In your role as Security Officer for your IBM System i, you need to take a lot of things into account with your...
organization's security policy. One thing you want to avoid overlooking is security for your backups.
There are several things about your system backup process that are critical to security. One of these is to make sure that your backups are actually saving everything that you need in order to get your organization back in business in the event of a catastrophic failure of your system. A few years ago, I wrote a tip on this topic that is still valid: Ensuring AS/400 backups are secure.
Auditable backup tape storage logs
Another part of backup security is making sure that the plan is properly implemented and is getting processed successfully according to your plan's schedule. The process should have a log that can be audited at any time to make sure that the process is completing successfully. All problems with the backup process must also be logged with a proper recovery process taken.
Most IBM i shops still rely on magnetic tape and tape drives, so periodic backup failures can be anticipated and recovery processes must be identified. Your backup plan must also include a regular tape drive cleaning schedule and you should make certain that the tape drive (or drives) being used are covered on your hardware maintenance contract.
Once you have backup tapes, you need to make sure the tapes are properly handled for storage off-site. A formal log must be maintained at each physical point where the tapes are processed. This includes logging them out from your computer room area and logging them in at your off-site location. If, for any reason, the tapes leave your organization's direct control (as in going through a private messenger service or going to a third-party storage service), then you must make certain that you are dealing with a reputable firm that is following proper protocol for the safe handling of your organization's data.
When dealing with a third party, there must be a positive logging process at the off-site location so that you can confirm that a transfer has been completed successfully. Any carriers you use must be bonded and insured for loss at the real cost that the loss of your data would be. When tapes are returned to you, this same logging and positive notification process must also take place. Just because data is now several months old, doesn't mean that you can let your security policy relax.
If your backups are going off-site to a third party storage location and the data contained in the backups includes sensitive or personal data (e.g., credit card numbers, social security numbers, etc.), then you should consider data encryption of the backup. There are a number of software providers for the System i that offer solutions for this.
Maintaining healthy backup tapes
Many iSeries shops that I'm familiar with have a set of tapes that they use over and over again for full system backups. These tapes, all probably purchased at about the same time, will get old and unreliable over time. Your backup plan should have a good idea of the dependable life of the tape media that you are using and plan for regular replacement of tapes as they age to the point where they become unreliable. When a tape is retired, you should have a degaussing device that will completely erase any information on the tape before it is disposed of.
Some IBM i shops are now doing some of their system backups to large local or remote storage arrays. If this is the case for your installation, this presents additional security concerns that must be addressed. With your data now stored on disk drives outside of the security implemented on your System i, you must determine if the backup storage is safe and secure as well. This will add a new level of complication as we know that non-System i servers can be plagued with security holes. An extra level of protection in this situation would be to insist that these types of backups also be encrypted as a further deterrent to potential misuse.
If you have any questions about this topic, you can reach me at firstname.lastname@example.org, I'll give it my best shot. All email messages will be answered.
ABOUT THE AUTHOR: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.