Data Backup Security Considerations for MSPs

Managing one server can be complicated enough, but what if you have multiple platforms to protect? Multi-server platforms are more common as we transition to an environment of highly distributed, cloud-based platforms. As we move further, multi-tenancy is becoming the new black when it comes to digital ecosystems.

Despite claims to the contrary, these systems have not significantly improved backup security. Quite the opposite. Criminals now rake in about $1.5 trillion per year between identity theft and sales, crypto-mining, ransomware attacks, and other exploits. This is not just a concern for large organizations and government agencies, but for SMBs, who are statistically at higher risk.

Paying attention to backup security has an added benefit of ensuring privacy. This extends not only to your personal information, but data belonging to your staff, customers, and vendors. For this to work, all parties involved in your business should be fully informed about your company's stance on cybersecurity and policies.

The Importance of Backup Security

Approximately 89 percent of business growth results from new customer acquisition, but every new customer will generate a complex set of data. Depending on your business model, this means that you will have to manage data backups across several different systems: your customer’s website, your eCommerce platform, back-end customer management system, as well as the software your client relies on for business planning and accounting.

Each of these systems must be backed up, and each must be backed up securely. Whilst most quality software will now come with encrypted backup options as standard, there are also some general principles you can apply that will ensure that your data is protected and retrievable in case you fall victim to hackers.

Data Backup Security Considerations: 7 Steps

The first thing to recognize when you are reviewing your backup security is that this is a process and not an event.

Security doesn't stop after you’ve built your business systems: it's also an integral part of your machine maintenance. You need to protect your data both while it's in motion and at rest. All of our following suggestions work to secure most platform backup storage systems.

With multiple servers, you're increasing your end and access points. The best solution is to harden all potentially vulnerable areas, shrink your attack surfaces, and put measures in place to isolate any potential threats in real-time.

Here are seven steps to achieve those goals.

1. Initial Planning and Architecture Review

The best place to start is at the beginning. Before you put any security in place or move any data, you should perform a full review of your architecture, on- and off-premises storage capabilities, and your company's infrastructure. Some enterprises can work within a linear structure, but larger and more complex systems require more consideration. This is especially true if you're in the midst of digital migration or dealing with legacy databases.

This involves three steps:

• Performing an enterprise-wide audit
• Evaluating your needs to audit results and recommendations
• Implementing and configuring servers based on the results and recommendations

Further reading Building SMB backup infrastructure: local, cloud, and hybrid

2. Secure Your Networks

Security is applied to two main network access points. For network security, it's important to install a firewall to block access to your backup system. This allows only pre-selected hosts to have access to the ports that lead to your backup system.

Further reading Network Security Best Practices

3. Protect Your Ports

Firewalls are also important for protecting non-network-based ports from unauthorized networks and users. Make sure to properly configure and establish firewall rules and exceptions.

4. Encrypt Your Data

Data encryption is an essential but little-understood element of platform security. Every bit of data traveling in or out of your networks should be encrypted using military-grade AES 256-bit standards and SSL authentication that's suitable for the size and security needs of your organization. When choosing a host server, you should also look for extras like DNS leak protection and network monitoring.

Further reading Backup Encryption Options Demystified

5. Perform System Monitoring

There are different approaches to server monitoring, depending on the purpose and usage of your server. Distributed networks use a system of servers located in different geo-locations, which often puts website owners in different jurisdictions with varying rules on data collection, retention, and use - particularly when it comes to dealing with huge amounts (re: terabytes) worth of data. Any anomalies may mean that someone is using your resources or reveal coding hidden in your files.

Your application servers should be monitored to check for availability and responsiveness. Storage servers, which include your backups, also need to be monitored to check availability, but you also need to pay attention to their capacity and look for any delays or data loss. When you're monitoring web servers, they should be checked for user loads, speed, and security breaches or attempts.

In addition to capacity, server monitoring allows you to oversee component performance and operation on a micro-level. Elements like interface responsiveness, CPU utilization, and storage availability could reveal hidden exploits like crypto-mining and other attacks that involve resource theft.

6. User Access

Most backup systems will provide you with a system for managing user access to your backups, but this doesn’t mean that you shouldn’t audit these systems from time to time.

Access to your backups can be broken down into two types of access: users who need to access this data, and the clients that run on their machines. When deciding what level of access to grant each, there is a basic principle to keep in mind - employees should be given only enough access to perform their role, and nothing more.

It’s tempting, when designing a backup system, to give every employee access to the backups of the data they produce. Unfortunately, this will introduce security vulnerabilities into your systems. Instead, give just one employee access to backups, and put in place a managerial system for employees to request these data.

7. User and Client Authentication

No matter what backup system you use, and what user management system you have in place for managing access to this, you need to ensure that every user is authenticated each time they want to access your backups. This is particularly important if your staff work remotely because this increases the risk that a hacker can impersonate them and gain access to your systems.

Authentication needs not to be difficult to put in place, and in fact, most backup systems will provide you will automated tools to do this. Just make sure that you don’t rely on the basic password to authenticate access: instead, use two-factor authentication, or (even better) SSL.

Once all security measures are in place, it's important to run an initial pen test for any overlooked vulnerabilities. These should also be conducted periodically, especially after upgrades or when introducing new elements. Security storage planning and disaster recovery should also include a unified, enterprise-wide system for how, when, and by whom data disposal is conducted when information becomes redundant.

Further reading Guide to Two-Factor Authentication

Final Thoughts

With a combination of built-in server-side security, and tools you can install and use, your servers will have extra layers of security both on-premise and off. Our goal is to provide you with data backup security considerations that you can put into place today. Nothing is 100 percent guaranteed, but our suggestions bring you at least seven steps closer to protecting your data, reputation, and financial health.