Separation of Duties

Your #1 Ransomware Protection

How to Protect Your Data From Cyber-attacks

Today, your organization’s weakest link is “the human factor”. Separation of duties (SoD) protects you from ransomware attack, fraud and human error. It is also the way to avoid unwanted risk and conflicts of interest.

A single point of failure (SPoF) in your backup system can grind your business to a halt. We are all just human, and any trusted employee (on both administrative and technical levels) can make a mistake or with either good or bad intentions damage your backup. Proper separation of duties ensures that this can’t happen.

What is SOD concept illustration

What Does Separation of Duties Actually Mean?

The basic principle of Separation of Duties (SoD) is that no single person or group should be able to carry out all actions in a business-critical activity. SoD has for centuries been a well-known concept in almost any financial department. When it comes to IT security, SoD is a way to mitigate the risk of damage – accidental or intentional – to the integrity, confidentiality and availability of your data. SoD can protect against deletion of live data and subsequent backup data. In that way, you can gain protection against malicious ransomware/crypto-locker attacks and prevent operator errors and sabotage attempts. In short, SoD is a crucial risk management measure.

Backup-as-a-Service

With a Backup-as-a-Service solution, you get full separation of duties. First, your data is stored in our data center, keeping it physically separate from your own production environment, with all that this entails. Second, the solution offers logical Separation of Duties.

Logical and Physical Separation of Duties

The principle of SoD should be applied on multiple levels. On the logical level we have everything regarding credentials – that is what a given user can see and potentially leak or destroy. Logical SoD covers the virtual access to data.

The physical level is where your data is located – which specific servers store your data and their physical location. If someone breaks into that location or sets fire to your server, what would be the impact? Would your backup server be affected as well, or is that backup in another physical location?

How to Separate Your Live Data From Your Backup

data security icon

Logical Separation of Duties

No single administrator or user should be able to access both your backup data and your live data. Period. Even if this person is your most loyal, thorough or discrete employee, granting anyone that kind of access would be a serious security risk. Human error or blackmail are genuine risks that can compromise your data. The principle of SoD ensures that no single person has permission to access to both your live data and backups.

Risk prevention: Blackmail, fraud, human error or intentional damage.

business security icon

Physical Separation of Duties

All data in a cloud service or application are stored on a physical server at a physical location somewhere in the world. This means there is a potential risk of fire, electrical outages, earthquakes, terrorism etc. Another vulnerability is the people who can accesses these sites. Cleaning staff, electricians, maintenance crews and trespassers can all cause serious damage to your data – intentionally or unintentionally. With SoD, people with physical access to server sites are logged, and the same individuals are not able to access both your backup data site and your live data site.

Risk prevention: Fire, break-in, electrical outages, terrorism etc.

icon of three specialists

Concept of Critical Mass

The biggest challenge for practicing SoD is the heavy costs associated obtaining critical mass; Obviously, when you hire someone to be responsible for your backup, this same person shouldn’t be in charge of or operate your live data as well. But in real life, this separation of duties can be difficult– even for large enterprises. One approach is to run your own data center. However, even there, we often see a lax attitude toward the SoD guidelines, and maintaining a team of people dedicated solely to backup in case of vacation days, time off, sick days etc. is costly. And besides, it is hard to find IT professionals with high level of backup expertise.

Risk Prevention: Practicing SoD on vacation days, time off, sick days etc.

GDPR compliance concept illustration

Compliance

More and more IT auditors require Separation of Duties for technicians as well as in accounting. SoD can help with compliance with the EU’s General Data Protection Regulation (GDPR). The aim is to prevent conflicts of interest, abuse of power etc. as well as to make it possible to detect security breaches, data theft and the like.

Let’s Talk

We’re always ready for an informal conversation about our take on it-security and compliance. Get in touch today by using the form below.

graphic illustration of ransomware protection

Cyber-crime and Defense Strategies

Get in-depth insights from the Danish Centre for Cyber Security (CFCS) about the current threat assessments, common types of ransomware attacks, defense strategies, and new ecosystems within cyber-crime.

graphic illustration of ransomware protection

Ransomware Protection

The threat of a ransomware attack has never been more present than it is today, and organizations need to take severe measures for cybersecurity.

security investment graphic

5 Questions a CFO Needs to Ask IT Security

IT security is business critical and should never be considered a mere expense: Done right, IT Security has the potential to accelerate a business, and it can be a disaster if the right security systems aren’t in place.

visualisation of data classification

Guide to Data Classification

Can you put a price-tag on your data? A tier-based approach to storage and backup lets you optimize performance and cut-cost at the same time.