Protect your data assets even as you let your employees WFH
Just because your employees are working from home, doesn’t mean you’ll have to compromise on data protection. Ensure that end-user data is being backed up and protected no matter where your employees are.
With the COVID-19 pandemic and everybody the world over battening down the hatches, you probably have a situation where an increasing number of knowledge workers are taking their work home. Fortunately, that doesn’t mean you need to give up on protecting their data assets.
Backups of user data – both user endpoints and their SaaS assets can continuously occur no matter where they are. Look for solutions which are provided as SaaS offerings where the backup processing happens entirely in the cloud and endpoint needs only a light-weight agent.
It is however important to ensure a few things when you opt for such a solution:
- Ensure that all data backup is happening over https/SSL. The data should be encrypted fully in transit.
- Ensure that the data centers where your data is going are reputed, safe and compliant.
- You shouldn’t have to open up any network ports on your endpoint. Make sure all communication happens only over port 443/https.
- Make sure the backups are fully automated via schedules or otherwise. You should be able to centrally control/manage backup behavior remotely. It isn’t practical to depend on the knowledge worker to run backups – they already have too many things on their mind.
- The solution should support integration with AD or AAD – and your users should be able to sign-in effortlessly using single-signon.
- The software should be sensitive to the fact that the user isn’t on a corporate network and be able to ration data payload and network bandwidth accordingly.
If you don’t wish to use a hosted service for backup, but prefer to have the backup data stream to your office, it is still possible to accomplish this by having your backup server placed in the DMZ with an external interface listening on port 443/https. You will want to have a hardened system behind a Reverse Proxy or Web Application Firewall, to ward off potential attackers – but it is a perfectly good way to set up a backup system that you can have full control over.
If you wish to prevent users from restoring or downloading data to an unauthorized device, the solution should also support device authentication – to ensure that the device they’re using is a company authorized device. Or the software should at least ensure that the backup / restore operation only works when they’re domain joined.
You should (in any case – Work-From-Home or otherwise), always have a way to protect end user data in SaaS applications. Email, documents etc. placed by end users in the cloud, should ideally be protected by making a safe copy to an alternate cloud.
How Parablu helps you support Work from Home (WFH) users
At Parablu, our BluVault solution is explicitly designed for such use cases. While it works great for users on-premise, it is highly effective for roaming and work-from-home users.
- All communication uses HTTPS and works using only port 443.
- All communication is encrypted using TLS 1.2 with strong ciphers.
- We host the service in SOC-2 and SSAE-16 compliant data centers. They provide SLAs of 99.9% data availability and as much as 99.999999999 (11 9s) data-durability
- Fully integrated with AD and Azure AD for authentication, SSO and also for automatic user provisioning and de-provisioning.
- Smart partial incremental backups, client-side de-duplication, and flexible network bandwidth throttling – allow you to keep end user n/w usage footprint low. You can also be selective about which folders to back up (or not) and which file types to include (or not).
- BluVault also supports device authentication with Azure AD. It can also perform domain verification before allowing a user to restore data.
- Office 365 cloud-cloud backup support
- Backup server can be hosted or implemented on-premise to allow external user backups
- Completely centralized, policy based management allows you to control thousands of users across geographies/continents through a single pane of glass.
Make the right choice
These are difficult and challenging times. But that doesn’t mean you have to compromise on the integrity of your data assets or fail regulatory compliance. Or weaken your defenses against ransomware and malicious insider deletion.
Call us for information or write to us at email@example.com.