FileHold was asked by an existing customer about cloud security and back up. The answer follows;
FileHold Cloud Backup
FileHold offers comprehensive daily backups through Azure Backup. All databases, documents, repository and full text indexes are fully protected from accident or disaster. Full backups are done daily with snapshots of the last two days for quick recovery. Incremental backups extend this protection for the next two weeks. Then we keep a weekly, monthly and yearly backup for as long as you need coverage. FileHold can also be configured for soft delete protection at the application level, for the last thousand days, so you can undelete any accidents.
SQL Data is a special protected instance. The SQL Data disk is backed up as part of the Azure VM, but Azure Backup connects to our SQL Databases specifically pulls the data into its own backup. So we have a double backup of SQL in effect.
Daily Backup of all required data is on a 2-week backup rotation. Azure Backup uses a full back up on its first invocation and then uses incremental backups for every backup after that. The default backup program is: Daily for 14 days, weekly for 12 weeks, monthly for 60 months, and yearly for 10 years.
RTPO (RPO and RTO), Backup Retention, Uptime SLA
We pass through Microsoft Azure’s uptime guarantees from the IaaS perspective. As for restoring from backup, our standard backup retention: Snapshot retention last 2 days. The default incremental backup program retention is: Daily for 14 days, weekly for 12 weeks, monthly for 60 months, and yearly for 10 years.
RPO: 24 hours (daily backups)
RTO: 4 hours
These are currently set to standard values for tier-3 non-critical applications. We aim to respond to all support issues between our support hours of Midnight to 4pm Pacific. So we like to say our RTO is best effort to get you running as soon as possible. Snapshots from the last 2 days can be restored quickly. If you request to restore from backup (files, or snapshots) then that can be a billable service as per our SLA.
The most typical restore is undeleting a file in FileHold. FileHold can be configured for soft delete protection at the application level, for the last thousand days, so you can undelete any accidents.
Security breach or data leak process and protocol
- Breach outside of our control that Microsoft monitors
- FileHold employees we monitor
- FH Audit Log monitors your users
Upon becoming aware of a Security Incident involving protected information, Microsoft will report the Security Incident to the emergency contact or administrator(s) of the affected Azure subscriptions. Microsoft will report any information it has developed on PI involved in a security breach within 30 days after discovery of the breach. FileHold employees sign NDA as it relates to customer's data privacy. Any detected breach will be reported to customers on a best-effort basis. FileHold has an audit log for document access from the clients (web, mobile, and FDA) so you can rest assure only the intended users are viewing documents.
Data at rest, transit and Encryption
Data at rest is automatically encrypted server-side. All Managed Disks/Snapshots/Images and new data written to existing Managed Disks are automatically encrypted-at-rest with keys managed by Microsoft. Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. Azure Storage encryption is similar to BitLocker encryption on Windows. Encryption doesn't affect performance and it doesn't have any extra cost.
For data in transit, Transport Layer Security (TLS) protocol is used to protect data when it's traveling between the cloud services and customers. This applies to all transit, including interacting with the Azure portal, REST API, SMB 3.0 Fileshares, and FileHold services.
We use Azure Disk Encryption to encrypt Windows VM disks. Disk Encryption combines the industry-standard Windows BitLocker feature to provide volume encryption for the OS and the data disks.