GDPR: Back-up & disaster recovery
- September 1, 2018
- Posted by: Mouad SBAYLI
- Category: Resources
When disaster strikes
Businesses need to ensure if data is lost, compromised, corrupted or deleted it can be quickly and securely recovered. Also, employees can make mistakes and unfortunately some businesses do have malicious insiders. In these cases you need to ensure you:
- Make lost data valueless if found
In other words, encryption methods that keep data safe if a device with personally or professionally identifiable information on it is lost or stolen.
- Remote kill and wipe
To easily remove data from lost or stolen devices, or render them unusable, no matter where they are in relation to the user.
- Act and report
Make a notification of any data breach within 72 hours.
Wishing you a speedy recovery
Business continuity is basically about two things: reliable and bomb-proof (perhaps literally!) data backup, and rapid data recovery. When looking for back-up and recovery solutions consider the following:
- Recovery Point Objective (RPO): how much data your business can afford to lose before it causes any real and lasting damage? This determines how often backups need to be performed, what volumes and formats of data need to be involved, and how robust the backup environment is.
- Recovery Time Objective (RTO) not only how rapidly backed-up data be accessed but actually redeployed – not just files and folders, but settings, too – to get the business back on its feet post-incident
- Can recovery data be accessed or used during the recovery process? (could take hours/days to recover)
We don't have a problem
Organisations are mixing and matching physical IT infrastructure and highly virtualised data centre environments, and often shifting workloads between them. Backup and recovery needs to cover all bases:
- Physical and Virtual Backup:
look for solutions that work seamlessly across physical/virtualised environments with a single console for multiple users and backup accounts; flexible deployment; restoration of data and applications in seconds
- Cloud backups:
solutions should have mirrored data centres to keep data constantly available even through faults and outages, military-grade encryption for compliance, and ‘anytime, anywhere’ restore via the internet.
- Cloud-to-Cloud Backup:
Don’t be fooled into thinking online data (e.g. Office365, Google Apps) is protected – they rely on the recycle bin which is regularly purged! Look for solutions that allows you to easily backup, manage and recover cloud data.
- Offsite and Replication Solutions
If data has to be held offsite (Legal/compliance requirements) the solution needs to allow restoration of data directly from the offsite location.