Regulatory Compliance

It's true to say that modern data storage regulations can be a minefield.  Rest assure that Lightsafe has been designed expressly to help navigate you through it.

Given the sprawling scope of interdomicilary data storage and usage - against a backdrop of shifting global regulatory requirements - it's hardly surprising that we have no single corporate or organisational baseline for data storage/transfer. That can make life complicated for CTOs and their compliance departments.

Lightsafe helps you check your regulatory-ciompliance boxes by identifying key players in the world of regulatory compliance - and illustrating how it helps fulfill each body's requirements. 

Any list of security frameworks and standards is likely to include:

 

GDPR - European data privacy regulations concerning the processing of personal data

HIPAA - US federal law protecting sensitive patient health information

SARBANES OXLEY - US federal law protecting shareholders and the public from corporate fraud

PCI DSS - International guidelines for companies processing credit card transactions

COBIT - Business-oriented framework to help organisations manage risk and compliance

CYBER ESSENTIALS - UK government-backed annually assessed cyber security certification

NIST - US government framework helping businesses understand and manage cybersecurity risk

ISO 27000 Series - A group of internationally-recognised standards for understanding cyber security risks and managing security

  • 27001 and 27002 (information security management)
  • 27018 (cloud computing)
  • 27031 (disaster recovery)
  • 27040 (storage security)
  • 27799 (information security in healthcare)

 

So every organisation in every business sector in every country will have a unique take on the security frameworks to which it must adhere.  This will be based on a number of factors including legal requirements in the area(s) of operation, client expectation and how backup/restore protocols might impact day-to-day operations and business continuity in the event of a disaster.. 

The chosen data backup/storage frameworks and standards will certainly include the following requirements, each of which LIghtsafe was expressly designed to address: 

 

  • Daily local and offsite backups - Easily managed through central Lightsafe platform.

  • 3-2-1 Backup strategy (3 copies of data, 2 local backups and one offsite) - Lightsafe's cloud solution gives you the security of knowing your offsite copy is secure; the simple Local Backup option also gives you the facility to automate further LAN/WAN copies of your data.

  • Physical security - Data is held, AES encrypted, in at least one Secure Data centre - under the control of a NASDAQ-listed corporation - in your region of choice

  • Account security - Protect your Lightsafe account with 2-factor authentication; additionally, all data is encrypted using your private encryption key.
  • Encryption - All Lightsafe data is encrypted at rest and transferred using military-grade AES-256 encryption.  It's not even possible for Lightsafe to access your original data (so keep your encryption keys secure!)

  • Retention - Simply choose your preferred Account/Profile/Machine retention periods through the Lightsafe platform

  • Auditing - Record and report of account logins / IP addresses, Account/Profile/Machine modifications.

  • Reporting - Lightsafe Platform gives a powerful at-a-glance summary of running, failed and cancelled jobs - and servers with no scheduled backups.  You configure your own level of granular reporting by Account/Profile/Machine - on every success/complete/failed/cancelled backup event.

  • Immutability - New changes are written to new blocks, ensuring your data is saved as immutable versions every time there is a change - up to your specified retention period.

  • Testing - Your Platform Account Overview details last machine restore date. It is always good practice to test-restore your backups.  Lightsafe will send monthly email restore reports - and also nag if you haven't restored a machine within the past quarter, all helping to meet your specified data compliance standards.

 

Each of these measures is designed to help you meet with your regulatory cyber security, data transfer and storage requirements.