This is the third blog in our cybersecurity series from Lloyd Passingham, Arbor’s Senior DevSecOps Engineer. Before joining Arbor, Lloyd served in the military, bringing a unique perspective to his work in security. Passionate about safeguarding information and empowering others, Lloyd is dedicated to protecting Arbor’s data and fostering a strong culture of security both within the organisation and beyond.
Running a school throws enough curveballs; worrying about whether your MIS data is safely backed up shouldn’t be one of them. Your MIS holds the vital information at the operational core of your school. Let me lift the bonnet and show you how Arbor ensures your school’s information is safe, secure, and ready to be recovered if needed.
–
Encrypted: In-transit and at-rest
Just like we use modern TLS 1.3 encryption to secure your data in-transit to Arbor, we also protect it when it’s stored. All your school’s information rests securely within our virtual private cloud, encrypted using industry standard AES-256 encryption. Our comprehensive approach to data security and backups is independently audited to meet the ISO 27001:2022 standard.
–
Multiple layers of protection
We believe in a “belt and braces” approach. Relying on a single backup method isn’t enough, so we employ multiple, overlapping strategies to ensure your data is protected from different angles as well as aligning with the DfE and NCSC recommended 3-2-1 backup approach:
- Daily Snapshots: Imagine taking a photograph of your database every 24 hours. That’s essentially what our daily snapshots do. They provide a complete picture, allowing for a quick rollback to a recent state. While effective, the worst-case scenario could mean losing up to 24 hours of work – if we only relied on this method – which is why, unlike other MIS providers, we don’t stop here!
- Continuous Point-in-Time Recovery (PITR): This is where things get really clever. Alongside snapshots, we continuously stream backups, logging changes as they happen. This powerful system allows us to restore your Arbor MIS not just to a specific day, but to any specific second within the last 30 days. Accidentally overwritten the year’s timetable five minutes ago? With PITR, it’s highly likely we can wind the clock back and retrieve it precisely.
- File Versioning: What about all those important documents, reports, and policies you upload? We’ve got that covered too. Arbor automatically keeps previous versions of your uploaded files. If a file gets accidentally overwritten or deleted, you can breathe easy knowing we can restore an earlier version.
- Comprehensive Audit Logs: While not strictly a backup it’s worth talking about our database audit logs. Turning back time to revert a change, even just a few hours, could still be disruptive if you have to re-do your work. Have a chat with our support team who may be able to surgically undo some changes without needing to rollback your whole MIS.
–
Location, location, location
Having backups is great, but what if something happens to the place they’re stored? We’ve planned for that. All your backups are securely copied to three separate, geographically isolated data centres across the UK. This means they are physically distant from each other, safeguarding them against localised issues like fires, floods, or major power outages. Even if a significant incident impacts one location (which is extremely unlikely), your data remains secure and accessible from the other two.
–
Built to last
Once backups are created we’ve layered protections to make sure they stay safe and secure. Backups are stored using a tamper-proof Write-Once-Read-Many (WORM) format. This clever technology means that once a backup is written, it cannot be altered or deleted (until its planned expiry) protecting against accidental changes and malicious tampering.
Backups are stored in an environment that is logically separate from the live Arbor service. This is a vital defence against threats like ransomware, ensuring that even if the live system were compromised, the backups remain unaffected and available for recovery.
–
Tried and tested
A backup plan is only useful if you know it works. That’s why regularly testing our restore procedures is a standard part of our operations. We don’t just hope it works; we actively practice recovering data to ensure that if the worst happens, we can restore your service quickly, efficiently, and correctly.
–
Always on
You have a school to run; you shouldn’t need to worry about triggering backups. Our entire backup process is fully automated. Furthermore, we have sophisticated monitoring tools constantly watching over these systems. If any issue arises – whether it’s a hiccup in creating a backup or a problem during a test restore – our dedicated engineers are alerted immediately, ready to investigate and resolve it.
Behind the scenes, our DevOps team refines and tests our backup and recovery strategies. They ensure our approach not only meets today’s best practices but is also ready for tomorrow’s challenges. This all adds up to a robust system designed to give you confidence that your school’s data is safe, secure, and recoverable, letting you focus on your school.
