Tag Archives: ISO

Points to Consider Before Selecting the Best Cloud Backup Provider

August 4, 2016 Rob Mackle

Cloud backup has become popular in the cloud technology space due to its automation capability, effectiveness and reliability. Advanced cloud backup technology offers a variety of services to customers and businesses. Therefore, it has become essential to consider basic factors before selecting a backup service provider. Businesses must know the relevant questions to distinguish between business grade and customer-focused services in order to meet their needs.

Versatility and Performance

Companies could reduce data backup time if they choose a cloud backup services. It is a specialty service that provides not only faster backups, but also faster restores as compared to traditional options, like tape.

There are many backup service providers that offer remarkable figures to show how helpful their procedure is in minimizing the data volume that is backed up on daily basis. The statistics differ in various environments, so it is essential to get proof of advertized statistics. In addition, the service must support different type of platforms and apps like Mac, UNIX, Linux, Windows, Oracle, Dynamics, SharePoint, SQL Server, VMWare, Hyper-V, and Microsoft Exchange.

Questions to Ask:

1/ How does the duplication process work? Is the process file level or block level?

2/ What is the type of applications and operating systems that are supported by this technology?

3/ Is it possible to use a customized service to meet business needs?

4/ Is it a hybrid cloud supported service?

Compliance and Security

When companies manage confidential information, it is obligatory to consider compliance and security measures. Many service providers give guarantees of encrypted data at all stages. They make sure that the encryption key is not accessible by employees or other third party service providers.

Some service providers are ISO certified, perhaps ISO 9001 and ISO 27001. These certificates give proof that the service provider has serious intentions towards data protection and management.

Some companies are unwilling to backup their data outside of Europe or USA due to security concerns and legislative issues. Before selecting a service provider, companies need to check as to where the data will reside.

Questions for Comparing Service Providers

1/ How does this service provider encrypt data?

2/ Does the provider focus on consumers or is it a business solution?

3/ What are the types of data centers in which data will be stored?

4/ Will the service provider deduplicate data? If so, what is the procedure of deduplicating encrypted data?

5/ Is the provider certified for an ISO? (ISO 9001 and ISO 27001)

Pricing

Pricing is an important factor for businesses while considering a backup service provider. Transferring expenses from CAPEX to OPEX model is a significant factor; as many companies have a preference for CAPEX for accounting purposes. Some service providers can give high value and quality service with reasonable rates that can meet business needs of all customers.

Questions to Ask

1/ Does the provider charge for download and upload of data?

2/ Does the price depend on licensing or cost per GB?

3/ Are there any extra charges?

4/ Does the provider send quarterly, monthly or annual bill with arrears or in advance?

Availability and Service Levels

To select a reliable platform, get some references from existing customers in similar industry. Companies can ask about assurances related to uptime, downtime, the type of disk to save data (age, RAID and drive specification), nature of resilience in network, location of the support team and their availability through email and telephone.

Vendor lock-in

Before finalizing a provider, ask about their shortest contract period and the level of services they provide. Inquire about restrictions regarding terminating the service, cost and procedure for accessing and downloading data after cancelling the agreement.

Is your backup provider ISO certified?

August 31, 2012

When it comes to choosing a backup provider, businesses want some assurances that the provider can securely protect their data to ISO standards. Many providers will claim to have the protocols in place that ensure this, but often it is difficult for customers to know if what they are being told is true.

If a company says they are a secure backup provider, do you, as the customer, have any way to check this claim without getting bogged down in all the gritty details?

Yes – is the simple answer.�In 2005, the ISO (International Organization for Standardization) published the ISO 27001 accreditation which was produced with the aim of giving customers a level of confidence when it came to choosing a company that would be handling their sensitive data. The ISO 27001 looks at the information security management system (ISMS) of the provider, which encompasses all areas of risk involved in the handling of data. This means that areas of the business, other than IT, are taken into account, i.e. is the setup of the provider’s data centre sufficient to securely transfer data?

Attaining the ISO 27001 is a three step process. The auditing company (for example UKAS) will perform an initial review of the ISMS already in place at the company and help with any issues in the design. The second stage involves testing the system to ensure it has been appropriately designed and can be properly implemented. The third stage is an ongoing review process for as long as the company has been certified to ensure that their ISMS is still compliant with the ISO 27001 standard. These reviews are conducted more often if the provider has recently attained the accreditation to ensure that they have been able to maintain any changes recently made to their ISMS.

