Online backup strategy
Availability is one of the three key aspects of information security, it is also the most often neglected aspect. To safeguard against data lost due to harddisk crashes, backup is absolutely necessary. The backup idea is simple, just make a duplicate copy of the data and store it somewhere safe and ensure you can access the backup data when you need it. This simple idea is actually difficult to implement, cost of backup media and equipment, safe transport of media to the "safe" place, scheduling the backup job regularly, etc.... Things are even worst for home and small business users who have limited knowledge and resource. There are quite a few online storage companies marketing their solution as secure online backup solution. One company even offers 25GB of free storage space for anyone to store their files online.
The online backup vendors seem to all claim themselves as very secure and can protect your data properly. A lot of them simply copy your files via an SSL tunnel to their datacenter and store the file as is. Not sure how you like the idea of some other companies storing your important (sensitive) files and have access to them. I personally dislike that idea a lot and I think data should be encrypted before shipping over to the backup location.
There are some solutions that encrypt the data before shipping it over to the datacenter, making it impossible even for the online storage vendors to read your content (if the client hasn't been backdoor that is). While choosing an online backup vendor, be sure to look for encryption capability, encryption before you send them the data, that is.
Make sure you also periodically check to see if you can retrieve the data (unencrypt the data). For the encryption key, either select something that you can remember real well or have a copy of the key available somewhere. For the forgetful readers, you might want to consider copying the encryption key on a USB key drive and put that in your safety deposit box or other safe location (outside of your primary residence/office).
With the technology available today, backup is real easy and cheap. However, you must do some proper planning to ensure your backup data is safe and sound, most importantly, available when you need them.
You might also want to review our previous stories about backup:
http://isc.sans.org/diary.php?storyid=1589
http://isc.sans.org/diary.php?storyid=702
---------------------------------------Jason Lam, jason /at/ networksec.org
Application Security: Securing Web Apps, APIs, and Microservices | San Francisco | Nov 18th - Nov 23rd 2024 |
Comments