Home » Backup Direct » Why Us » News, Articles & Reviews » Articles » General Backup Articles » Online Backup for Servers
Today, more companies than ever recognize the value and convenience of using online backup to protect their server data. If your company is considering Backup Direct's server backup service, or any other online backup service, consider these questions:
Backup Direct addresses all these concerns with the most secure solution available. For example, our online server backup service encrypts all data before transferring it from the customer’s servers. All data remains encrypted at secure offsite Data Bunkers and on optional TurboRestore (TRA) appliances.
Only the customer controls the data encryption passwords. To ensure the physical security and availability of stored data, Backup Direct uses a fully redundant vaulting infrastructure at two Iron Mountain and IBM managed underground Data Bunkers.
Security for Data in Transit
Backup Direct assures that the connection between application servers and the off-site Data Bunkers is secure. Our backup software uses the best electronic security methods available, including:
Automatic, outbound-only connections: There is no added security risk to the customer’s environment. In particular, there are no inbound connections. The software agent on a customer’s server communicates only with the backend infrastructure. The agent initiates all connections from the customer’s server (outbound connections) over two ports reserved for the backup service, or over port 443 (the SSL port) if those ports are not available. Normally, there is no need to alter the firewall security perimeter. This makes installation particularly simple and secure at remote sites.
Public key encryption for mutual authentication: There is no possibility of spoofing. The backend infrastructure and the backup software independently validate certificates each time a connection is made. This authenticates the agent to the electronic vault, and the vault to the agent.
256-bit Advanced Encryption Standard (AES) encryption of all data before transmission and storage: There is no possibility of eavesdropping on data transfer between the agent and the electronic vault, and no possibility of Backup Direct seeing your data on the vaults. 256-bit Advanced Encryption Standard is the level of encryption that banks and government agencies employ.
Customers control encryption passwords. Customers may keep their encryption passwords private, so there is no possibility of any Backup Direct employee accessing customer data. Backup Direct also offers a free, optional encryption password escrow service that enables customers to recover data even if the encryption passwords are not available.
Customers can change encryption passwords: Whenever there is a potential security breach, such as when an individual leaves a customer’s company, the customer can simply change the data encryption passwords, which is similar to changing the door locks. Older backed-up data can still be restored, but only with the new password.
Protecting encryption keys and passwords: All data is encrypted (256-bit AES) at the source, using a unique encryption key. To guard against forgetting or losing encryption keys, the backup service offers a password- protected, user-changeable, human-friendly encryption key built on top of the machine-readable encryption key. As additional protection, there is the free option to escrow the key with Backup Direct. A customer can change the password that accesses encrypted data, so that all data is only available with the new password (and not available with the old password).
Digital signatures: There is no possibility of corruption or modification of data. All communication between the Backup Direct agent and vault uses industry-standard SSL (Secure Sockets Layer). This prevents any accidental or malicious modification, and protects the integrity and confidentiality of all data.
Security for the Backup Direct Web User Interface
The Backup Direct Web user interface is convenient for customers to use because only a Web browser is needed for access. Security features of the Web user interface include:
Encrypted communication: Secure Sockets Layer (SSL) encryption protects the Backup Direct Web user interface.
Data protection: The contents of backed-up files are not accessible.
Privacy protection: Because data encryption passwords are not set or accessed with the Web user interface, even if someone steals a user's login and password, they cannot restore data, except to the machine where it originated.
Strict password rules are available: A company can set password specifications for their account, such as minimum password length, reuse policy, expiration period, and requirement for non-alphabetic characters.
Limits on insider attacks: Customers can grant users only the rights and privileges necessary for their specific job duties. For example, a help desk person might have the ability to initiate restores, but not to set or change backup policies or add other users. Similarly, an IT administrator might have some (or limited) responsibilities for servers and users where they work, but not be able to see or manipulate servers or user accounts at other locations.
Physical Security for Data Stored in Electronic Vaults
Backup Direct uses Iron Mountain and IBM owned and managed off-site data centres that provide high-security environmentally-controlled storage for a variety of media. These data centres are located in Milton Keynes and London with two EU based data centres in Amsterdam and Brussels. Each data centre has comprehensive security features including:
All data centers have achieved SysTrust® certification. SysTrust examination assures that a system is reliable when measured against four essential principles: availability, security, integrity, and maintainability.
Data Storage
All data is stored in two places - a primary and secondary data centre. When customers sign up for the Backup Direct service, their data is mirrored between vaults at each data centre site for high availability. The data centres are constantly monitored by Iron Mountain and IBM personel. In the unlikely possibility of a failure, backups are rerouted and continue automatically to the secondary data centre. When the failure is repaired, all missing backup data replicates to the repaired or replaced data centre. All other elements of the backend infrastructure, such as the Web servers, the backend database, and the command and control systems, are also fully redundant.
Storage Security
Storage security features include:
Secure, Reliable Server Protection
Enterprise sized companies including Google, Amazon, Cisco, HP, Time Warner, Price Waterhouse Coopers have all selected data backup solutions based on the same technology used by Backup Direct. Backup Direct now brings the same enterprise class technology to the small-medium sized company in an affordable backup package. Today, over 9,000 servers worldwide are under the protection of this backup technology and customers have restored over 234 million files.
Data backed up with Backup Direct is automatically off-site and safer than it is in the customer’s own facility. Customers rely on Backup Direct to have their data available when they need it, while protecting the privacy and integrity of the data.
General Backup ArticlesOnline Backup for Servers
IntroductionToday, more companies than ever recognize the value and convenience of using online backup to protect their server data. If your company is considering Backup Direct's server backup service, or any other online backup service, consider these questions:
- Could an unauthorized individual gain access to your backed-up data?
- Could your backed-up data be altered?
