Endpoint Backup Basics

The risk of data loss can keep any IT administrator awake. Data disappearance can cause significant expense and even serious damage to the credibility of a government agency and significantly affect the productivity of individual employees and workgroups.

In the health care industry, violations of the Health Insurance Portability and Accountability Act (HIPAA), a law that protects the privacy of patient information, can range from $1,000 to $50,000 per incident. Publicly traded companies are subject to Sarbanes-Oxley compliance which promotes integrity in their accounting and auditing practices. And, of course, there is the issue of protecting intellectual property, customer data, and sensitive communications, which are often created and stored on end devices and are valuable to the organization.

IT administrators face considerable challenges protecting and securing valuable corporate data for today’s mobile workforce, with users accessing and creating data from a wide variety of locations and networks. Protect your business-critical information from breaches and leaks by choosing an endpoint backup solution that features enterprise-grade security with the strongest encryption, access control, cloud and private cloud security features, and data loss prevention capabilities.

encryption

Because endpoint devices frequently connect to unprotected networks, endpoint backup solutions must encrypt data in transit and at rest to prevent unauthorized viewing of sensitive corporate data. Data in transit must be protected with encryption such as 256-bit SSL, which allows users to securely access corporate data without the use of a VPN. Stored data must be protected with encryption such as 256-bit AES, which is established by the National Institute of Standards and Technology (NIST) and adopted by government, financial institutions, and other organizations that require the highest level of security.

Access, restores and versioning:

To fit today’s anywhere, anytime work style, choose backup software that enables data access on multiple devices, regardless of operating system, and offers users the option of self-service restore. Support for unlimited file versions is essential so that data can be restored at any time, in cases of user error or file corruption.

Make automatic and transparent backups

Backup solutions should be automatic and transparent at best, or at least trivially easy, ideally with no user interaction required. Users should be trained on how to restore information, unless IT handles this function on behalf of users.

Scalability

Particularly when bandwidth is an issue, make sure the backup solution you choose can support a globally distributed network without taxing existing systems. One of the biggest barriers to end user adoption is a backup product that slows them down.

Ease of Administration:

You have enough on your plate. Look for a system with minimal and consistent administration across all platforms. An administrator should be able to manage thousands of users in a single management console. Roles and permissions should be easy to assign and change.

Authentication and management

An enterprise-grade backup solution must provide integration with corporate directory services such as Active Directory or OpenLDAP. As businesses move toward cloud identity management tools, single sign-on (SSO) support should also be available.

Multiple deployment options: Many organizations have discrete data classifications (ie, sensitive, non-sensitive, low, medium, high security, etc.), as well as rules governing where classes of data can be stored. In organizations that are scattered around the world, these requirements can change from region to region. Find a solution that can be implemented to meet your needs; not one that requires you to wrap the data in the implementation the vendor sells.

Private Cloud Security:

For a private cloud deployment, select a solution with a server architecture that protects your network from intrusions by allowing you to block your inbound firewall ports from unsecured inbound connections. This can be done by placing an edge server in a subnet with limited connectivity (DMZ), while the cloud master and storage nodes remain behind the corporate firewall. Incoming backup and restore requests from outside the corporate network are forwarded by the Edge Server to the Cloud Master over a secure connection. Therefore, authentication and data storage happens behind the corporate firewall without opening any ports of entry.

Data Loss Prevention

34% of data breaches occur as a result of a lost or stolen device. Protect data on laptops, smartphones, and tablets from breaches and leaks with an endpoint backup solution that includes data loss prevention capabilities. Endpoint backup solutions must encrypt files on devices by leveraging endpoint operating systems’ built-in encryption technology, such as the Microsoft Encrypting File System. Administrators should be able to easily configure which files and folders are backed up to ensure sensitive corporate data is protected without requiring full disk encryption. Endpoint backup solutions should include geolocation and remote wipe capabilities. Administrators must be able to pinpoint the exact location of an endpoint device at any time and initiate a remote shutdown on a lost or stolen device, as well as configure an automatic wipe policy to wipe data if a device has not connected to the server. backup for a specified number of days.

audit trails

With the proliferation of data on laptops and mobile devices, organizations must maintain visibility and control of how regulated data is accessed, shared, and distributed to ensure compliance. Yet only 19% of IT professionals say their organizations actually know how much regulated data is on end devices like laptops, smartphones, and tablets. If your organization handles regulated data, audit trails are an essential feature to meet compliance needs, allowing stakeholders to see how, when, and where data is accessed, shared, stored, and deleted. Audit logs provide IT with insights into data activity so administrators can stay on top of data risks. When audit trails are combined with global policies that allow administrators to set privileges around data access and sharing, regulated organizations can ensure endpoint data compliance.