3
April 2012

Back-up protocols often ignore security devices

Andy Harris

Osirium (https://osirium.com) a leader in Privileged User & Infrastructure Management has today warned organisations to carefully review back up policies that extend beyond file servers and user access devices.

Uncovered during research conducted by QuoCirca, for Osirium, the lack of back-up processes associated with security devices became quickly apparent.  The study found that in around 50% of organisations, such devices do not get backed up weekly, and fewer than 30% ran back-ups daily.  It was also found that device problems would often take hours to get them functioning again, particularly if the system administrator needed to rebuild the device using out of date settings or, in the worst case, from scratch.

“The risk value of backing up these devices should not be under-estimated,” said David Guyatt, CEO at Osirium. “Firewalls often have complex rules programmed into them whilst content filtering devices contain policies about what users can and cannot do with content, so the operational risk from losing these security services without any reliable backup and restore process escalates considerably.

Most organisations use a wide range of security devices from an equally wide range of network and security vendors, so the issue in question perhaps becomes more about managing the many different back-up protocols associated with each vendor device because they’re often seen as complex, costly and resource intensive. Organisations often don’t allocate sufficient budget to manage this adequately, which was further reflected in the research statistic that 42% of organisations  have 30 day gaps between backing-up security devices”.

Whilst organisations do try to backup critical devices and servers at regular intervals these are often conducted under excessive workloads.  Back-up goals get compromised so critical servers become a priority whilst back-ups on the less obvious, but just as important infrastructure devices, are often delayed,

Guyatt continued, “Rather than having a specific backup up process in place for each device Osirium offers a single interface, multi-vendor solution that automates these back-ups across a wide range of products to bring control back within the organisation.”

Specifically, Osirium allows organisations to schedule, or select, individual device configuration back-ups and automatically scale the task across multi-vendor infrastructures as well as running back-ups before and after configuration changes, to provide ’roll-back’ services.    Furthermore, Osirium can also delegate backup initiatives to other parties, such as help desks, which allows them to execute back-ups without needing full system administrator access.