The physical security of data storage devices is for most of us a matter of good housekeeping and normal security measures that are in place to protect all the need in our day to day lives.
Going back a couple of weeks, one of the best security steps is cutting down on the number of places in which data are kept. It is much easier to protect one room than several, plus briefcases, rucksacks, pockets and any number of other places where modern technology has enabled us to store data.
Even better, off site data storage in a secure facility places the onus of looking after the hardware containing your information onto someone else. Having a central information repository and accessing that through whatever devices you use makes for a lower level of worry, leaving you more capacity to think about what you are doing, rather than wondering if everything is safe.
Cloud options obviously look very appealing, but there is just one teeny word of caution here, in that the policies required to comply with GDPR need to state where personally identifiable data are kept, as well as who is responsible for the safety and security of said data. Many 'free' cloud offers don't meet this criterion, so paying for storage off site will be very much the order of the day. Asking the questions of potential suppliers of storage space is essential to ensure compliance. The nice thing again is that when you get the right answers, it does mean that security is to a degree, someone else's problem.
So, your data is stored off site, so you can relax then? Well, very nearly. The question arises of backup copies now. It has always been promoted as good practice to hold a backup copy of your most important data in a different location to the working copy, to protect against disaster, power failures and hardward loss. It would seem sensible therefore, to back up your remote data to a storage device held lo cally. Security of that device is your own responsibility. An external or network drive in an obscure location within your office, protected by the alarms and CCTV systems that protect everything else is a better option than the built in hard drive of your laptop for example.
What we may or may not include in backups will be looked at next week. For the meanwhile, it may be worth just taking a step back to get a long, hard look at your physical security so that you can write your policies with confidence.
See more news items in our blog.