Disk Hero - Real Time Automated Online Data Backup



		Professionals Disk Hero data backup service helps professionals meet regulatory standards and maintain business continuity. Disk Hero understands the difficulty involved in complying with new and changing regulations and standards. In an effort to help the professionals using our service we have developed a resource center, dedicated to providing information regarding; 1) Regulatory Compliance, 2) Disaster Recovery Planning and 3) Vulnerability Assessment. These resources should not only help you better understand current regulatory and compliance issues, but should also help in developing a comprehensive contingency plan while recommending to clients the Disk Hero Service. A secure and REAL-TIME data backup system is an important aspect of regulatory compliance, disaster recovery and vulnerability assessment. Disk Hero provides an off-site data backup service.
Regulatory Compliance Sarbanes-Oxley Act Sarbanes-Oxley Act and Disk Hero Compliance Disk Hero supports your efforts towards Sarbanes-Oxley compliance. This reference reviews various aspects of the SOX Act and illustrates how Disk Hero helps institutions meet the requirements of various sections of the mandate. Sarbanes-Oxley Act - Community Forum This interactive community portal is designed to facilitate the exchange of information between those seeking to comply with the requirements of this important legislation. Sarbanes-Oxley Act/PCAOB Implementation Central An excellent resource that provides background, toll-free hotlines, guidance and tools. Gramm-Leach-Bliley Act Gramm-Leach-Bliley Act and Disk Hero Compliance As a result of the Safeguards Rule it is extremely important that financial institutions develop data backup policies. Learn how Disk Hero Data Backup can help your organization meet Gramm-Leach-Bliley requirements. Complying with the Safeguards Rule As part of its implementation of the GLB Act, the Federal Trade Commission (FTC) has issued the Safeguards Rule. Learn who must comply and how to comply. FTC Privacy Safeguards Rule, Application to CPAs Explains the specification for a comprehensive security program to ensure the security and confidentiality of customer information. Federal, State and Other Professional Regulations CPAs engaged in privacy advisory services and attestation must follow the pertinent, laws, rules, and standards. This resource provides an overview of developments on information privacy in the United States. Disaster Recovery and Contingency Planning The Importance of Disaster Recovery Plans If you do not have a plan or do have the idea that "it won't happen to you," consider the consequences. LINK = include both lines in the browser http://infotech.aicpa.org/Resources/System+Security+and+Reliability/Security/Disaster+Recovery /The+Importance+of+Disaster+Recovery+Plans.cfm Disaster recovery is a numbers game A computer contingency plan should have emergency, back-up, recovery, test and maintenance plans. Adequate computer contingency planning should help firms to quickly regain their capabilities to process information and get back in business. Vulnerability Assessment Common Vulnerabilities and Exposures Common Vulnerabilities and Exposures (CVE®) is a public repository of security vulnerabilities and exposures international in scope. This repository is free for public use. This is an effort to standardize the reporting of vulnerabilities and exposures. General Security Resources General IT Management & Planning Resources An excellent collection of resources that help organizations understand potential threats, principles and practices. Includes resources for assessing and establishing IT security. The Internet Security Alliance Case Studies of attacks on Small Businesses and a 12-step Program for Information Security Compliance & Validation HIPAA - Our agent software meets the encryption requirements for HIPAA transactions and file transfers via 3rd party software used for SSL encryption and file transfers. To see more information about HIPAA press here. To see more information on Sarbanes-Oxley Act press here. Section 508 of the Rehabilitation Act of 1973 Compliance Statements for Disk Hero™ Software Products FIPS - Disk Hero is in the process of gaining FIPS 140-1 and 140-2 (Federal Information Processing Standard) validation from the National Institute of Standards and Technology's (NIST) Cryptographic Module Validation (CMV) Program.
SECURITY: WHERE IS THE DATA STORED? Impenetrable Security Disk Hero's subscription service automatically backs up your desktop/laptop computer to the Disk Hero™ Data Center, using secure Internet connections. The process - from data transmission to storage to retrieval - meets the highest levels of security. Government-Level Protection Disk Hero uses the most powerful information defense available. The same encryption used to protect classified U.S. government documents in transit - 128-bit AES (Advanced Encryption Standard) - is used to encode and secure every file that Disk Hero™ handles. No other service offers this degree of protection. Files are stored encrypted Disk Hero encrypts your files at the data center. If someone were to intercept your data they would be unable to read any of it because of the encryption used, basically your files will show as a string of characters. press here to see an example of an encrypted file . Network Best Practices The Disk Hero™ Data Center is a secure facility with physical access limited to those with Disk Hero-provided clearance who maintain the systems. Any data received at our Data Center is immediately redundant because of the server configurations we use, as well as having full tape backups for third tier redundancy. If a power outage or disaster occurred our facility has full power self-sufficiency to remain operational. As a result, Disk Hero's founders have delivered better than 99.99% uptime over the past ten years. Firewall Best Practices Disk Hero's firewall policies do not permit any outside access to our Data Center servers, except through a designated port that accepts only the special protocol used by the Disk Hero application. This protocol has no general or macro capabilities; its only function is to allow the Disk Hero™ Agent (the software on the end-user computer) to perform authenticated, encrypted communication to its server counterpart (the data center). File Retention Best Practices To prevent unauthorized deletion of user data from Disk Hero™ servers, there are no commands that allow deletion in the client-server protocol. Operational control mechanisms prevent any unauthorized access to Connected Data Center servers. And, for every customer, we retain by default 5 versions of any file backed up to the Data Center so there is no need for days of backups for recovery if you did delete a file by accident Disk Hero has as many versions as you need. QUESTION Where will my files go when they are backing up? ANSWER Short Answer: Your files are compressed and encrypted before they leave your local drive. They are then stored for you on our servers. You can retrieve the files on the right side of the screen. When you retrieve the file it comes back to you decrypted so you do not need to do anything extra. Long Answer: Our database and web servers are located at the Oregon Via West facility. The facility has onsite security and NOC personnel 24x7. The main datacenter is card-key access only, managed by a gate guard, and anyone entering the datacenter has to be pre-registered hanging over there drivers license upon entry. We are located inside of a large locked cage within the datacenter. The datacenter uses CISCO PIX firewalls for border security, and we have our own firewall behind that. The servers are monitored 24/7 by NOC staff. All database data is replicated across facilities in Colorado, Utah, Oregon, Las Vegas, and Texas. We are partnered with a large data warehousing company for the file storage. We have multiple server complexes around the country to ensure that response time is excellent no matter where you are located, and the entire network, including the servers, is multiply redundant. We don’t do backups because of the huge amount of data we process. Instead, we replicate files to our other facilities so that even if an entire facility was taken out your data will still be available. This decentralization allows us a great deal of freedom and security for your data. On the hacking side, all data is encrypted with US government standard AES-128 bit encryption which has 3.4 x 1038 key combinations. To put that in perspective, in the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. In other words, by using a very sophisticated key exhaustion attack, the hardware could quickly determine which key was used to encrypt a message. Assuming that one could build a machine that could recover a DES key in one second, then it would take that machine approximately 149 trillion (thousand-billion) years to crack a 128-bit AES key.