HP, located in Milton Keynes and Brussels.
- Level 9 (Ultra-Reliable Data Center) rating by independent security consultants BRUNS-PAK.
- Level 4 (highest) EU Security Rating.
- Admittance by electronic access and internal/external closed circuit television monitoring and recording.
- Redundant commercial power feeds, with redundant generators for full backup power for up to 7 days.
- Clean air fire extinguishing system (CAFES) with a pre-action (dry pipe) sprinkler system as a backup.
- Internal/external alarms monitor motion detection, temperature, “waterbugs”, smoke and fire detection, 24x7.
- FM-200 Waterless Fire Suppression Systems, plus OSHA- certified fire brigade and EPA-certified water treatment.
- 24x7 maintenance and service operations.
Share this post