Online Backup

Posted on 2012-09-13
Last Modified: 2012-09-14
Hi All

We are looking into getting one of our clients to backup to an online solution, but they need to ensure they are FSA and PCI compliant for the UK.

Information i have got from the online backup supplier is

1, https connection to the online system
2, Data is encrypted before leaving the server
3, Encryption can be used AES-256 and the client enters the password so if forgotten no recovery not possible.
4, Datacenter is held in Ireland

Has anyone else had to do this if so is there any other information that we need to be aware of?

Any advise would be appreciated,

Thanks in advance.
Question by:ncomper
    LVL 27

    Accepted Solution

    you can go with amazon s3 online backup service:

    For customers who must comply with regulatory standards such as PCI and HIPAA, Amazon S3’s data protection features can be used as part of an overall strategy to achieve compliance.

    Objects stored in a Region never leave the Region unless you transfer them out. For example, objects stored in the EU (Ireland) Region never leave the EU.

    You can securely upload/download your data to Amazon S3 via the SSL encrypted endpoints using the HTTPS protocol.

    Amazon S3 also provides multiple options for encryption of data at rest. If you prefer to manage your own encryption keys, you can use a client encryption library like the Amazon S3 Encryption Client to encrypt your data before uploading to Amazon S3.

    I use novastor backup solution to upload the data onto amazon s3 servers.
    But this is just an example.
    LVL 27

    Expert Comment

    this is a client that allows client side encryption:

    this is the free edition with some restrictions:
    LVL 1

    Expert Comment


    Refer below link, as in this link they have mentioned around 27 online backup services, see and choose good one..
    LVL 27

    Expert Comment

    yes, the acid test will be if they are hosting their datacenter in Ireland (EU), as amazon allows...

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now