What is GDPR?
On May 25th, 2018 the General Data Protection Regulation (GDPR) enters into force, a complex legislation that adds further protections for all EU citizens. The law recognizes the right of individuals to the data portability, to be forgotten, to be clearly informed on how their information is processed and to be promptly notified of any breaches in security.
GDPR and Backup, how to comply with the regulation
Among the many points mentioned by the GDPR regulation, two of the most important ones are data protection and data backup. For this reason, the topic closely concerns all Companies that store and manage sensitive user data and all those software vendors that offer data backup and encryption tools, as well as the necessary equipment to protect networks and operating systems, such as antivirus and firewalls.
Let’s go straight into the details of the legislation concerning the backup and data protection, highlighting the following points:
Article 32 – Security of processing
1) Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
a) the pseudonymisation and encryption of personal data;
b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Of the points mentioned above, two are certainly and closely related to the backup procedures. The controller of the data processing, ie the entity that stores sensitive data of EU citizens, must ensure that it has data encryption procedures and the ability to restore the access to them in case of hacker attacks or technical failures. This means having data backup procedures always active and allowing to encrypt the contents of the backup itself, in order to make it inaccessible to those who are not entitled to. Finally, the backup must be quickly restored.
To meet these two specific points, any company affected by the legislation must have a backup software and configure it according to its own data retention strategies. Iperius Backup is a software that can provide all the functionalities necessary to perfectly comply with it.
Let’s see what are the features of Iperius Backup that fulfill the obligations required by the law:
- Drive image and bare-metal restore: the fastest way to back up the whole system and restore it quickly
Iperius includes the image backup feature for both desktop and server O.S.s. This feature allows creating a complete backup with just a few clicks, including all configurations, all programs, virtual machines, databases and mail servers. The Iperius image backup format is the standard Microsoft (VHD / VHDX), that allows a fast recovery (disaster recovery) through the Windows installation disk, being independent of the hardware and the software that created the backup. Just as fast, it is possible to restore applications or individual files by mounting the image files.
- AES 256 bit client-side encryption and secure protocols
Iperius allows encrypting files and databases’ backup, mail servers or virtual machines using AES 256 bit algorithm, the current military security standard for data encryption. Iperius creates standard compressed archives (again, a format that is completely independent of the software) and protects the access to its contents. Data encryption takes place on the client side, ie before transferring the compressed backup file, for example, to off-site destinations. This ensures a high level of security in data transmission, which is also reinforced by the use of secure protocols such as FTPS / SFTP or HTTPS.
- Backup of Databases and mail servers
Iperius allows protecting those main tools in use for storing and data traffic, ie databases and mail servers. With a few simple configurations, it is possible to backup SQL Server, MySQL, MariaDB, PostgreSQL and Oracle databases. The backup can then be AES 256 bit encrypted and transferred to multiple safe destinations. The same is possible for Microsoft Exchange mail servers.
- Iperius Storage: the online backup service hosted in the EU and ISO / IEC 27001 certified
Thanks to the Iperius’ partnership with the best online storage service providers, our storage plans can boast the highest levels of security on the market. On one hand, data transfers are carried out using secure protocols such as the FTPS, on the server infrastructure side we have the most important certification for the design, development, and provision of services for: data center and infrastructure; cloud-oriented solutions in IaaS, SaaS, PaaS mode; backup and disaster recovery; email solutions. The ISO / IEC 27001 standard (Information Technology – Security Techniques – Information Security Management Systems – Requirements) is an international standard that defines the requirements for setting up and managing an information security management system (ISMS or ISMS, from the English Information Security Management System), and includes aspects related to logical, physical and organizational security. Iperius Storage is a service completely hosted on Italian data centers, and therefore on EU territory.
- VMware ESXi virtual machine replication, that allows booting the machine from its backup in seconds
Iperius allows several ways for backup and replication of ESXi virtual machines. With standard replication on datastore, the replicated machine is immediately bootable, reducing the recovery time at minimum if the main machine malfunctions.
- Incremental and differential backup of ESXi virtual machines and granular restore on a given date
Using the incremental and differential backup options, it is possible to recover a virtual machine at a specific day/backup in a very short time.
- Hyper-V backups maintaining the standard formats of virtual machines, to allow importing or booting a VM from its backup
Hyper-V virtual machines backups output the exact structure of a virtual machine with its disk files and configuration files in the original Microsoft format. Restoring them is, therefore, a matter of very short time, since you can import and register the machine in the Hyper-V console directly from its backup.
- Automatic detection of files the could have been corrupted by ransomware viruses
To make the integrity of the backups even more secure, Iperius has an advanced option that allows stopping the procedures of saving data in case of detection of possible files corrupted/encrypted by ransomware virus (such as Cryptolocker, Wannacry, etc … ). This prevents backups from being corrupted; meanwhile, an email notification can be sent to the user to make them aware of the problem.
- Scheduling of automatic backups, email notifications and centralized monitoring with Iperius Console
With Iperius you can easily plan different backup procedures, to be run in sequence or in parallel and to heterogeneous destinations. Furthermore, you can receive notifications of the results of the backup procedures, thanks to the possibility of receiving reports with errors or warnings via email. Finally, by thanks to the powerful Iperius Console tool, you can monitor all the backup procedures of the physical and virtual machines from a single centralized panel, thus being able to provide a real MSP service for all the machines managed.
- Impersonation of specific backup-reserved accounts and automatic authentication in protected network locations
To achieve maximum security and the highest level of isolation in backup procedures, Iperius can be installed as a Windows service and impersonate user accounts reserved for backups. This means that destinations, where backups are saved, can be accessed only by the software itself, thus protecting them from any other unauthorized access. Likewise, Iperius can automatically authenticate itself to any protected network destination. All access passwords are stored by the software in an encrypted form and therefore not accessible in any way. The Iperius configuration itself can be protected by a password or by specific policies in the folders that contain the configuration files.
Click on the button below to download and try Iperius Backup, the easiest and safest solution that helps your company comply with the new data protection standards.
Here are some useful links to read up on the regulation:
If you need any technical advice on Iperius Backup and the GDPR, please contact us at this address: https://support.iperius.net