Shropshire Data Protection and Data Security
7 Day Week Data Security Service
In-House Data Storage
A&A Computer Repair takes Data Security and Data Protection very seriously. Before we start working with customer - clients hard disk drive, we either clone the drive or backup the data.
When the repair is complete, the customers data - clients data is data is stored for approx 1mth ("just in-case") before being permanently deleted.
In-house data is stored on a dedicated Data Server which uses a RAID system where all data is automatically backed up. The Data Server is also backed up to a second system and also to a standalone drive which is secured in a safe.
If a customers data - clients data needs to retained for more than one month, it is also saved to the data server.
If a customer asks for their stored data to be removed from our systems, we always comply within 24 hours (usually within minutes).
Plus; we NEVER view customers data (we NEVER view customers files), unless a customer specifically asks us to do so.
Storing Data Online
Our advice on storing data online (storing data in the cloud) is "do not do it".
By storing data on a third party server, if that server is compromised or hacked, access to the data could be gained and the data could be accessed, downloaded or infected with malware, shared or made public. Please note that the many publicised incidents of data hacking etc are most likely "the tip of the iceberg". We advise that data should not be stored online, but rather should be stored onsite via a RAID system and a backup should be kept in a secure location - off site.
A File Server is simply a computer which is accessed by multiple computers on a network and which stores and serves files to network users.
So; in a typical home or business server based network, multiple network users (eg; employees or family members) will work on and save files to a server. Those files can then be accessed from any computer on the network.
Typically, a server will use a RAID system which allows multiple disks to be seen as a single unit. Please note; it is good practice when working with RAID systems to try and use identical drives (preferably from the same batch).
RAID 0 = 2 or more disks are "striped". This simply means that data is spread across the drives. So; if 2x 1tb drives are configured as RAID 0; the computer will see the 2x 1tb drives as a single 2tb drive.
RAID 0 with redundancy is typically where an additional drive is added and configured to be an unused spare. The spare drive would start up if one of the drives is failing. Data from that drive would then be copied to the spare and the the failed unit would be replaced (the replacement would become the spare). Please note that we advise using predictive failure (if available).
RAID 1 = 2 or more disks are "mirrored". This simply means that data saved to drive 1 is simultaneously copied to drive 2. Therefore; if either drive in a 2 drive RAID 1 set fails, the data will still be available.
RAID 1 with redundancy is typically where an additional drive is added and configured to be an unused spare. As with RAID 0 and RAID 5, the spare drive would start up if one of the drives is failing. Data from the failing drive would then be copied to the spare and the the failed unit would be replaced (the replacement would become the spare).
RAID 5 = 3 or more disks are written with parity. This simply means that data is spread over all drives but it is also duplicated. Therefore if any single drive fails, no data will be lost. When the failed drive is replaced, the server should simply rebuild the RAID set.
RAID 5 with redundancy requires at least 4x drives and is typically where an additional drive is added and configured to be an unused spare. As with RAID 0 and RAID 1, the spare drive would start up if one of the drives is failing. Data from the failing drive would then be copied to the spare and the the failed unit would be replaced (the replacement would become the spare).
RAID 10 = 4 or more disks are used to combine RAID 0 and RAID 1 in that 2 or more drives are striped (seen as a single drive) and then mirrored. So if 4x 1tb drives are configured as RAID 10, the first 2x 1tb drives would be seen as a single 2tb drive and the other 2x 1tb drives would also be seen as a 2tb drive but data would be saved to both 2tb drives simultaneously.
Recommendations; the best RAID system is probably RAID 5.
A true file server is basically a stand alone PC which runs an operating system such as Microsoft Windows. If running RAID, it is recommended that the server should have a hardware RAID controller (rather than Software RAID controller) as these tend to be faster and more reliable. Please note; if a RAID controller fails, you will typically need the same type of controller to access your data. Therefore it is important to source a readily available system such as the HP Microserver (Gen 8 upward - but check the specifications of the RAID controller).
It is possible to configure NAS boxes to behave as a file server but these tend to be slower and less reliable (but do not require a windows installation). Please also note that NAS boxes tend to use their own RAID configuration systems. This often means that if a NAS box fails, the data will not be accessible unless the drives are transplanted into the same type of NAS box, and anti virus software usually cannot be installed onto an NAS box.
Note; If considering a true file server, please note that Anti Virus software will be required and that many brands of popular Anti Virus software will not run on Windows Server software (such as MS Windows Server 2008). A license for Server Anti Virus software will often cost several hundred pounds per year. However, in many cases this will not be an issue as Windows 10 will often "be fine".
Also; please note that due to limitations of the operating system, Windows typically cannot boot from a drive larger than 2tb. Therefore; if creating a RAID set of 8tb, a dedicated drive (or RAID 1 unit) will typically be required as a boot device (but this is "good practice"). It should be noted that MS Windows often installs updates. This process can cause issues and it is theoretically possible for data to be overwritten during the update. If the file server boots from one drive but stores data on another drive, the danger of Personal Data corruption on the dedicated Personal Data drive whilst updating is virtually eliminated.
Booting from a disk larger than 2tb in size is possible if the drive (RAID or otherwise) is configured as GPT, the system must use the UEFI firmware (this "used to be" the BIOS) and the operating system must be 64 bit version (Windows Vista or above).2tb in size is possible if the drive (RAID or otherwise) is configured as GPT, the system must use the UEFI firmware (this "used to be" the BIOS) and the operating system must be 64 bit version (Windows Vista or above).
Small businesses etc which hold and process Personal Data about clients, employees or suppliers are legally obliged to protect the Personal Data.
Personal Data can only be collected for a specific purpose.
Personal Data must be kept secure.
Personal Data must be relevant and "up to date".
Personal Data should only be retained whilst it is needed and should be limited to the specific data required.
The subject of the Data must be allowed to see it upon request.
UK Data Protection law is changing on 25th May 2018 and small businesses etc need to be ready for the General Data Protection Regulation (GDPR). The UK Information Commisioners Office (ICO) has produced a package of tools and resources to help small businesses etc prepare.
General Data Protection Regulation
All UK Businesses must be GDPR compliant by 25th May 2018. From this date onward, UK businesses will be held responsible in the event of personal data loss etc, even if this is the result of being hacked.
From May 25th 2018, businesses will be held responsible for the security of their database and for the consequences of any intrusion. If private data is accessed, the business may be prosecuted by the ICO (Information Commissioners Office). Individual clients will also have the right to sue with respect to negligence.
Additionally; responsibility for informing clients of any breach of security lies with the business holding the personal data.
Please see; ICO Guide to Data Protection
Government Bodies etc
For the past several years, Kaspersky anti virus and Security products have earned a reputation as premier products. Indeed, we regularly recommend and install Kaspersky products.
However; UK service personnel, Government bodies and UK Government contractors etc are advised that Kaspersky is a Russian product. In the event of a virus, malware infection or security breach, the use of Russian security software in the current political climate could be an issue.
Shropshire Computer Repair
Email us; email@example.com
Orleton Lane, Wellington, Telford, Shropshire
Dudley Business Directory Sponsors
Shrewsbury Business Directory Sponsors
Telford Business Directory Sponsors
Walsall Business Directory Sponsors