This chapter specifically talks about data at rest and how critical it is to backup systems. Having backups will help minimize an organization’s downtime in the event an incident occurs that destroys a system. Organizations should have detailed policies in place to determine who will be creating backups, the scope of the backup, a backup schedule, and how the backups should be stored. While backups are important to perform it is only one portion of data protection and organizations also need to verify data is being protected in various states such as in transit, processing, and at rest. Each of these states can be secured by using proper encryption algorithms, hardening systems, and securely storing data. Data should be encrypted when necessary and have proper access control implemented. Lastly, it is also important to have policies on data retention and destruction to make sure organizations are properly destroying unneeded information while abiding by any laws and regulations.
This Chapter talked about a variety of data protection mechanisms, focusing on protecting data in storage. One key point I took away from the reading was that there are a lot of different options for backup, and that the primary objective is to promote Availability. A variety of technologies can be used, including local, centralized, continuous data protection, cloud-based, or mesh. The variety of options stood out to me, as it seems like there should definitely be risk-based decisions made in selecting which technology is most appropriate for backup, depending on availability needs such as recovery point objectives and recovery time objectives defined in continuity planning.
I think you bring up a great point about how backup methods can be selected with a risk-based approach. I think the risk in this scenario will often end up being what is the risk of losing the data, how much data, and also the risk of a prolonged restoration period. Money plays heavily into all of that. And those decisions do not rest solely, or even mostly, on IT. The wider variety of options at least means that organizations can customize the methods to fit specific situations and specific data.
As is evident from this chapter, data protection spans a wide variety of technology and methods. One data protection technology I find to be fascinating is data loss prevention technology. I’ve seen DLPs configured on just email gateways to block or automatically encrypt PII. Sophos, the antivirus tool, has a DLP feature to block all removable storage devices that are plugged into a computer. As was mentioned in the book, DLP solutions can scan files on the network and automatically tag them to monitor sensitive data. The most comprehensive and effective DLP solutions out there are pricey, but they are effective. In my limited experience, I believe DLPs are becoming more important and more widely used.
An important takeaway from this reading is an understanding of the different scopes of data backups an organization can decide to implement. The most universally-implemented backup scope is file/directory data backup. This backup method only copies files and folders from the machines, and does not include any information related to software, OS configuration, or registry settings. Many organizations only back up the folders most likely to contain important user-created files, such as Documents and Desktop. The second, most comprehensive form of backup is an image backup. In this method, the organization copies the full contents of the target hard drive, including registry settings and installed software. This allows for a comprehensive recovery of a machine if needed, but is more resource-intensive. Finally, organizations can utilize shadow backups, whereby copies of targeted files on a machine are backed up on a frequent time interval to allow for on-the-fly reversion of changes to the files. Since this method is also resource-intensive, shadow copies are generally discarded after a relatively short period of time (after only a few days, in some cases).
I thought the section on Data Loss Prevention (DLP) was interesting. Data loss can be from internal or external sources, therefore it is imperative that organizations have security measures and controls in place to prevent data loss. One method is by not collecting the data in the first place and using a different identifier instead such as a customer number rather than a social security number. The management team for one application that I work with chooses to obfuscate or mask the data when it comes in from outside organizations. While my organization recognizes the most optimal method is to not collect the data at all, it is not possible in this instance and at least data masking practices are in place. Another control my organization has in place is DLP warnings or triggers. If a user does something deemed suspicious, such as sending attachments to an external email or copying and pasting certain information a warning comes up asking if the employee intends to perform the action. The employee has the option to cancel the action or move forward. If the employee chooses to move forward, they are required to write an explanation. In both cases their manager is notified and is required to review the information and approve the DLP trigger as “ok” or forward the information to the Information Security team for further review. I think this is a good example of data extrusion management described in the chapter.
In this week’s reading, Chapter 9, an important takeaway that I thought was interesting to bring up was the different methods an organization may have as the first line of defense again cyber attacks. The chapter talked about image backup, file/directory data backup, and shadowing. I also thought it was interesting to know the differences between local backup usually within one computer and network backup system. I think the best way to backup data for organizations is to have continuous data protection (CDP) plan in place. This way data is continuously synchronized and up to date with the server. Having appropriate technical controls will be paramount in order sure that this data stored will not be exposed or even deleted maliciously.
One of the very important parts of data protection is backup. Without backup, the organization will have the threat of data loss when an incident happened. There are three degrees of backup scope: only data files and directories, an image backup of the entire hard drive, and shadowing each file being worked on. File/Directory data backup is the most common. It only backup the data on the computer, but not the programs, registry settings nor other customization information. The image backup is including the entire hard drive, programs, data, personalization setting, and all other data. The shadowing is for each file being worked within few minutes, it will send a backup copy to the hard drive or other location. Most of the companies have a combination of full backups and incremental backups to ensure the data can be saved periodically.
I agree, backups are a key component to mitigate against data loss. The text also calls out employee training, which is perhaps as important as backing up data. Even if all data is backed up, an employee can cause data leaks, be it inadvertently or maliciously.
An interesting takeaway from this chapter is digital rights management (DRM). While it restricts what people can do with data, it can also be easily circumvented leading to data loss. A simple example presented in the reading is that an organization may restrict an individual from downloading, saving, modifying, printing, etc., a document, but there is nothing preventing a person from taking a screen capture. The book suggests that this can be easily mitigated by presenting partial information by hiding contents, formulas, etc. But this seems far too simple of an approach for threat actors in today’s environment who are well equipped to breach the security systems and cart off with copies of the actual document/data.
Sadly, there’s always going to be a way to circumvent whatever. That being said, we should always strive to be constantly securing our data no matter how big a challenge. Any step in the right direction, no matter how small, is always a good step.
Managing data is important for businesses that rely heavily on computing technology. If steps are not effective in protecting corporate data, it can lead to a number of serious issues including damage to one’s reputation and a lost in financial assets and company data. This is why the “data backup” process has been relied on to create a copy of data that can be recovered in the event of a data loss or breach. The Continuous Data Protection (CDP) process stood out to me for the simple fact that its backup data protection is nonstop and with real-time backup, there is no limit to restoring data, little to no data is loss, and if one site flops, another is there to assist in updating the backup protection.
Hi Christopher. That’s an interesting point that you bring up. Organizations are now more diligent in managing their data especially in protecting their data. This is why many companies and organizations are now using the cloud to store their data since their information can be better stored and retracted. Also, the cloud allows data to be continuously synchronized and up to date with the server. At the same time, having appropriate technical controls is essential in order to backup data stored on the cloud.
Your presentation of CDP is an important that is probably overlooked. I like how you highlighted and emphasized in this weeks reading. I know that this concept definitely should be considered for the government to help ensure that they are able to fulfill the “Open Records Requests”.
In this chapter, I learned about the importance of Data Recovery and backup methods. The most common type of backup is file/directory data back up, this way only backs up data but not applications or their program settings, or any customization settings. This type of backup focuses on specific areas and is more common especially for daily use, for example, someone like me and you might choose to back up our photos and videos once a month. Image backup is when the entire hard drive is backed up to media, including personalized settings. The image backup includes everything, and a broken hard drive could be recovered in a new machine. This is the slowest kind of backup and doesn’t happen as frequently. Shadowing is when a backup of each file being worked on is written every few minutes to another hard drive or location. This is a real-time backup, with the previous two, everything created or changed after the file backup or image backup is lost. However, because it’s real-time, the storage for shadow backup is limited. When it is maxed out, the oldest files are deleted to make room for newer files.
This chapter emphasize the importance of data protection including data encryption, access limitation, and backup. One key point that I took from this chapter is how a system could increase both the reliability and speed of hardware backup by using an array of drivers. In a system with one hard drive, a disk failure can lead to catastrophic data loss. With multiple drives in one system, failure of a single drive in the array would not precipitate data loss. An array of drives can also increase read-write performance. Disk performance is increased because data can be written to, or read from, multiple disks simultaneously. In addition, disk arrays help manage enormous amounts of data efficiently and reliably.
One key takeaway I had from this reading was the topic of data storage policies. Policies around backups are vital and can help mitigate the risk of a company losing all of its data. A company needs to determine where the backed-up data will be stored. This storage site should always be separate from the main site. Companies also need to provide a frequency for the backups. This amount of time will vary based on the company and the risk tolerance of the IT department. The next policy decision that needs to be made is the encryption of the backups. These backups should always be encrypted to avoid data being read in transmission. Finally, companies need to have access control policies around their backups. Since backups contain sensitive information, access to backup data should be extremely limited.
Encryption backup protection surpasses email passwords, so I would certainly go for this kind of policy decision. This protection has another layer of security by the encrypted backup that prevents unauthorized people from tampering with the data.
