Endpoint Backup Basics
The risk of data loss can keep any IT administrator awake. The disappearance of data can cause significant expenses and even serious damage to the credibility of a government agency and significantly affect the productivity of individual employees and work groups.
In the health care industry, violations of the Health Insurance Portability and Accountability Act (HIPAA), a law that protects the privacy of patient information, can range from $1,000 to $50,000 per incident. Publicly traded companies are subject to compliance with Sarbanes-Oxley which promotes integrity in their accounting and auditing practices. And, of course, there is the issue of protecting intellectual property, customer data, and sensitive communications, which are often created and stored on end devices and are valuable to the organization.
IT administrators face considerable challenges in protecting and securing valuable corporate data for today’s mobile workforce, with users accessing and creating data from a wide variety of locations and networks. Protect your business-critical information from breaches and leaks by choosing an endpoint backup solution that features enterprise-grade security with the strongest encryption, access control, cloud and private cloud security features, and data loss prevention capabilities.
Because endpoint devices frequently connect to unprotected networks, endpoint backup solutions must encrypt data in transit and at storage to prevent unauthorized viewing of sensitive corporate data. Data in transit must be protected with encryption such as 256-bit SSL, which allows users to securely access corporate data without the use of a VPN. Stored data must be protected with encryption such as 256-bit AES, established by the National Institute of Standards and Technology (NIST) and adopted by the government, financial institutions, and other organizations that require the highest level of security.
Access, restorations and versioning:
To accommodate today’s anytime, anywhere workstyle, choose backup software that allows data access across multiple devices, regardless of operating system, and offers users the option of self-service restore. Support for unlimited file versions is essential so that data can be restored at any time, in cases of user error or file corruption.
Make automatic and transparent backups
Backup solutions should be automatic and transparent at best, or at least trivially easy, ideally with no user interaction required. Users must receive training on how to restore information, unless IT handles this function on behalf of users.
Particularly when bandwidth is an issue, make sure the backup solution you choose can support a globally distributed network without taxing existing systems. One of the biggest barriers to end-user adoption is a supporting product that slows them down.
Ease of Administration:
He has enough on his plate. Look for a system with minimal administration that is consistent across all platforms. An administrator should be able to manage thousands of users in a single administration console. Roles and permissions should be easy to assign and change.
Authentication and management
An enterprise-grade backup solution should provide integration with corporate directory services such as Active Directory or OpenLDAP. As enterprises move toward cloud identity management tools, single sign-on (SSO) support should also become available.
Multiple deployment options: Many organizations have discrete data classifications (ie, sensitive, non-sensitive, low, medium, high security, etc.), as well as rules that govern where classes of data can be stored. In organizations that are dispersed throughout the world, these requirements may change from region to region. Look for a solution that can be implemented to meet your needs; not one that requires you to fit the data into the implementation that the vendor sells.
Private cloud security:
For a private cloud implementation, select a solution with a server architecture that protects your network from intrusions by allowing you to block your incoming firewall ports from unsecured incoming connections. This can be done by placing an edge server in a subnet with limited connectivity (demilitarized zone), while the cloud master and storage nodes remain behind the corporate firewall. Incoming backup and restore requests from outside the corporate network are forwarded by the edge server to the cloud master over a secure connection. Therefore, authentication and data storage occur behind the corporate firewall without opening any ports of entry.
Data Loss Prevention
34% of data breaches occur as a result of a lost or stolen device. Protect data on laptops, smartphones, and tablets from breaches and leaks with an endpoint backup solution that includes data loss prevention capabilities. Endpoint backup solutions must encrypt files on devices by leveraging endpoint operating systems’ built-in encryption technology, such as the Microsoft Encrypting File System. Administrators should be able to easily configure which files and folders are backed up to ensure sensitive corporate data is protected without requiring full disk encryption. Endpoint backup solutions must include geolocation and remote wipe capabilities. Administrators must be able to identify the exact location of an endpoint device at any time and initiate a remote disable on a lost or stolen device, as well as configure an automatic wipe policy to wipe data if a device has not connected to the server. backup for a specified number of days.
With the proliferation of data on laptops and mobile devices, organizations must maintain visibility and control of how regulated data is accessed, shared, and distributed to ensure compliance. Yet only 19% of IT professionals say their organizations really know how much regulated data is on end devices like laptops, smartphones, and tablets. If your organization handles regulated data, audit trails are an essential feature for meeting compliance needs, as they allow stakeholders to see how, when, and where data is being accessed, shared, stored, and deleted. Audit logs provide IT with insight into data activity so administrators can stay aware of data risks. When audit logs are combined with global policies that allow administrators to set privileges around data access and sharing, regulated organizations can ensure endpoint data compliance.