SureBackups with Sensitive Data

[joespirit88]

Hi,

An interesting security issue has arisen whilst setting up our SureBackup environment and I was hoping to see if anyone else has tackled the issue of sensitive data in an Application Group?

For example HR have their own servers which run payroll applications etc. To verify the integrity of the backups we were looking to set up a SureBackup fire up the lab and let them test the application manually. All Good. But everything that has occurred during the lab being up gets removed when closing down the lab so there is no trace of what data was accessed and by who, this includes safeguarding against a rogue IT employee accessing the sensitive data through the host in the background(not that I want to).

This seems like a very grey area, technically speaking I would rather know that servers and applications are working in my backups however I do understand the security implications that have to be considered when no audit trail is available.

Has anyone else thought through this dilemma? Any Advice?

[PTide]

Hi,

The first and the easiest workaround that I can come up with would be to setup access logs collection from those SureBackup machines. Actually I think that it won't hurt to have such practice in production too.

Thanks!

[joespirit88]

Thanks,

We do have SIEM in our production environment and looking into if we can get this working for SureBackups. For application specific logs which are stored in various locations on different servers as text files etc seems like a mammoth task to get running. Technically it's possible, however the IT team will know it all fits together and know how to stop this log collection if we really wanted to.

I'm not sure there is any right answer to this question, we are employed to think how to exploit the systems and put a stop to it, but then who police's the police?

[PTide]

I am afraid that there is no answer at all if you don't trust your own security team. Get a single person to be responsible for that kind of stuff, so that if something happens, you will know where to start looking for answers.
Also you inquiry sounds like "access control feature" for some monitoring tool like VeeamONE, you can leave a feature request on their forum.

Thanks!

[joespirit88]

Thanks again,

I think it's more the IT security team will need to prove that we are trustworthy to auditors if it was ever looked at. Appreciate your thoughts though!