back to article Should we be encrypting backups?

We all know that data protection regulations are gaining teeth. As we discussed before, it is becoming more difficult to keep data losses private, and the damage to reputation and other penalties incurred following data breaches are now significant. Data protection laws in particular are being tightened up, with the potential …

COMMENTS

This topic is closed for new posts.
  1. Pete 2 Silver badge

    rats!

    So you carefully encrypt your backups, record the barcode and encryption key in your register and send the tapes off to long term storage. However, the LTS place doesn't feed its vermin properly, so they've taken to chewing anything even remotely edible. That includes the stuck-on paper printed barcodes on your backups.

    5 years later, when the lawsuit hits the fan and you pull the backups to prove that the plaintiff is a lying B@.... This is the point where your defence counsel has to stand up in court and say "Terribly sorry, m'lud. A rat ate our backups." Beats the hell out of "a dog ate my homework".

  2. Chris Miller

    Yes and no

    In purely rational terms of 'bang for your buck', encrypting backup tapes ought to be near the bottom of your priority list*. Has there ever been a single instance of a backup tape being lost and the data held on it being read? To read it at all you would need access to some relatively expensive kit and even then, if (as is most likely) it's just a single random tape from a set, the data it contains would be largely meaningless.

    Hardware encryption for backups doesn't come cheap, and very few organizations will have the luxury of enough time to encrypt their backups in software. And managing the encryption process to ensure that you can successfully decode in order to restore data is not a trivial cost either.

    But in the real world, if the loss of a backup tape came to light and you couldn't say "don't worry, all the data is encrypted" the cost in loss of customer confidence and general bad press could be significant.

    * Note that this is true for the great majority of organizations that are unlikely to be subject to targeted attacks in order to steal their data. It doesn't apply to exceptional cases such as GCHQ, who ought to (and I'm sure do) encrypt their backups.

    1. Nick G
      Coffee/keyboard

      a single random tape...

      If it's anything like our backup system, you'd be lucky if it's just one. I restored an Excel spreadsheet last week that had, for reasons best known to our backup solution, been saved across five LTO-2 tapes...

  3. jake Silver badge

    Oh, c'mon ...

    Is this article serious? Secure corporate backup isn't exactly rocket science ... Even on my home systems, I have secure online access to around 35 years of my personal computing history. It's geographically redundant, hardware redundant, and OS redundant ... Thanks to modern storage systems, it's all transparently online ("right now") accessible, but I also have geographically redundant near-line & offline backups, both of which I can access from pretty much anywhere.

    Overkill for a home system? Probably. But as a research platform, it's (mostly) tax deductible.

  4. fatchap
    Go

    Compensating Controls

    Encryption in my mind should be the last line of defence when it comes to backup tapes. Firstly they should be stored securely and secondly they should be transported in secured containers. Both of these elements should be overseen by a good policy and sound procedures to reduce the risk of the designed controls being bypassed and to track the movements of tapes. These controls should be regularly audited to provide assurance that they are working.

    Only if all of these are considered to be inadequate should encryption and all its additional overhead be implemented.

  5. el-em
    Flame

    Decades old tape restore

    Having been through the challenge of trying to recover data off old tapes, encryption would have been the least of my worries... challenge number one was finding a drive to load the tape into - anyone say Quarter Inch Cartridge? How about 1 inch open reel?

    As early as 3 years ago I finally had permission to destroy open reel tapes dating back into the early 80's. The company management was not interested in the technicalities of tape echo, magnetic decomposition or the tangible "we don't have a drive to read it" - they just wanted to know the backups existed.... and it was the IT department's problem to restore if necessary.

    Adding hardware based encryption most likely means locking into a vendor, and hoping that vendor maintains backward compatibility and actually remains in business so that when that 10 year old backup is required you'll have kit to access it.

    Similarly for software encryption - backward compatibility is a must, and may lock in a vendor or two to your solution. It was bad enough with my last real disaster recover (fire) that finding an OLD enough copy of ArcServe proved to be the challenge to restore some legacy data.

  6. Daniel 23
    Big Brother

    No key? RIP!

    Surely, it is now illegal to "forget" the key(s) for any encrypted data?

    Using the RIP Act 2000, the courts can legally compel you to remember.

    http://www.theregister.co.uk/2008/10/14/ripa_self_incrimination_ruling/

    1. Chris Hatfield

      Yes, you can be JAILED if you forget your key

      This is utterly INSANE!!!

      I might start making random text files, encrypting them and them put them on my ememies' computers. They can then get arrested and jailed ..... MUHAHAHAHAHHA!

