Backups, Disaster Recovery & Security – Wrap Up

Backups, Disaster Recovery & Security – Wrap Up



In this last installment we will wrap up our discussions on Backups, Disaster Recovery and Security in relation to your RDA system. Here are links to installment #1#2#3 and #4.   

I hope this series has been informative and helpful. I appreciate these topics are not part of your daily operations. However, I feel they are important and, as good stewards, we need to review them from time to time. 

In regards to your system, I feel we have checked most of the boxes pertaining to Backups and Security Risks. The one area I would like to explore further with you is that of disaster recovery plans.  Watch for another post coming soon discussing Disaster Recovery options with RDA.

A quick recap of previous posts: 

Backups

RDA backs up your data every night and stores the data backup file in a secure data center on the west coast. When needed, a data backup file can be manually restored to your existing cloud server. 

Disaster Recovery Plan

A plan to restore an organization to normal operations from a catastrophic infrastructure failure or crippling security breach.

Security Risks

Physical and Cyber risks can be reduced via:

  • Critical applications in the Cloud
  • Strong password management
  • Flexible application security
  • Comprehensive Disaster Recovery Plan 

Thank you for joining us on this important journey. We only scratched the surface on these topics.  Prayerfully, it has been enough to start discussions on your end as to what is best for your organization.  

If you would like to learn more about the these topics, please contact Mimi English (mvenglish@rdasys.com)




Backups, Disaster Recovery & Security – Part IV

Backups, Disaster Recovery & Security – Part IV


This is the fourth installment in a series of discussions on Backups, Disaster Recovery and Security.  Here are links to installments #1#2 and #3.

In this installment we will focus on Security and RDA. Webster’s 1828 dictionary defines Security as: Protection; effectual defense or safety from danger of any kind; as a chain of forts erected for the security of the frontiers. In this article we are reviewing the security measures for the protection of your highly sensitive RDA data.

We will look at two aspects of security risks: 

  • Physical 
  • Cyber

Physical Risk:

As discussed previously, more and more organizations are moving their mission critical data and processing to the cloud. We believe this is a great first step to increased security.  Moving servers offsite to the cloud eliminates the huge risk of physical access to the hardware. 

With the older on premise servers model, the majority of computer data security breaches are by in-house staff. Moving servers to the cloud eliminates this exposure. It is the business of Cloud Service Providers (CSP’s) to protect data.  They think about it every day. Access to servers and other supporting hardware is monitored and highly controlled.

Cyber Risk:

Cyber risk is from attacks via the internet or internal network. CSP’s have robust internal controls and auditing to protect against cyber access to customer data. Each RDA clients server has its own secure connection via a Secure Socket Layer (SSL). SSL is the standard security technology for establishing an encrypted link between a cloud web server and a browser. This link ensures that all data passed between the web server and browser is encrypted and remains private.

In addition to the above, RDA software has powerful security features built in.  User password security is a key component. RDA supports passwords up to 60 digits in length. The more digits in a password, the more secure.  Short phrases as passwords are even better. RDA clients have the option of mandating periodic password changes for their users. Mandating password changes is highly encouraged by RDA.

Security of stored passwords is critical. RDA stored passwords are “salted” for better encryption and security.  Salts do not have to be memorized by people. They can make the size of the encrypted password prohibitively large without placing a burden on the users. Since salts are different in each case, they also protect commonly used passwords, or those users who use the same password on several sites.

Application Security within RDA can be managed at the following levels:

  • Module
  • File
  • Record
  • Field
  • Process

The ability to configure security at these key levels provides your team with access only to the RDA data needed to fulfill their roles.  All other RDA data remains securely protected.

A final layer of security is having a solid Disaster Recovery (DR) plan. We know not the future. In the unlikely event of a new type security breach like ransomware, the only option to regain control of your system and sensitive data may be to execute your DR plan. A good DR plan would allow you to gracefully spin up a new un-compromised system in a matter of hours. 

We believe cloud servers, robust password security and multilayered security within RDA applications provide a solid line of protection against traditional attacks.  A comprehensive disaster recovery plan provides protection against any new intrusion technology like ransomware.

If you would like more information on RDA security, please contact Mimi English (mvenglish@rdasys.com).




Backups, Disaster Recovery & Security – Part III

Backups, Disaster Recovery & Security – Part III


2019 Government Ransomware Incidents

In this installment we will focus on Disaster Recovery (DR) and RDA.  More and more organizations are moving their mission critical data and processing to the cloud. We believe this is a good first step to minimize the risk of disasters and security breaches. In the last couple of years Disaster Recovery solutions have evolved to further minimize these risks. 

