Securing Data Backups – On-site and in the Cloud

The security of backups is multifaceted. Factors to be considered include encryption at rest, encryption during transmission if applicable, security of shipping if applicable, physical security, environmental controls to prevent damage, and record keeping in order to prevent loss, and to ensure that data is destroyed once the retention period has expired.

In situations where confidentiality is of importance, backups should be protected by means of encryption to prevent information disclosure. Encryption schemes also provide a level of integrity protection. This means that if someone attempts to modify the backup files it will be immediately obvious when the backup file is checked, because an error will occur when an attempt is made to decrypt the file. The best policy is to encrypt all backups, and require that exceptions have a documented, approved justification.

The encryption of backups should use well established algorithms such as AES-256. Backup products that do not disclose what encryption algorithm is being used should be avoided.

By their very nature, passwords used to protect backups tend to be used for a long time. If you force the passwords to be changed frequently, the backups would have to be decrypted at the time of each password change and re-encrypted using the new password. Hence organizations will often use a backup password for at least a year.  Because of this, backup passwords or passphrases should be long enough and complex enough to prevent brute force or rainbow table attacks. Ten characters or more are recommended.

Backup media and systems should be regularly tested to ensure that they can be relied upon for emergency use when necessary; this should be combined with a test of the restoration procedures and checked against the  restoration time required. Testing the ability to restore backed-up data should be performed onto dedicated test media, not by overwriting the original media in case the backup or restoration process fails and causes irreparable data damage or loss.

Backups should be stored in a remote location, at a sufficient distance to escape  any damage from a disaster at the main site. This is a strong motivation for using cloud based backup solutions. When using cloud based storage, the transmission channel should be encrypted, to both prevent eavesdroppers from making a copy during transmission, and to ensure integrity protection. Without the integrity protection, a malicious person might be able to damage the data during transmission, resulting in an inability to restore the data.

When storing backup data offsite, companies should perform due diligence to ensure that the storage facility provides appropriate levels of physical security and environmental protections. If physical media is being shipped to a remote site, a bonded courier should be used to ensure safe delivery of the media. 

The frequency and type (e.g. full or differential) should be based on the business requirements of the information. Accurate and complete records of the backup copies and a documented restoration procedure should be maintained and kept up to date. Once data is older than the required retention period it should be deleted.