SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

Similar documents
CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators

Data Security: Public Contracts and the Cloud

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD

Mobility Policy Bundle

Compliance and Privileged Password Management

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

Demonstrating Compliance in the Financial Services Industry with Veriato

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR SARBANES OXLEYANDCOBIT

Compliance in 5 Steps

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Document Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.

Tracking and Reporting

PCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

1.2 Participant means a third party who interacts with the Services as a result of that party s relationship with or connection to you.

Oracle Database Vault

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

ALERT LOGIC LOG MANAGER & LOG REVIEW

Table of Contents. Preface xiii PART I: IT GOVERNANCE CONCEPTS. Chapter 1: Importance of IT Governance for All Enterprises 3

Administration and Data Retention. Best Practices for Systems Management

IBM Internet Security Systems October Market Intelligence Brief

efolder White Paper: HIPAA Compliance

Complete document security

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Optim. Optim Solutions for Data Governance. R. Kudžma Information management technical sales

Putting It All Together:

Security Policies and Procedures Principles and Practices

Information Security in Corporation

Frequently Asked Question Regarding 201 CMR 17.00

HIPAA Compliance Checklist

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Information Security Risk Strategies. By

Development of your Company s Record Information System and Disaster Preparedness. The National Emergency Management Summit

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

What can the OnBase Cloud do for you? lbmctech.com

Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement

COBIT 5 With COSO 2013

Building a Case for Mainframe Security

01.0 Policy Responsibilities and Oversight

The ProcessGene GRC Suite. Solution Presentation

Tokenisation: Reducing Data Security Risk

RECORDS AND INFORMATION MANAGEMENT AND RETENTION

The Convergence of Security and Compliance

Security of Personal and Financial Information.

Sarbanes-Oxley Act (SOX)

AWS continually manages risk and undergoes recurring assessments to ensure compliance with industry standards.

NYDFS Cybersecurity Regulations

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

HIPAA Technical Safeguards and (a)(7)(ii) Administrative Safeguards

Is Your Compliance Strategy Putting Your Business at Risk?

TB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored

Document Title: Electronic Data Protection and Encryption Policy. Revision Date Authors Description of Changes

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer

The 11-point checklist for SMB Microsoft Azure Cloud users

GuardTower TM White Paper. Enterprise Security Management Systems

ARE YOU READY FOR GDPR?

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

ProCloud An Overview

Mitigating Risks with Cloud Computing Dan Reis

HIPAA Controls. Powered by Auditor Mapping.

CCISO Blueprint v1. EC-Council

DeMystifying Data Breaches and Information Security Compliance

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

CERTIFICATE POLICY CIGNA PKI Certificates

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

Checklist: Credit Union Information Security and Privacy Policies

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Cloud Communications for Healthcare

Secret Server HP ArcSight Integration Guide

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Healthcare Privacy and Security:

The Impact of Cybersecurity, Data Privacy and Social Media

Choosing the level that works for you!

COMMENTARY. Information JONES DAY

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Finding and Securing ephi in SharePoint and SharePoint Online

TRACKVIA SECURITY OVERVIEW

Mobile Device policy Frequently Asked Questions April 2016

GLBA, information security and incident response a compliance perspective

What To Do When Your Data Winds Up Where It Shouldn t

VMware, SQL Server and Encrypting Private Data Townsend Security

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Information Lifecycle Management for Business Data. An Oracle White Paper September 2005

Workday s Robust Privacy Program

USE CASE FINANCIAL SERVICES

Transcription:

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

THE INTERSECTION OF COMPLIANCE AND DIGITAL DATA Organizations of all sizes and shapes must comply with government and industry regulations. Some regulations are limited to public companies, while others are relevant only to certain verticals. Many regulations cut across type, size, and industry in their impact. In addition to legally mandated requirements, many organizations voluntarily adopt quality and process standards (such as Six Sigma or ITIL) or establish performance guidelines that impact employees and customer agreements. Adhering to these standards brings with it additional (and not always overlapping) sets of rules. In compliance with these standards, regulations, and rules - or just to maintain best practices - most organizations are implementing some degree of business continuity or disaster recovery plan. While most information can (at least in theory) be recorded on paper, virtually all organizations now keep personnel, customer, financial, transactional and other records in digital format. Indeed, in this day and age, most organizations operate at the intersection of compliance and digital data. After all, compliance and digital data have become inextricably intermingled. Compliance is only manageable when information is digitized, and the proliferation of digital data makes compliance more essential. Organizations need to be following a set of rules about how to manage the growing stores of digital information they are accruing. The bottom line: Whether legal requirements are in place, whether the rules and regulations are selfimposed, or whether there is a combination of factors in play, prudent business practice calls for backing up and securely housing digital data. Sarbanes-Oxley Act (SOX) Gramm-Leach-Bliley Act (GLBA) or Financial Services Modernization Act Payment Card Industry Data Security Standard (PCI DSS) Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and Clinical Health Act (HITECH Act) U.S. Securities and Exchange Commission (SEC) Basel II Red Flags Rule Statement on Standards for Attestation Engagements (SSAE) 16