- Will necessary data be available when needed?
- Is data protected against fire, floods, and human error?
Backup Direct addresses all these concerns with the most secure solution available. For example, our online server backup service encrypts all data before transferring it from the customer’s servers. All data remains encrypted at secure offsite Data Bunkers and on optional TurboRestore (TRA) appliances.
Only the customer controls the data encryption passwords. To ensure the physical security and availability of stored data, Backup Direct uses a fully redundant vaulting infrastructure at two Iron Mountain and IBM managed underground Data Bunkers.
Security for Data in Transit
Backup Direct assures that the connection between application servers and the off-site Data Bunkers is secure. Our backup software uses the best electronic security methods available, including:
Automatic, outbound-only connections: There is no added security risk to the customer’s environment. In particular, there are no inbound connections. The software agent on a customer’s server communicates only with the backend infrastructure. The agent initiates all connections from the customer’s server (outbound connections) over two ports reserved for the backup service, or over port 443 (the SSL port) if those ports are not available. Normally, there is no need to alter the firewall security perimeter. This makes installation particularly simple and secure at remote sites.
Public key encryption for mutual authentication: There is no possibility of spoofing. The backend infrastructure and the backup software independently validate certificates each time a connection is made. This authenticates the agent to the electronic vault, and the vault to the agent.
256-bit Advanced Encryption Standard (AES) encryption of all data before transmission and storage: There is no possibility of eavesdropping on data transfer between the agent and the electronic vault, and no possibility of Backup Direct seeing your data on the vaults. 256-bit Advanced Encryption Standard is the level of encryption that banks and government agencies employ.
Customers control encryption passwords. Customers may keep their encryption passwords private, so there is no possibility of any Backup Direct employee accessing customer data. Backup Direct also offers a free, optional encryption password escrow service that enables customers to recover data even if the encryption passwords are not available.
Customers can change encryption passwords: Whenever there is a potential security breach, such as when an individual leaves a customer’s company, the customer can simply change the data encryption passwords, which is similar to changing the door locks. Older backed-up data can still be restored, but only with the new password.
Protecting encryption keys and passwords: All data is encrypted (256-bit AES) at the source, using a unique encryption key. To guard against forgetting or losing encryption keys, the backup service offers a password- protected, user-changeable, human-friendly encryption key built on top of the machine-readable encryption key. As additional protection, there is the free option to escrow the key with Backup Direct. A customer can change the password that accesses encrypted data, so that all data is only available with the new password (and not available with the old password).
Digital signatures: There is no possibility of corruption or modification of data. All communication between the Backup Direct agent and vault uses industry-standard SSL (Secure Sockets Layer). This prevents any accidental or malicious modification, and protects the integrity and confidentiality of all data.
Security for the Backup Direct Web User Interface
The Backup Direct Web user interface is convenient for customers to use because only a Web browser is needed for access. Security features of the Web user interface include:
Encrypted communication: Secure Sockets Layer (SSL) encryption protects the Backup Direct Web user interface.
Data protection: The contents of backed-up files are not accessible.
Privacy protection: Because data encryption passwords are not set or accessed with the Web user interface, even if someone steals a user's login and password, they cannot restore data, except to the machine where it originated.
Strict password rules are available: A company can set password specifications for their account, such as minimum password length, reuse policy, expiration period, and requirement for non-alphabetic characters.
Limits on insider attacks: Customers can grant users only the rights and privileges necessary for their specific job duties. For example, a help desk person might have the ability to initiate restores, but not to set or change backup policies or add other users. Similarly, an IT administrator might have some (or limited) responsibilities for servers and users where they work, but not be able to see or manipulate servers or user accounts at other locations.
Physical Security for Data Stored in Electronic Vaults
Backup Direct uses Iron Mountain and IBM owned and managed off-site data centres that provide high-security environmentally-controlled storage for a variety of media. These data centres are located in Milton Keynes and London with two EU based data centres in Amsterdam and Brussels. Each data centre has comprehensive security features including:
- Steel gates with 7x24 armed security.
- OSHA-certified fire brigade and EPA-certified water treatment plant.
- Redundant generators for full backup power for up to 7 days.
- Redundant bandwidth providers.
- A Level 9 (Ultra-Reliable Data Center) rating by independent security consultants BRUNS-PAK.
All data centers have achieved SysTrust® certification. SysTrust examination assures that a system is reliable when measured against four essential principles: availability, security, integrity, and maintainability.
Data Storage
All data is stored in two places - a primary and secondary data centre. When customers sign up for the Backup Direct service, their data is mirrored between vaults at each data centre site for high availability. The data centres are constantly monitored by Iron Mountain and IBM personel. In the unlikely possibility of a failure, backups are rerouted and continue automatically to the secondary data centre. When the failure is repaired, all missing backup data replicates to the repaired or replaced data centre. All other elements of the backend infrastructure, such as the Web servers, the backend database, and the command and control systems, are also fully redundant.
Storage Security
Storage security features include:
- The data center stores the 256-bit AES-encrypted backup files without decrypting them.
- Every account has a unique encryption key, used to encrypt and decrypt each backup file. Only the key that encrypted the file can decrypt it.
Secure, Reliable Server Protection
Enterprise sized companies including Google, Amazon, Cisco, HP, Time Warner, Price Waterhouse Coopers have all selected data backup solutions based on the same technology used by Backup Direct. Backup Direct now brings the same enterprise class technology to the small-medium sized company in an affordable backup package. Today, over 9,000 servers worldwide are under the protection of this backup technology and customers have restored over 234 million files.
Data backed up with Backup Direct is automatically off-site and safer than it is in the customer’s own facility. Customers rely on Backup Direct to have their data available when they need it, while protecting the privacy and integrity of the data.
