Should we be encrypting backups?
It’s about the restore, stupid
Workshop We all know that data protection regulations are gaining teeth. As we discussed before, it is becoming more difficult to keep data losses private, and the damage to reputation and other penalties incurred following data breaches are now significant.
Data protection laws in particular are being tightened up, with the potential for large financial penalties to be imposed for the loss or leakage of data. Fines may come not only from general data protection bodies, but also individual industry regulators in verticals such as financial services or healthcare. Data breach notification laws, pioneered very effectively by California, are planned for Europe. These have shown that the real cost of a data loss is the clean-up afterwards. Companies suffer from the loss of reputation and trust in a brand, as well as having to foot the bill for fraud monitoring, credit protection and possible recompense for those people affected.
Now, you may well be thinking: "That's all well and good, but how does it affect me?" Legislation is effectively raising the bar and sending a message that dealing with risks posed by a data breach is important, and that the efforts made to secure the data held will be used to determine the level of penalties should a breach occur. So doing nothing may be an option, but it will probably be a very expensive one. Accepting this, how can you approach what for many is a very murky problem – and can encryption help?
That old chestnut, off-site backup, is the traditional starting point for data protection. However this does involve risk at multiple points: transporting the backups, holding them at a third party, and then being able to recover the data at a future time. Encryption of the backed-up data certainly appears to be part of the solution: it enables safe transport and storage, providing the passwords or keys are kept separate from the data itself, of course.
However, backup is only half of the answer when it comes to data protection and availability - the flip-side is restoration of data if required. At this point, encryption makes things harder, not easier. How many companies have implemented a system to guarantee that encrypted information can be retrieved and restored? To do so requires a comprehensive catalogue of backups, combined with encryption key or password management information. It may be a challenge keeping records, especially as the retention periods for these data sets can extend into years and decades.
As a system of many interacting steps, many of which are complex and temperamental, the whole of the problem may seem like much more than the sum of its parts. Keeping a firm grip on encrypted data will be dependent on process, documentation and management tools. Regular testing of restore capability must also be part of the process, ideally as part of formal Governance, Risk and Compliance (GRC) procedures.
It is tempting to focus efforts on testing restores on fairly recent active data. After all, there are whole libraries of the old stuff! But is this really going to be enough? Indeed, if it can’t be guaranteed that old, encrypted data can be restored at some point in the future, is there really any point in keeping it at all?
Long-term access to backup data has many associated risks. For example, job rotation and rapid technology obsolescence mean that this is often left as a problem for somebody else to solve. The physical condition of the tape may deteriorate. Tape readers may become obsolete (even NASA has this problem). Encryption adds to the complexity of the problem of data restoration, and as with all the other issues this must be tackled to ensure long-term retrieval is viable. Process is as vital in ensuring success as the technology used, perhaps even more so as technology changes frequently but people are slow to change – as, to be fair, is the data.
We're not claiming to have all the answers here. But as encryption once again piques the interest of the media, it is worth considering the practicalities and ramifications when it comes to this fundamental area of data protection – that of backup and restore. Whatever approach is followed to encrypting backups, key management will likely become the over-riding issue to ensure that access to the data is still possible after many years. Tough as it sometimes can be, most organisations would not think of running important systems without backups and recovery plans in place. But neglecting the same with encrypted data and keys, lays a business open to losing access to important data with a very difficult path to recovery.
Have you ever had a data wipe-out from lost keys? Has encryption saved your bacon? Please let us know. ®
Sponsored: Becoming a Pragmatic Security Leader