Achieving SaaS Security with Connected® Online PC Backup
Today, more companies than ever recognize the value and convenience of using online backup to protect their data. Enterprises considering online backup Storage as a Service (SaaS) face these security concerns:
- Could an unauthorized individual gain access to backed-up data?
- Could backed-up data be altered?
- Will necessary data be available when needed?
- Is data safe from fire, floods, and human error?
Iron Mountain offers hosted data storage that enables customers to reduce the costs, risks, and complexity of storing and protecting their business information. With our heightened focus on security, privacy, and cost savings, Iron Mountain goes beyond simple cloud storage to enterprise Storage as a Service.
Connected® Backup For PC Security Overview
Most corporate data originates with PC users, whether in the office, or on laptops or home computers. The Iron Mountain Connected Backup for PC solution can capture and store this vital information regardless of its source — inside or outside the firewall — while dramatically reducing storage costs
However, it’s not enough to back up the data: stored backups must also be secure from outside threats. Iron Mountain meets this need with the Subscription Service solution that truly and comprehensively protects the PC data that belongs to your enterprise. Iron Mountain follows rigorous standards to keep this data safe, including security best practices and Iron Mountain-developed practices.
The bottom line: Iron Mountain takes data protection seriously and goes to great lengths to protect customer data from all credible threats. The Connected Backup for PC Subscription Service solution provides security at every level, from backup through storage to data retrieval. Hitachi calls Iron Mountain’s Connected Backup for PC solution “the gold standard for PC data protection.”
This document introduces the many security measures currently in place within the Iron Mountain data protection architecture to prevent unauthorized access or damage to customer data.
What Is Connected Backup For PC Subscription Service?
The Iron Mountain Connected Backup for PC Subscription Service solution is a client-server system for file backup from personal computers, over any TCP/IP network, to ultra-secure offsite facilities. The Connected Backup for PC Subscription Service solution is available internationally.
Connected Backup For PC Subscription Service: Security
The Connected Backup for PC Subscription Service solution provides a level of security for the customer’s data that is better than alternative practices for handling computer data. The following sections show how Iron Mountain creates a secure environment for data transfer, data storage, and account management.
Iron Mountain’s security objectives have four aspects:
Data Transfer Security.Prevents access to customer’s data during transfer for backup or retrieval.
Storage Security.Prevents unauthorized access to backed up data stored on the server.
Management Security.Prevents unauthorized access while providing client account management.
Facility Security.Iron Mountain’s physical security practices and facility hardening.
Key Security Aspects Of Connected Backup For PC Subscription Service
Data Transfer Security
The Agent is a Connected Backup for PC application that runs on every PC to manage all backup, retrieval, and heal activities at the client level. For example, the Agent scans the PC’s disk and determines what data to send to the Data Center servers at Iron Mountain’s offsite, highly available, mirrored facilities.
Data transfer security features include:
- The Agent always initiates contact with the Data Center
- SSL encryption (TLS 1.0) protects all customer information during transmission between the Agent and Data Center
- The Data Center server authenticates the Agent connection using the user encryption key, while the Agent authenticates the server using a digital certificate embedded in the Agent installation package.
- After authentication, the Agent encrypts every file flagged for backup with 128-bit Advanced Encryption Standard (AES) and sends the encrypted data to the Data Center. If enterprises use third-party encryption products, such as Microsoft’s Encrypting File System (EFS), to encrypt files on PCs, the Agent backs up the encrypted files.
- The Agent requires a valid password, or a valid technician ID and password, when a user tries to retrieve files. This can prevent unauthorized individuals who have physical access to another person’s client from performing retrieves.
- Changing the account status can temporarily or permanently prevent an Agent from backing up or retrieving files from stolen or unused clients. For example, when an employee leaves the organization, canceling their account prevents unauthorized individuals from accessing files that the former employee backed up.