THE INTERSECTION OF COMPLIANCE AND BACKUP Compliance-related requirements need to drive the backup strategy, and the backup strategy needs to support whatever compliance-related requirements an organization has in place. What does having and enforcing a backup strategy accomplish for an organization? For one, it demonstrates to regulators and auditors the capability of protecting and restoring critical data. It can also get databases quickly back in business after a disaster occurs - whether from terrorist attack or hacker intrusion, hurricanes or a burst pipe, or just plain human error. Further, it can help protect and defend organizations when litigation arises from employees, customers, competitors, or regulators. WHY ANY OLD BACKUP WILL NOT DO It is not just a matter of backing up. It is also important how databases are backed up. There is a set of technical requirements that must be satisfied to use a backup solution for compliance purposes. These are: Encryption in transit Encryption at rest Access controls Audit trails Where backed up data is kept (for example, off-premises, in country) The ability to determine what types of data get backed up The ability to set frequency of backup The ability to satisfy restoration time requirement Any company that maintains personally identifiable information on employees (for example, Social Security numbers, proof of citizenship) has obligations attached to the maintenance of this data. The same holds true for organizations holding confidential customer information (for example, credit card numbers, banking information). These obligations revolve around keeping information private and confidential, keeping information secure from unauthorized access, and just plain keeping information for whatever the requisite retention period is.

There is no need to delve into much (if any) detail on why these requirements make the list. They are all more or less self-explanatory. Two not-so-self-evident issues are worth pointing out here: 1. Tape-based backup, which requires manual intervention, is an inherently insecure process and will fail to meet the compliance threshold for regulations regarding data privacy. Tape-based backup may further fail the test when it comes to satisfying time-to-restoration requirements. 2. All automated software backup solutions are not created equal. When choosing a solution, do so with full awareness of what the compliance needs are of an organization. IDERA SQL SAFE BACKUP IDERA Safe Backup is well-suited to meet the compliance needs of so many organizations. Separation from Actual Data SOX financial reporting data Basel II financial reporting data GLBA nonpublic personal information PCI personal account number SQL Safe Backup does not look at any data within the database. Instead, it asks SQL Server to perform backup and restore operations. Consequently, SQL Server is the only application that interacts with the data. Encryption at Rest SOX financial reporting data Basel II financial reporting data GLBA nonpublic personal information PCI personal account number With SQL Safe Backup, encrypt using AES 256 encryption the data as it is written to disk.

Audit Trails HIPAA for information systems containing protected health information SOX PCI With SQL Safe Backup, each time a task (backup, restore, or merge) is performed, Iog information on (for example) what database and database files were involved, and where data was backed up or restored to. Determine What Types of Data to Back Up SOX financial reporting data HIPAA electronic protected health information With SQL Safe Backup, select any combination of files and folders to be excluded from the continuous data protection policy and add advanced rules using patterns to exclude only certain file types. Set Backup Frequency and Retention Times SOX sets minimum number of periods for retaining data and audit trails HIPAA sets varying length requirements for the health records of adults and children With SQL Safe Backup, schedule server backups as frequently as every 15 minutes and set how many recovery points to retain. Also, configure how much history to retain in the repository database. Moreover, configure the frequency at which backups created through policies are kept on disk (that is, automatically purge backup files). Satisfy Restoration Time Requirements Regulations vary broadly by industry and individual, organizational needs. With SQL Safe Backup perform restores as fast as possible, and faster than virtually any competitive offering.

There is a final way in which IDERA Safe Backup is compliance-ready. The best-intentioned compliance and backup strategy will live only on paper if it is difficult to implement and time-consuming to deploy on a regular basis. Unlike solutions that may take hours to install and configure, IDERA Safe Backup is built for download and go, with no professional services required. Once IDERA Safe Backup is up and running, tasks are automated, saving administrative time, eliminating the possibility of forgetting about it, and decreasing the likelihood of human error. Given the simultaneous explosion of digital information and compliance requirements, having a sound, workable backup and restore policy is essential. So is the ability to carry through on that policy. IDERA Safe Backup stands at the intersection of compliance and backup with a solution that lets organizations of all shapes and sizes put compliance into practice, cost efficiently and time effectively. SQL SAFE BACKUP AUTOMATE SQL SERVER BACKUP ACROSS YOUR ENTERPRISE Backup faster and save space via dynamic compression with encryption Choose from multiple options for recovery Ensure organizational compliance via policy-based management Reduce failures due to temporary network problems Receive alerts and create reports with centralized web console Start for FREE IDERA.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback