Forestall Data Loss and Enforce Data Security with an Air-Tight Backup Policy

  • by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd.
  • February 7, 2011
Learn strategies that are invaluable for designing and developing a backup and restore procedure capable of safeguarding the data in your entire SAP system landscape while guaranteeing adequate data protection, security, and compliance with legal regulations.
Key Concept
A backup policy covers processes and procedures of making data (or database) copies with the intent of using it to recover to an original state in the event of a disaster such as data corruption, media (hardware) failure, application bugs, or human error (such as dropping a database table). The goal of a backup policy is to have defined guidelines for restoring data; therefore, it is central for ensuring the security and protection of enterprise data.

The jewel of any organization is its data. As such, the review of backup and restore operations is one of the major controls addressed during an IT audit. This control element — backup and restore — is usually reviewed for effectiveness, relevance, and currency.

Furthermore, compliance with legal regulations such as the Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act (HIPAA), ISO 27001:2005 (Information Security Management System), and the Gramm-Leach-Bliley Act (GLBA) are some of the drivers compelling organizations to take the issue of backup and restore operations seriously. Even though these regulations might not explicitly mention backup and restore as legal requirements, a common denominator for all these regulations is the emphasis on protecting and safeguarding corporate, business, and personal data against loss. More importantly, you need to be able to make them available when needed by defined authorities, especially auditors. Although a number of organizations have put in place infrastructures and technologies (such as clustering, disk redundancy [RAID], and replication) to safeguard data loss, the role of database backup cannot be overlooked in the quest for ensuring complete data security and system availability.

Consider a scenario in which an organization is required by law to produce its yearly financial reports from its enterprise system on a particular day. You find out that there is a media failure (e.g., hard disk crash) of the main production server and there is no backup from which to restore data. This could lead to serious litigation and fines, which consequently affect the profitability of the business. In extreme cases, it could even threaten the very existence of the company. An effective backup and restore procedure is an integral part of your business continuity or disaster recovery plan.

Kehinde Eseyin

Kehinde Eseyin is a senior SAP security and GRC consultant with Turnkey Consulting (UK) Limited. He has more than eight years of SAP authorizations, GRC, and Basis experience. In the past, he has managed teams to coordinate security, GRC, and Basis administration activities within a multinational environment and operated as an independent consultant, performing SAP system audits and SAP GRC Access Control implementations. He holds a bachelor’s degree in computer science. He has different certifications, including SAP Access Control 10.0 Consultant; SAP Technical Consultant (SAP NetWeaver on Oracle); SAP Solution Manager Operations Consultant; SAP Support Engineer – SAP Solutions Manager; SAP Business One Consultant; Oracle Database Administration Professional (OCP DBA); ITIL v3; and PRINCE2. He is the co-author of SAP BusinessObjects Access Control 10.0 Application Associate Certification [Review Questions and Answers].

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.