This helps make choosing a backup provider more straightforward, as customers can trust that the provider meets a recognised standard rather than having to spend hours researching the subject. They can also be sure that in the case of a long-term contract the provider will continue to be tested and will therefore maintain the required standard throughout the duration.

It should be understood that holding the ISO 27001 is not a required standard in the backup or data storage industry. Any company who holds an ISO 27001 has therefore taken the time and effort to prove to its customer base (and all future customers) that it is capable and trustworthy when it comes to handling their data. For many companies, for instance legal practices and solicitors firms, who have to hold on to personal information for several years after they first come into contact with it, the assurance that their backup or storage provider can maintain a high level of security for the foreseeable future is an important factor in choosing the provider in the first place.

The ISO 27001 holds benefits for both the provider and the customer as it provides a bench mark that customers can look for in their provider, and the provider can aim to achieve the standard in order to gain a competitive edge over the market. Ultimately both parties can be happy that the ISMS is well tested and will keep sensitive data private.

Cloud Computing � The backbone of our digital future?

December 21, 2010

The European Commissioner Vice-President for the Digital Agenda, Neelie Kroes, in a recent address to the Universit� Paris-Dauphine, stated �cloud computing may indeed become one of the backbones of our digital future�.

During the presentation the Commissioner detailed plans by the EU to make data protection rules clear across all member states, due to difference depending on culture and legal traditions. The plan for set �cloud-friendly� rules will help complete the Single Digital Market in Europe, which she sees cloud computing being the key factor in this approach.

She goes on to state, �A cloud without robust data protection is not the sort of cloud we need. So these features should be well-integrated in the design of cloud computing products and services, from the very beginning of the business processes… the winners will be those manufacturers and services providers � from whatever country of origin � that understand the competitive advantage that in-built privacy features provide�.

Whilst these concerns are not unfounded at a European level, any reputable Online Backup and Cloud Hosting company here in the UK has strict rules it must already adhere to. The Data Protection Act 1998 prevents companies releasing any personal information to any other third party without written consent. ALL Online/Cloud Backup companies should be encrypting all its customer data anyway (an in-built privacy feature!), meaning all data cannot be read, changed or shared.

All businesses can gain certification in a series of standards to improve its data management and security. ISO 9001 and 27001 accreditations ensure a company has in place strict guidelines on how it manages and secures it�s own data as well as its customers. A properly ISO accredited Cloud Backup and Hosting company offers extra peace of mind to its clients as all its services have been independently audited and certified.

Until the �Cloud friendly� rules are clearly defined by the EU, Online Backup and Cloud Hosting companies can ensure they are already gaining the necessary certifications to meet data security and management.

Businesses ensuring data loss prevention compliance

June 3, 2010

The latest figures show that organisations and firms based in the UK are far better equipped to protect personal information and sensitive data than their European or American counterparts.

The number of firms achieving accreditation under the ISO 27001 data loss prevention standards in the UK is higher than in many other global markets, showing that there is a positive approach towards meeting recognised rules relating to data protection policies.

444 businesses and organisations in the UK have attained accreditation under the ISO 27001 standards, which places the country second in the world, with only Japan’s business community demonstrating greater compliance. Two of the world’s largest economies, Germany and America, have just 137 and 96 firms meeting the ISO 27001 requirements respectively.

Data storage and security experts believe that there is a disparity between the number of UK firms that have clearly shown support for the ISO 27001 standards in creating data protection policies which stand up under its scrutiny and the volume of reports which suggest that the uptake of compliance measures is inadequate and slow.

ISO 27001 has its origins in the UK and the figures for UK firms in compliance are perhaps lower than the real numbers because firms are failing to notify the authorities once they meet the requirements, according to data security consultant Stuart Bonell.

ISO 27001 accreditation is not managed centrally, but rather by third party firms that carry out the process on behalf of the ISO. The differing levels of compliance and the varying stages of the conformity process can also lead to significant differences in the real level of security between two different firms, according to analyst Bob Tarzey.

Some believe that security vendors are creating an atmosphere of suspicion and unnecessary fear within the UK industry in order to sell their products. It is thought that pushing for tougher and tougher regulations will always leave some firms behind and will render previously respected regulations worthless in the longer term.

It is believed that about 40 per cent of UK firms are attempting to achieve compliance with ISO 27001 standards, with regulatory bodies such as the Financial Services Authority (FSA) drawing upon it as a reference in their own work.