RAID is a common configuration found in corporate environments big and small. Cloud service providers aside, RAID configurations provide organizations with a level of redundancy and performance increases based on specific RAID configurations.
Desktops and personal computers are often not configured with RAID. AS redundancy and reliability requirements increase, more complex RAID configurations are able to provide higher levels of fault tolerance and faster throughput. However, the increased RAID configuration will increase the overall cost of the setup, including that involved with the number of disks and host machines.
The most interesting part of the chapter for me was 9.4, Data Storage Policies. Every company should have strong policies and this section specifically walks and explains why each policy or subtopic of a security policy is important:
1. Backup Creation policies: should address, what data should be backed up and how frequently
2. Restoration Policies: should test and audit a sample restoration to confirm that is works
3. Media/Storage Location Policies: How can data be stored and where can this backup physical copy be kept
4. Encryption policies: Should mandate that all backup data be encrypted
5; Access Control policies: Should limit who has access to the backup data
6: Retention Policies: What data will be kept for how long.
7: Audit: Of course audits should occur to help ensure compliance.
I particularly found the retention section valuable and hope that each company has a specific retention policy that covers what data will be kept for how long and in what medium.
This section wraps up nicely with the training section. The human is the biggest risk factor and reason for noncompliance so ensuring that the employee is trained on the risks and the policies is helping to ensure compliance.
These policies are well needed. Organizations need to ensure that the steps they took to have good data storage policies are greatly secured at every level. The retention policy is also key in managing and protecting important data to evade from any financial losses from poor data management policies.
Whenever I think about Data Protection, I always think about the balancing act between Confidentiality, Integrity, and Availability. You can never talk about 1 of the 3 without bringing up the others. While data protection is obviously important, and I say this all the time, you wouldn’t buy a $1000 safe to hold $100. The same goes for the other two. It is important that no matter what decisions we are making, that we are always trying to maximize business value. The best way to protect data is to keep it offline and put it in a safe and drop it at the bottom of the ocean. The data might be secured, but it becomes worthless to you because it has virtually no availability. One of the main topics in this chapter is data backups. Having backups is essential because it can literally save your business, but then you have to sacrifice some confidentually. After all, the more copies you have of something, the less secure it becomes.
This chapter specifically talks about data at rest and how critical it is to backup systems. Having backups will help minimize an organization’s downtime in the event an incident occurs that destroys a system. Organizations should have detailed policies in place to determine who will be creating backups, the scope of the backup, a backup schedule, and how the backups should be stored. While backups are important to perform it is only one portion of data protection and organizations also need to verify data is being protected in various states such as in transit, processing, and at rest. Each of these states can be secured by using proper encryption algorithms, hardening systems, and securely storing data. Data should be encrypted when necessary and have proper access control implemented. Lastly, it is also important to have policies on data retention and destruction to make sure organizations are properly destroying unneeded information while abiding by any laws and regulations.
This Chapter talked about a variety of data protection mechanisms, focusing on protecting data in storage. One key point I took away from the reading was that there are a lot of different options for backup, and that the primary objective is to promote Availability. A variety of technologies can be used, including local, centralized, continuous data protection, cloud-based, or mesh. The variety of options stood out to me, as it seems like there should definitely be risk-based decisions made in selecting which technology is most appropriate for backup, depending on availability needs such as recovery point objectives and recovery time objectives defined in continuity planning.
I think you bring up a great point about how backup methods can be selected with a risk-based approach. I think the risk in this scenario will often end up being what is the risk of losing the data, how much data, and also the risk of a prolonged restoration period. Money plays heavily into all of that. And those decisions do not rest solely, or even mostly, on IT. The wider variety of options at least means that organizations can customize the methods to fit specific situations and specific data.
As is evident from this chapter, data protection spans a wide variety of technology and methods. One data protection technology I find to be fascinating is data loss prevention technology. I’ve seen DLPs configured on just email gateways to block or automatically encrypt PII. Sophos, the antivirus tool, has a DLP feature to block all removable storage devices that are plugged into a computer. As was mentioned in the book, DLP solutions can scan files on the network and automatically tag them to monitor sensitive data. The most comprehensive and effective DLP solutions out there are pricey, but they are effective. In my limited experience, I believe DLPs are becoming more important and more widely used.
