How are Disaster Recovery (Cloud Backups) Stored and Protected?
How are Disaster Recovery (Cloud Backups) Stored and Protected?
- Online backups are stored on dedicated virtual drives, with each drive permanently attached to a dedicated virtual machine. These machines are firewalled off from all other VMs within our data center. Additionally, access to our data centers is strictly controlled. Each VM can only be accessed by customer-specific hardware gateways, which are identified by SSL/TLS certificates. In case of emergencies, Uplevel administrative staff can also access the VMs. This ensures that data from different customers are never mixed.
- Long-term archives are encrypted using AES256 before being stored.
- The transmission of data to and from the dedicated virtual machines holding the online backups is always done using AES-encrypted VPN connections, which are protected with SSL/TLS certificates and PKI (public key cryptography) with 2048-bit keys.
- Customer data held online is always isolated from both the customer LAN and any form of VPN access.
How we protect the data being stored on the gateways themselves
- The NAS drive within each gateway is fully encrypted, and can only be unlocked with a key stored in a secure area of the gateway itself.
- It is not possible to physically remove the drive from the gateway and attempt to reverse engineer the contents.
- Deleting a share on the NAS (which can be done remotely from the cloud) results in the data being irretrievably destroyed.
If You or Your Client is Concerned with How We Assist Them to Recover from Ransomware Attacks or Other Malicious Attempts to Destroy Data
The frontline of defense against ransomware is to make frequent read-only backups or snapshots of critical data. This way, a ransomware attack can be dealt with by first sanitizing all the machines on site and then restoring from the snapshot or backup. The Uplevel Gateway has storage with snapshots for this purpose, so that critical data on workstations and servers can be mirrored to the gateway and read-only snapshots can be made to allow recovery in the case of a ransomware incident. To achieve this, we use BTRFS, a modern Copy on Write (CoW) filesystem that creates locally encrypted read-only snapshots. These snapshots cannot be altered during an incident, and the data can be restored after the hosts have been sanitized.
If Online Backup is Enabled
If online backup is enabled, the encrypted snapshots are sent over an encrypted connection and remain encrypted while stored. In the case of a total loss of the Gateway, we can restore these snapshots to a new Gateway and deliver them (in most cases) to the client the next day. The files are encrypted on the drive and must connect to the cloud to be decrypted if the Gateway is stolen during shipping.
Protection of Cloud Backups
Furthermore, since the cloud backups are made using AES encrypted VPN tunnels with a secure out-of-band access mechanism (i.e., not visible or accessible to devices on the LAN), the cloud backups themselves are completely protected from any malicious threats that may be present on the LAN. No LAN device is able to reach the Uplevel cloud.
Related Articles
Uplevel Systems Storage Backup Services
Enabling Backup in the Portal Login to your Portal and choose Storage Edit each Share Choose Backup to set your back up preferences Save all the way out. Local Snapshots: (needs to be enabled in the Backup section, no extra fees) Uplevel's Storage ...
Storage - Serving QuickBooks Files
Accessing your Quickbooks file through a NAS (Network Attached Storage) device is no longer supported by Intuit. They did support storing the QB file on a NAS while running Database Helper on a Windows or Linux host for a few years. This is no longer ...
Storage Capacity of a 1TB Hardrive
In a working environment you will need a minimum of 25% free space to allow your clients to work from the disk, and to keep the file system healthy. As I am sure you are aware, a 1TB drive contains exactly 1,000,000,000,000 bytes. This is what the ...
HIPAA Compliance
Introduction This document summarizes the relevant and applicable aspects of the Uplevel system that pertain to complying with the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), specifically the HIPAA ...
WAN Failover
By default, the Uplevel Gateway failover works by sending a health check probe to three separate health check servers in our cloud every second. If no answer from any server is received for three consecutive seconds, the WAN management determines ...