Mitigating risk with backup encryption

Backup data button on a keyboard

Organisations today are under more pressure than ever before to ensure that data is protected and secure. Yet with data volume growing rapidly and regulatory requirements mandating ever longer retention periods, the risk of a data breach is also growing. High profile cases such as the HMRC’s loss of 25m benefit records and new fears for patient data safety over a planned NHS shake-up, have attracted intense media scrutiny. Consequently, IT managers are being forced to reconsider how they protect data that goes off-site.

Companies involved in data breaches face more than just unwelcome headlines. Public disclosure of breaches can damage an organisation’s brand and reputation, and lead to remediation expenses, fines and civil litigation. With such high stakes, CIOs increasingly rely on channel partners to provide consultancy on the planning and redesign of existing storage strategies that align closely with security.

So how can this be achieved, and who is at risk? Resellers can ask the following questions to determine a customer’s risk level:

1. Are you storing proprietary information for your business?

2. Are you storing customers’ or employees’ personal information such as social security numbers, birthdates, financial records, health records, addresses?

3. Do you have offsite data retention requirements for disaster recovery?

Answering yes to any of the above questions means your customer is exposed to the risk of a data breach. Fortunately a sound data security policy, built around the encryption of backed up data can help mitigate this risk. Encryption at the backup stage effectively eliminates the damage associated with a data breach.

Securing data through encryption

The channel can help organisations implement a successful encryption solution by combining technology, processes and best practices for securing their backup tapes. If data is encrypted when taken off-site, it is inaccessible to anyone but the legitimate owners of the data.

There are three main types of encryption solutions available: software-based, appliance-based and drive-based and there are advantages and disadvantages associated with each approach.

Software-based encryption is the lowest cost solution but it slows data down in its movement from primary storage to removable storage devices or backup destinations.

Appliance-based encryption can address performance by sending backed up data through a hardware based appliance. However while this method is ideal for larger enterprises it is often too costly for smaller businesses.

The most effective option we recommend for businesses is drive-based encryption, a cost-effective and high-performance alternative. Drive-based encryption technology sits within the tape drive and encrypts data as it is written causing less slow down in data movement. This method solves the problems associated with other forms of encryption and is an ideal data protection solution for most businesses. Tape-level encryption also takes advantage of tape compression, which results in faster backup and lower costs without sacrificing performance. This can’t be achieved with software- and appliance-based methods.

Retrieving encrypted data

When data is encrypted it uses an algorithm to make the data inaccessible and creates a unique encryption key. Should the key be lost, the data is inaccessible but organisations can simply manage keys using the right tools.

For example key management solutions generate and allocate keys for all encrypted data. This enables an authorised user to seamlessly access encrypted data within their enterprise.

Implementing encryption best practices

Once an encryption and key management solution has been implemented, data is not necessarily secure. There is still a risk of hardware failure, disaster, or non-intentional or malicious action on the part of employees. To help prevent this, it is essential that best practices are followed on the use of encryption technology such as the following:

• Restrict key access

• Back-up the encryption key database on a daily basis

• Ensure backup copies of encryption keys are kept off-site

• Build redundancy into the encryption key management solution

• Ensure encryption key backups and redundant servers are secure

Maintaining trust

Data is the lifeblood of every business and its loss can cause substantial damage. Every company is a holder of sensitive data and is therefore wholly responsible for its security. By providing much needed guidance and consultancy on integrating backup encryption, key management and best practices into a wider storage strategy, the channel can leverage its expertise to build trust, strengthen relationships and capitalise from long term opportunities.