As shared in the first installment – Disaster Recovery (DR) involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster or a crippling security breach. 

Last time, we discussed RDA Data Backups.  In short, RDA backs up your RDA data every night and stores the data backup file in a secure data center on the west coast. When needed, a data backup file can be manually restored to your existing cloud server. 

How does Disaster Recovery differ from Data Backups? The focus of RDA Data Backups is on maintaining the integrity of your RDA data.  If your RDA data is deleted or corrupted, a Data Backup File can be manually restored to get you back to normal operations. Disaster Recovery is focused on managing a bigger event. It’s purpose is to restore an organization to normal operations after a catastrophic infrastructure failure or crippling security breach.

Natural Disasters

There are two important numbers when planning for disaster recovery. 

Recovery Point Objective (RPO) – The amount of RDA work or data you can afford to lose from a disaster or breach. This is measured in time: days, hours, minutes or seconds. With nightly backups, the RPO can be as high as a full day’s work. For example, if a system disaster happens at 4:30 PM, a day’s work is lost. Or, if you wish to limit losses to no more than ½ of a day,  backups at noon and midnight are required. How much data or work can you afford to lose? 

Recovery Time Objective (RTO) – When a disaster or breach occurs, RTO is the length of time it takes to return operations to an acceptable level of functionality. Recovering from a disaster or breech includes more than just restoring your RDA data backup. Some of the steps involved are:

  1. Initiating help desk request
  2. Diagnosing & verifying problem
  3. Procuring new server hardware in a different (secure) region
  4. Loading & configuring the server operating system
  5. Loading current RDA programs onto the new server
  6. Loading and Restoring the RDA data backup
  7. DNS Updating (Domain Name Servers (DNS) are the internet’s equivalent of an address book)
  8. After the disaster is over, restoring your RDA system to the original server location (region)

 All of these steps take time. The question for determining the RTO is: How long can you afford for your RDA system to be down?

Once these two Objectives are defined, an appropriate DR plan can be formulated. Much like insurance, a DR plan can be designed to meet all risk levels. 

Disaster Recovery has changed quite a bit over the last few years. Planning ahead ensures that if a disaster or breach does occur, a plan is in place to restore operations in a graceful, coordinated and timely manner. It is best when the outcome is never in doubt. 

If you would like more information on Disaster Recovery Plans, please contact Mimi English (mvenglish@rdasys.com).

Our next installment in this discussion will be an overview of Security and RDA.




Merry Christmas & Happy New Year!

Merry Christmas & Happy New Year!

Wishing you joy and peace now and always!!

From the team at RDA Systems!


Sharing in the harvest. – Your blessings continue to allow us to serve thousands of those in need through local and international ministries. For more information on how your partnership helps those in need, please visit these ministry web sites:

RDA will be closed for Christmas and New Year Celebrations:

  • Tuesday December 24       
  • Wednesday  December 25    
  • Wednesday January 1   

Backups, Disaster Recovery & Security – Part II

Backups, Disaster Recovery & Security – Part II


This is the second in a series of discussions on Backups, Disaster Recovery and Security. 

This time we will focus on RDA Data Backups.  As we learned last time, when one “backs up”(v) their data it creates a “backup”(n) of their data.  

From wikipedia – In information technology, a backup, or data backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event. 

The RDA data backup process creates a copy of the current RDA data on your cloud server.  Each night, RDA’s process automagically gathers all (thousands) of data files on your server and compresses them into a single file, a data backup file. After the data backup file is created, it is moved across the internet to a data server located in a secure data center on the US west coast. Confirmation is provided upon successful completion of the process.

A multi-day backup rotation scheme is used.  Multiple backups are always stored at the secure data center. Each backup that is loaded nightly on the remote data server, replaces the oldest backup on that server. In addition, a backup for each month is retained.  

The purpose of an RDA backup is to mitigate the risk of a data loss event.  A backup can be used to recover data after its loss from data deletion or corruption, or to recover data from an earlier time. Some consider the backup a very simple form of disaster and security breach recovery. 

What is not included in the RDA data backup is your cloud server and its operating system files and configurations. Without a server and system files and configurations, RDA software can not function. In addition,  a RDA data backup file restore time is not guaranteed. These are important points as you consider disaster and security breach risks. More on this in a future installment.

In short, for the majority of our clients, RDA backs up your data every night and stores the data backup file in a secure data center on the west coast. When needed, a data backup file can be manually restored to your existing cloud server. 

If you would like more information on your existing RDA Data Back Up Plan, please contact Mimi English (mvenglish@rdasys.com).

Our next installment in this discussion will be an overview of Disaster Recovery and RDA.