An important takeaway from this reading is an understanding of the different scopes of data backups an organization can decide to implement. The most universally-implemented backup scope is file/directory data backup. This backup method only copies files and folders from the machines, and does not include any information related to software, OS configuration, or registry settings. Many organizations only back up the folders most likely to contain important user-created files, such as Documents and Desktop. The second, most comprehensive form of backup is an image backup. In this method, the organization copies the full contents of the target hard drive, including registry settings and installed software. This allows for a comprehensive recovery of a machine if needed, but is more resource-intensive. Finally, organizations can utilize shadow backups, whereby copies of targeted files on a machine are backed up on a frequent time interval to allow for on-the-fly reversion of changes to the files. Since this method is also resource-intensive, shadow copies are generally discarded after a relatively short period of time (after only a few days, in some cases).
I thought the section on Data Loss Prevention (DLP) was interesting. Data loss can be from internal or external sources, therefore it is imperative that organizations have security measures and controls in place to prevent data loss. One method is by not collecting the data in the first place and using a different identifier instead such as a customer number rather than a social security number. The management team for one application that I work with chooses to obfuscate or mask the data when it comes in from outside organizations. While my organization recognizes the most optimal method is to not collect the data at all, it is not possible in this instance and at least data masking practices are in place. Another control my organization has in place is DLP warnings or triggers. If a user does something deemed suspicious, such as sending attachments to an external email or copying and pasting certain information a warning comes up asking if the employee intends to perform the action. The employee has the option to cancel the action or move forward. If the employee chooses to move forward, they are required to write an explanation. In both cases their manager is notified and is required to review the information and approve the DLP trigger as “ok” or forward the information to the Information Security team for further review. I think this is a good example of data extrusion management described in the chapter.
In this week’s reading, Chapter 9, an important takeaway that I thought was interesting to bring up was the different methods an organization may have as the first line of defense again cyber attacks. The chapter talked about image backup, file/directory data backup, and shadowing. I also thought it was interesting to know the differences between local backup usually within one computer and network backup system. I think the best way to backup data for organizations is to have continuous data protection (CDP) plan in place. This way data is continuously synchronized and up to date with the server. Having appropriate technical controls will be paramount in order sure that this data stored will not be exposed or even deleted maliciously.
One of the very important parts of data protection is backup. Without backup, the organization will have the threat of data loss when an incident happened. There are three degrees of backup scope: only data files and directories, an image backup of the entire hard drive, and shadowing each file being worked on. File/Directory data backup is the most common. It only backup the data on the computer, but not the programs, registry settings nor other customization information. The image backup is including the entire hard drive, programs, data, personalization setting, and all other data. The shadowing is for each file being worked within few minutes, it will send a backup copy to the hard drive or other location. Most of the companies have a combination of full backups and incremental backups to ensure the data can be saved periodically.
I agree, backups are a key component to mitigate against data loss. The text also calls out employee training, which is perhaps as important as backing up data. Even if all data is backed up, an employee can cause data leaks, be it inadvertently or maliciously.
An interesting takeaway from this chapter is digital rights management (DRM). While it restricts what people can do with data, it can also be easily circumvented leading to data loss. A simple example presented in the reading is that an organization may restrict an individual from downloading, saving, modifying, printing, etc., a document, but there is nothing preventing a person from taking a screen capture. The book suggests that this can be easily mitigated by presenting partial information by hiding contents, formulas, etc. But this seems far too simple of an approach for threat actors in today’s environment who are well equipped to breach the security systems and cart off with copies of the actual document/data.
Hi Lakshmi,
Sadly, there’s always going to be a way to circumvent whatever. That being said, we should always strive to be constantly securing our data no matter how big a challenge. Any step in the right direction, no matter how small, is always a good step.
Managing data is important for businesses that rely heavily on computing technology. If steps are not effective in protecting corporate data, it can lead to a number of serious issues including damage to one’s reputation and a lost in financial assets and company data. This is why the “data backup” process has been relied on to create a copy of data that can be recovered in the event of a data loss or breach. The Continuous Data Protection (CDP) process stood out to me for the simple fact that its backup data protection is nonstop and with real-time backup, there is no limit to restoring data, little to no data is loss, and if one site flops, another is there to assist in updating the backup protection.
Hi Christopher. That’s an interesting point that you bring up. Organizations are now more diligent in managing their data especially in protecting their data. This is why many companies and organizations are now using the cloud to store their data since their information can be better stored and retracted. Also, the cloud allows data to be continuously synchronized and up to date with the server. At the same time, having appropriate technical controls is essential in order to backup data stored on the cloud.
