Bryan, There are companies that specialize in the service. I don't have any particular references for you, but if you are dealing with financial data, there are some legal considerations with regard to privacy. If your clients security is breached you've got some major legal problems( whose problem it is depends entirely on whatever agreements you have made ). Secondly, if you use a brand name, you can highlight your service provider as part of their overall quality( unless you specialize in this service yourself, which presumably you do not ). An important aspect to this area is that the real liabilities of financial( and medical ) data storage( most importantly: credit cards ) has been _drastically de-emphasized_ in recent years. This is, in my estimation, due entirely to the expansion of overseas service provider market. Managing these liabilities gets *very expensive* for operations outside of the US[1], and major industry groups want to eliminate the liabilities of the class of actors who rightly should be responsible. NASSCOM did make an ostensible effort to tighten data security in India[2]. My interpretation of this is that it is primarily a PR move, and that there is no way that India is taking the costly precautions necessary in an already tight and possibly languishing services market, for doing so would require a combination of both internal corporate security and national legislation. My prediction is that as soon as litigation in this sector is seen as profitable by the general law community, things will get far more expensive for everyone involved. This is just the first company that came up on google ads: http://www.rsync.net/index.html Good luck in your project. Sincerely, Joshua Zeidner [1] consider the amount of critical data that gets sent overseas to places like India where there are virtually no privacy protection laws. Who is liable in this case? Who is liable for trade secrets? Critical company or customer information? It is a huge problem that overseas providers are conveniently overlooking. [2] http://news.com.com/India+to+tighten+offshoring+data+security/2100-1011_3-6070186.html On 3/30/07, Bryan O'Neal wrote: > > I have a financial broker that needs offsite backups, but as a financial > institution they have more sensitive information then I am used to dealing > with out side the confines of the government and I am not sure what needs to > be done (legal speaking) to protect the data. I would like to slap some > cheep server in a cheep colo with an encrypted drive and just pump automated > backups over an ssh tunnel using rsync (Like I do for my companies backups) > but I do not know if there are any specific security (Physical and > encryption) rules that I need to meet. Rite now my companies back up server > rotates through the homes of the key players, but I don't think that is a > good idea for a machine that holds non-public information. > > > > I know there are a few of you who work (or worked) for other, larger, > financial institutions. How did you handle offsite backups? > > > > It's late and been a long day so if this message does not make sense let > me know ;) > > > > *Bryan O'Neal** > Cornerstone Homes & Development, Inc.* > 4220 E. McDowell Rd Ste. #108 > Mesa, AZ 85215 > (480) 505-1900 > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- .0000. communication. .0001. development. .0010. strategy. .0100. appeal. JOSHUA M. ZEIDNER IT Consultant $wisdom{'mcluhan'} = "Publication is a self-invasion of privacy."; ( 602 ) 490 8006 jjzeidner@gmail.com