      If you do not encrypt your backups you are taking massive risks. Truth be told, it's an extra layer of hassle.

      I use Dropbox. I guess I will just have to trust the staff at Dropbox. I use a Truecrypt container for my most sensitive files. And it has plausible deniability so there is nothing to indicate that it's an encrypted file. (actually, I think I have forgotten the password for it.. drats)

      1. Charles 9

        Actually...

        ...TrueCrypt files have some key characteristics. They're always an exact multiple of 512 bytes in size AND their composition fits a chi-square distribution.

  7. Daniel B.
    Boffin

    Don't lose that private key, dude!

    I once decided to do a system-wide backup, and then encrypted the .tar.bz2 files with PGP. It was a wonder, as I had 8 CDs worth of backup data there for the picking, and secured so that losing them wouldn't mean somebody would read all the data in it.

    Then I lost the private key I used. I ended up with tons of data that I couldn't access, and my laptop decided to croak during this time. Fortunately, after 2 months of searching, I remembered that I had put a backup of my keyring on a floppy disk, conveniently stashed in my mom's safe deposit box. I was able to retrieve my backups; and I've made it so that the private key is now backed up in many different media as well. But damn, that was a close one!

  8. Nigel 11
    Grenade

    Another issue

    Make sure you know what happens if a small (one-bit? one-block?) error develops in your [GTP]bytes of encrypted backup media. Do you lose one bit ot one block when you restore? Or does the whole darned thing become un-decypherable and therefore useless?

    This backup has had its pin pulled and will self-destruct ten minutes before you need it. (Schrodinger's cat would be a better icon. Backups are simultaneously live and dead and you don't know which until you try to restore them)

  9. Ammaross Danan
    Boffin

    Title

    First, @fatchap, "transported in secured containers" is bullocks as a replacement or priority suppliment for encryption. I'm sure it takes more than just a hammer to get into 2048-bit-key encrypted data.

    For companies dumping their 500GB or less data to tape, and expecting it to last indefinately, they should really research alternatives. 500GB hard drives are very common, and NTFS isn't going anywhere. Also, many people have demonstrated the longevity of computers with "antiquicated" interfaces (think of the Floppy Drive, if it took that long to die, just think how hard it will be to kill USB 1/2.0, not to mention the kit that supports USB 1/2.0, and the OS to read NTFS). I say NTFS, because FAT doesn't allow for >4GB files (think TrueCrypt containers or the like). Fortunately for those using TrueCrypt for encryption, it doesn't require a license key and can install on ANY of those "old" systems that support USB and NTFS....convenient that. No more having to find some server with an ancient SCSI card (with drivers!) to hook up a dusty tape drive that probably has grime on the read-heads anyway (be sure to run a tape cleaner through it first!!!). Then loading an OS that supports the archaic (ArcServe!) software, and don't forget the license key!. Then hope that the particular file you want hasn't been corrupted due to degredations of some sort, or even worse, the index.... Hard drives aren't impervious either, but I am willing to bet that a hardly-used hard drive sitting on a shelf will degrade slower than a tape sitting in the same environment.

    That said, newer tapes and devices allow for storing many terabytes of data, which is currently impossible for single hard drives, and for large organizations, tape is the only way to go. However, the best solution would be regular restores and transfers of older tapes onto current-gen tapes to overcome degredation and outdating hardware. This of course is time consuming and probably best left to that 2nd year college student that the firm is interning for the summer...

    Lastly, for those "just store it online" folks, some regulators will prohibit some organizations from using such services because it can't be guarenteed to be "safe." If the data isn't encrypted locally, then shipped over an encrypted VPN point-to-point-style, and stored in encrypted form on said remote system, without the keys, then it is useless. (Uploading a TrueCrypt container to such a service would be plausible...). However, I would doubt dumping 400GB worth of data to an online service would be remotely cost-effective, let alone having "archived" copies available. And if you have to archive backups locally, why even bother with an online service anyway? (No, I'm not talking about home users with 10GB of unchanging data, saving to a service in case their house burns down. They can [and probably should] use such services, since that is for whom they are designed.).

    As for CDs/DVDs/Archival DVDs, these may look attractive, but I don't trust such media to store my data unless I have two copies. I've had enough disks that get a simple scratch for whatever reason, and then become coasters. And archival DVDs rated for >10yrs are simply as expensive as their tape counter-parts, but require even more uncommon hardware.

    /rant

This topic is closed for new posts.

Other stories you might like