The Account Management Web site is an administration tool that allows users to modify their own profile information, such as their password. The user must enter a valid password to access the Account Management Web site. The optional Myroam™ administration tool allows users to retrieve backed-up files using a Web browser instead of the Agent user interface. Only specified users and communities can access the Myroam tool.
Iron Mountain stores all backup data in secure, offsite facilities.
Storage security features include:
- The Data Center stores the 128-bit AES-encrypted files without decrypting them.
- Every account has a unique encryption key, which is used to encrypt and decrypt each file that the Agent backs up. Only the Agent that encrypted the file can decrypt it. The Agent uses 112-bit Triple DES encryption to send the encryption key to the Data Center securely. The Data Center escrows the encryption key on its secure server
- Since facility servers do not provide a view to customer data, in the highly unlikely event that an individual were able to gain access to data files on the server, that individual would not be able to view the data
Support Center technicians possess credentials consisting of a valid Technician ID and an associated password. Technician accounts can have varying levels of access to the Support Center’s features based on the permissions granted to the technician ID. For example, a given technician might have access only to specific communities.
Staff security features include:
- Access to the Data Center areas is restricted to facility administrators only
- Only Iron Mountain employees and signed-in escorted guests can gain access to the Iron Mountain facilities.
- All Iron Mountain employees receive a picture ID/card key for entry to the facility. Iron Mountain employees must display these Iron Mountain badges at all times. Card-key use logs are reported and reviewed regularly.
Iron Mountain protects over 3 petabytes of PC data for some 3 million users in its secure offsite facilities worldwide. Iron Mountain has achieved 99.99 percent uptime for ten years, with most months 100 percent.
Facility security features include:
- All data received by either mirrored facility is immediately replicated to its mirror by high-speed links.
- Outages or disasters at either facility do not interfere with the availability of the data.
- All Iron Mountain servers run a hardened version of Microsoft® Windows® 2003 Server, using Microsoft best practices and security patches and service packs.
- up-to-date virus protection: never a business interruption due to viruses.
Protecting the security of your data is central to Iron Mountain’s business values. Iron Mountain owns or leases offsite Data Bunkers that provide high-security, environmentally controlled storage for media and includes data centers with redundant infrastructure.
These Data Bunkers include the following security measures:
- 7x24 security.
- Restricted access requiring photo ID and visitor escort.
- Real-time closed-circuit TV monitoring.
- Commercial power feeds with generators for full backup.
- Clean Agent Fire Extinguishing System (CAFES) and onsite firefighting apparatus and personnel.
- Internal and external 24x7 monitoring for temperature, “waterbug” leaks, smoke, fire, and motion detection.
- External accreditation by the uptime Institute according to their Tier Classification and Performance Standard.
Connected Backup For PC licensed Product: Security
Client-side security for the Connected Backup for PC licensed product is similar to client-side security for the Subscription Service. However, with the licensed version, server-side security is not provided by Iron Mountain’s secure offsite facilities, but is the responsibility of the customer, including server-side networks, servers, firewalls, passwords, and physical facilities.
Iron Mountain is managing more than 3 petabytes (12 billion backup files) of data at its facilities. Iron Mountain has been backing up PC data since 1995,from the largest companies to small businesses. Iron Mountain delivers the expertise customers need to reduce the costs and risks of data protection and storage.
About Iron Mountain Iron Mountain Incorporated (NYSE: IRM) provides information management services that help organizations lower the costs, risks and inefficiencies of managing their physical and digital data. Founded in 1951, Iron Mountain manages billions of information assets, including backup and archival data, electronic records, document imaging, business records, secure shredding, and more, for organizations around the world. Visit the company Web site at www.ironmountain.ca for more information.
©2010 Iron Mountain Canada Corporation. All rights reserved. Iron Mountain, the design of the mountain and 1 800 FASTFILE are
trademarks or registered trademarks of Iron Mountain Incorporated and are licensed for use by Iron Mountain Canada Corporation.
All other trademarks or registered trademarks are the property of their respective owners.
||1 800 FASTFILE / www.ironmountain.ca