Christopher,
Your presentation of CDP is an important that is probably overlooked. I like how you highlighted and emphasized in this weeks reading. I know that this concept definitely should be considered for the government to help ensure that they are able to fulfill the “Open Records Requests”.
In this chapter, I learned about the importance of Data Recovery and backup methods. The most common type of backup is file/directory data back up, this way only backs up data but not applications or their program settings, or any customization settings. This type of backup focuses on specific areas and is more common especially for daily use, for example, someone like me and you might choose to back up our photos and videos once a month. Image backup is when the entire hard drive is backed up to media, including personalized settings. The image backup includes everything, and a broken hard drive could be recovered in a new machine. This is the slowest kind of backup and doesn’t happen as frequently. Shadowing is when a backup of each file being worked on is written every few minutes to another hard drive or location. This is a real-time backup, with the previous two, everything created or changed after the file backup or image backup is lost. However, because it’s real-time, the storage for shadow backup is limited. When it is maxed out, the oldest files are deleted to make room for newer files.
This chapter emphasize the importance of data protection including data encryption, access limitation, and backup. One key point that I took from this chapter is how a system could increase both the reliability and speed of hardware backup by using an array of drivers. In a system with one hard drive, a disk failure can lead to catastrophic data loss. With multiple drives in one system, failure of a single drive in the array would not precipitate data loss. An array of drives can also increase read-write performance. Disk performance is increased because data can be written to, or read from, multiple disks simultaneously. In addition, disk arrays help manage enormous amounts of data efficiently and reliably.
One key takeaway I had from this reading was the topic of data storage policies. Policies around backups are vital and can help mitigate the risk of a company losing all of its data. A company needs to determine where the backed-up data will be stored. This storage site should always be separate from the main site. Companies also need to provide a frequency for the backups. This amount of time will vary based on the company and the risk tolerance of the IT department. The next policy decision that needs to be made is the encryption of the backups. These backups should always be encrypted to avoid data being read in transmission. Finally, companies need to have access control policies around their backups. Since backups contain sensitive information, access to backup data should be extremely limited.
Encryption backup protection surpasses email passwords, so I would certainly go for this kind of policy decision. This protection has another layer of security by the encrypted backup that prevents unauthorized people from tampering with the data.
RAID is a common configuration found in corporate environments big and small. Cloud service providers aside, RAID configurations provide organizations with a level of redundancy and performance increases based on specific RAID configurations.
Desktops and personal computers are often not configured with RAID. AS redundancy and reliability requirements increase, more complex RAID configurations are able to provide higher levels of fault tolerance and faster throughput. However, the increased RAID configuration will increase the overall cost of the setup, including that involved with the number of disks and host machines.
The most interesting part of the chapter for me was 9.4, Data Storage Policies. Every company should have strong policies and this section specifically walks and explains why each policy or subtopic of a security policy is important:
1. Backup Creation policies: should address, what data should be backed up and how frequently
2. Restoration Policies: should test and audit a sample restoration to confirm that is works
3. Media/Storage Location Policies: How can data be stored and where can this backup physical copy be kept
4. Encryption policies: Should mandate that all backup data be encrypted
5; Access Control policies: Should limit who has access to the backup data
6: Retention Policies: What data will be kept for how long.
7: Audit: Of course audits should occur to help ensure compliance.
I particularly found the retention section valuable and hope that each company has a specific retention policy that covers what data will be kept for how long and in what medium.
This section wraps up nicely with the training section. The human is the biggest risk factor and reason for noncompliance so ensuring that the employee is trained on the risks and the policies is helping to ensure compliance.
These policies are well needed. Organizations need to ensure that the steps they took to have good data storage policies are greatly secured at every level. The retention policy is also key in managing and protecting important data to evade from any financial losses from poor data management policies.
Whenever I think about Data Protection, I always think about the balancing act between Confidentiality, Integrity, and Availability. You can never talk about 1 of the 3 without bringing up the others. While data protection is obviously important, and I say this all the time, you wouldn’t buy a $1000 safe to hold $100. The same goes for the other two. It is important that no matter what decisions we are making, that we are always trying to maximize business value. The best way to protect data is to keep it offline and put it in a safe and drop it at the bottom of the ocean. The data might be secured, but it becomes worthless to you because it has virtually no availability. One of the main topics in this chapter is data backups. Having backups is essential because it can literally save your business, but then you have to sacrifice some confidentually. After all, the more copies you have of something, the less secure it becomes.