Forestall Data Loss and Enforce Data Security with an Air-Tight Backup Policy

  • by Kehinde Eseyin, Security Architect
  • February 7, 2011
Learn strategies that are invaluable for designing and developing a backup and restore procedure capable of safeguarding the data in your entire SAP system landscape while guaranteeing adequate data protection, security, and compliance with legal regulations.
Key Concept
A backup policy covers processes and procedures of making data (or database) copies with the intent of using it to recover to an original state in the event of a disaster such as data corruption, media (hardware) failure, application bugs, or human error (such as dropping a database table). The goal of a backup policy is to have defined guidelines for restoring data; therefore, it is central for ensuring the security and protection of enterprise data.

The jewel of any organization is its data. As such, the review of backup and restore operations is one of the major controls addressed during an IT audit. This control element — backup and restore — is usually reviewed for effectiveness, relevance, and currency.

Furthermore, compliance with legal regulations such as the Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act (HIPAA), ISO 27001:2005 (Information Security Management System), and the Gramm-Leach-Bliley Act (GLBA) are some of the drivers compelling organizations to take the issue of backup and restore operations seriously. Even though these regulations might not explicitly mention backup and restore as legal requirements, a common denominator for all these regulations is the emphasis on protecting and safeguarding corporate, business, and personal data against loss. More importantly, you need to be able to make them available when needed by defined authorities, especially auditors. Although a number of organizations have put in place infrastructures and technologies (such as clustering, disk redundancy [RAID], and replication) to safeguard data loss, the role of database backup cannot be overlooked in the quest for ensuring complete data security and system availability.

Consider a scenario in which an organization is required by law to produce its yearly financial reports from its enterprise system on a particular day. You find out that there is a media failure (e.g., hard disk crash) of the main production server and there is no backup from which to restore data. This could lead to serious litigation and fines, which consequently affect the profitability of the business. In extreme cases, it could even threaten the very existence of the company. An effective backup and restore procedure is an integral part of your business continuity or disaster recovery plan.

Kehinde Eseyin

Kehinde Eseyin is a security architect. He holds a bachelor’s degree in computer science. He has about 12 years of IT security, governance framework, IS risk, and compliance experience gained by working in numerous global organizations. Over the years, he has demonstrated competencies in security design, information assurance, cyber security, data privacy, threat and vulnerability management, penetration testing, business architecture, project management, IT audit, IS controls framework, and identity and access management.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.