For the most part things for Enigma have properly returned to BAU, albeit with a change to our working environment with all staff now working from home.
During the second half of last week, we successfully managed to swing our off-site backups away from any dependancy on local tape media, and are now using AWS Cloud-based storage. We have utilised AWS (Amazon) in Sydney for this. We deemed this to be a critical change in order for us to maintain a robust approach to disaster recovery, without any reduction in our RTO or RPO (see definitions below). Our RTO is estimated to be ~<=48 hours and our RPO from off-site media is always intended to be ~24-48 hours (48 hrs would apply to weekend data entry, which tends to be far lower than week-day activity).
Given the urgent nature of our response we did not have any chance to stop and ask / inform our customers of these changes.
We do note some common sensitivities around data storage and also around data sovereignty, and have these considerations to share:
- You continue to deal with an NZ company directly; we remain responsible for creating and managing data backup sets for our hosted SaaS products.
- No other entity (other than AWS) is involved in holding or handling your data.
- Amazon (AWS), through controls and policy, does not have access to any of this data.
- The territory under which we operate, and the laws by which we are obligated to abide, have not changed.
Amazon has well established, data privacy and compliance policies – for more information please view:
In our view:
- We are satisfied that Amazon does not have any means to access our backup content, not only because of their own controls and policies, but also because the content which we are moving to store in their environment is encrypted before it is moved. Their FAQ page contains published statements such as: “We do not access or use your content for any purpose without your consent.”
- We are confident that the data is secure while at rest in AWS based on their public information, as well as the encryption which we have chosen to apply to that data. Our encrypted data is further encrypted at rest in AWS.
Despite all of the above, if you are a customer of Enigma, this does represent a change to the established way in which we deliver our services to you. If you, and / or your IT department / Privacy Officer have any concerns about this change to our service, then please get in touch with Enigma through your normal channels and let us know.
At this point in time, this is intended to be a temporary change to our services which will last for the duration of our COVID-19 lockdown; we need this alternative approach while we remain at levels which prevent us from being able to routinely access the data-centre environment for all non-critical issues.
Once our on-demand access to the data-centre has been restored, we will look to swing back to our tape based, off-site backup approach again.
It should be noted that during this lockdown period, we have ‘urgent, on request access’ to the data-centre. This is operated by appointment only; we have a 24/7 phone number to request such urgent access. We would reserve this type of access-request for cases where our staff strictly need to be on-site, such as a critical failure where we need to be local to diagnose a service fault.
Any questions, please contact Chris Wiltshire.
RTO ([Technical] Recovery Time Objective) is the time required to restore the system technically to an operational state after a failure.
RPO ([Technical] Recovery Point Objective) is measured backwards from the time of failure (not from time of recovery of service) and is the acceptable amount of data (in time units) to be lost before the time of failure.