Team Technologies
Team Technologies

Benefits of hosted Disaster Recovery

In recent months, many articles have been written about the increase of cyber attacks and the difficulties of maintaining network and data security when many employees work from home and hybrid working is the norm. In announcing a consultation on countering ransomware, the National Cyber Security Centre stated  "it is an issue that senior leaders in all organisations should take seriously".  Not all organisations supply equipment to support secure homeworking and risk may be increased as a result of having home equipment - often shared with other family members - accessing company systems.

The drivers for bad actors to carry out cyber attacks vary but include financial gain and causing disruption, meaning that ransomware attacks are being targeted where there is most impact on the public, ( For example, See this article on the BBC News website.)  Should IT professionals be concerned about potential risks ? Of course : cyber attacks can render systems useless and at best will cause significant disruption, downtime while the system is investigated and restored, and potentially cost a significant amount of money even if you don't choose to pay the ransom.  It's worth remembering that a typical ransomware attack may infect your network weeks or months before actually encrypting your data : possibly rendering your backups useless too, as they may already be infected.

Whether you host your own data on premise, or utilise our hosting services, having a disaster recovery system that is not part of your own network, but is kept synchronised in near real time, could be the answer.  Where only raw data is transferred during synchronisation,  no files or executables, that may have been infected on your network, will reach the Disaster Recovery system.  We can offer a solution where all the data is encrypted in transit, and is virus checked once it reaches the DR server. The transfer of data between the live system and the DR system utilises an API that is proprietary to Team Technologies and does not rely on, for example, Windows-like protocols, meaning that it is more difficult for a perpetrator to gain access.

The disaster recovery system can be a near real time copy of the data, taking updates from your main database every few minutes. While your live system is working, there is no incoming connection allowed from the DR system : all the data transfer is achieved by the Live system "pushing" data over a virtual private network link.  If the worst should happen, you can redirect your retail systems to the DR instance in much less time than it would take to check your network, decide on a course of action and restore from backup (if you have a useable backup).

OK so that's a 'worst case' scenario - but what about human error ? How often are your backups checked to make sure that you can restore from them in the event of  a hard disk failure or other catastrophe on your live server ? The peace of mind that a disaster recovery system can bring could mean that if you aren't able to use your most recent backup, you don't need to lose days worth of data - you can switch to a database that is virtually at the same level as when your catastrophe occurred. 

Here at Team Technologies we take security very seriously. Access to our hosted systems, and transmission of data to and from them, adheres to best practice principles of security. 

1. Data in transit

When passing data between your network and your hosted system, we strongly recommend use of Virtual Private Network technology. If this is not possible for some types of user, "client certificates" will be implemented on the user's devices - on top of the internet's standard https: protocols.  In addition, our GoldSTAR Mobile (GSM) app uses both Client and Server certificates to ensure secure links between the devices and the server. 

2. Asset protection and resilience

Our hosting centre is physically protected from unauthorised access. Access to the data can only be obtained through the user interfaces, and database access is only via administrator level login, which is restricted to our own senior staff members.

3. Separation between users

Your system is always hosted on separate virtual machines and virtual networks, and protected by passwords that are unique to it. Different customer systems and Team Technologies own systems are totally separated.

4. Governance Framework

Team Technologies have robust security policies and processes defined in our information security management system (ISMS), which is regularly reviewed, updated and audited. Employees are regularly reminded of their information security and data protection (GDPR) responsibilities, trained, and tested to ensure compliance. All this is underpinned by our ISO27001 certification, independently audited by a UKAS approved organisation each year.

5. Operational security

Our operational staff are only given the lowest level of access required to do their jobs. We encourage our customers to ensure that their own user lists are regularly reviewed, and access is rescinded for people no longer requiring it. We have simple, streamlined, processes that all our staff are aware of for reporting security concerns, which are always investigated promptly.

6. Personnel security

All staff are vetted before being employed. Access to customer systems is not granted until the employee has completed a formal induction and demonstrated an understanding of our security processes.  

7. Secure development;

All our software development specifications take information security and data protection into account. Role based access to data is integral to our products. Within the hosted environment, our systems are designed to have no interaction with any servers or devices that are not part of our services to you.

8. Supply Chain security

We keep our supply chain as short as possible. Our data centre partner is committed to the highest levels of security. 

9. Secure User Management

Passwords for access to any systems are held securely on a system totally within Team Technologies' control. Management authorise any requested changes to authorisation levels, which are only granted on an 'as needed' basis. We train, advise and provide support for your administrator level users who have complete control over which users and devices are granted access to the system. All access and activity is recorded in our applications' logs.  

10. Identity and authentication

Access to the application is password protected, even for unattended devices such as TVMs, or automatic interfaces like a web ticket issuing system. Each user is granted one or more 'roles' which restrict what elements of the system they can access, and what they may see, edit or delete within the system. 

11. External interface protection

Automated interfaces that exchange data with your authorised devices and systems must use the correct credentials and passwords. Where it is not possible to create the communications link through a VPN with your own network, we utilise secure internet protocols alongside client certificates (and where appropriate, server certificates) to protect the data.  All our hosted servers are protected by automated intrusion detection and vulnerability scanning. 

12. Secure service administration

Access to the administration portal for our data centre is limited to a few senior administrators and additional authorisation is required to make changes to any customer's hosted systems.

13. Audit information for users

A full history is maintained of changes to any customer data made by the system's users and administrators, and an audit is kept of administrative access to the servers.

14. Secure use of the service

We actively encourage users to maintain their own passwords, not share login credentials, and regularly review who is granted access to their system.  Where mobile devices are involved, we go to significant lengths to help you keep your data secure.  Nevertheless there remains some obligation on you to help us enforce good practice, and to make sure that the right people have the right levels of access to protect your system and data. 

Talk to us today about a hosted disaster recovery system for your Team Technologies software installation - in  effect, an “insurance policy” for your customer data.