Secure Online Backup with unparalleled support
Header

A lot of people ask whether they should have multiple backup systems, and we usually answer yes. But care should be taken in configuring each backup system, so that there are no conflicts, or worse yet, surprises at restore time.

Since the days of DOS, the Microsoft operating systems have included a file attribute known as the “archive bit.” The archive bit is there for the specific purpose of noting whether a file has been backed up since the it was last changed. When the file is created or modified in any way, the archive bit is set “on.” When a backup system has backed up the file, the backup system may set the archive bit “off.” When there is only one backup system, this strategy is extremely effective. The backup system can rely on the status of the archive bit to determine whether any given file needs to be considered for backup.

However, imagine what happens with two backup systems, where each relies on the archive bit. A file is changed at 10:00am and the first backup runs at 6:00pm. The first backup notes the file has changed, backs it up, and sets the archive bit “off.” Then the second backup runs at 3:00am and skips every file changed before 6:00pm! Therefore one backup system will have backed up some of the changed files, and the other backup system will have backed up others. Neither will have a complete set, so really, both are less than useful.

With many backup systems, including Enveloc’s, there are ways to set it up so the archive bit status is not changed, or not considered. “Copy” mode creates a backup of every file but does not change the archive bit, so that the other system can consider just new or changed files. Or, instead of using the archive bit, with Enveloc you can backup based on the “Modified Date.” Or, you can use Disk Imaging as part of your backup strategy, keeping a complete copy not only of every file, but of the entire disk.

Making multiple backups can provide a deeper level of data security, but be sure you do it right. Call us at 877-368-3562 if you need help or ideas on how to make a reliable configuration.

We’ve all heard the old saw, “Hindsight is 20-20.” The problem is, correcting a deficiency AFTER the fact is generally helpful for the future, but of little immediate value when you have suffered a data loss. To successfully provide for any eventuality, planning is important – but the correct implementation is paramount.

In almost 30 years of working with computers I have seen more than my share of computers suffer hardware failures and cost their users valuable and critical data. In many cases, there was some sort of backup, but not all of them were actually usable for various reasons. Tapes can stretch, break or simply fail to be read. Thumb drives can be lost or damaged easily and hard drives can fail or develop file system errors that render them unreadable. Cloud-based backups put your data in some ethereal storage location and may make your data susceptible to hackers and other miscreants.Enveloc Remote Backup: No hindsight necessary.

Security is a rapidly-rising concern on the minds of the computing public as well. Many of us in the IT field are very happy to finally see this happening as the average user has historically been dangerously blasé about making sure their data is protected. If your backups are even encrypted in the first place, where is the key? Was it a key you made up and entered during installation or is it one that was generated for you? Who has access to that key and what measures are in place to prevent misuse?

Some people may think that effective remote backup services are expensive or difficult to manage. They are concerned that extra expenses and labor needs will make the solution not quite so cost-effective. Well, if you have a crystal ball, you can always just look ahead to the day your hard drive fails and then implement a plan a day or two beforehand. That will certainly save you money, time and effort. Unfortunately, that only works in fairy tales.

One more thing you should consider is the company behind the backup. Do the people who work there care about you, your data and whether or not you back up? Are they responsive and knowledgeable when you call them for support or just to ask a question or do they sound like they are reading from a script? Are they US-based or are they just part of a huge offshore call center handling thousands of companies’ customers? Most importantly, do they notify you if you do not back up on schedule? If the answer to all these questions is not a resounding “YES,” you are putting your faith in the wrong backup company.

The good news is the solution is fast, easy and affordable. Automatic offsite backup by the right company, using industry-proven methods and actively managing the backups can ensure that, regardless of what happens to your computer, your vital data is always protected.

A lot of people wonder whether an internet-based backup system is just a gimmick, invented by geeks who thought it would be cool to backup across the internet. Geeks may have thought it up, but there are valid business reasons to backup to a geographically distant location on hard drives instead of tapes.

Daily Rotating Backup Tapes

In the early days of computing, way back about 15 years ago and earlier, virtually all backup was tape-based. There would be a stack of 10 tapes, labeled Monday1 – Friday1 and Monday2 – Friday2. Someone had the job to replace the tape in the tape drive and take the just-completed tape home, bringing from home the next tape to be overwritten. Larger companies would have a storage service perform this function, with the added benefit of storage in a secure, controlled environment. Other companies would store tapes in their bank’s safe deposit box. Still other companies would not bother to take their tapes offsite but keep them in a safe in the office. Or just leave them sitting in the closet with the server.

So if there were a fire at the business, and the tapes were there, everything would be lost. Even if the tapes were in an ordinary firesafe, there was a good chance they’d be damaged because ordinary firesafes are designed to protect paper, not media.

But the offsite tapes presented another problem- the accessibility of securely stored tapes. Nights or weekends were problematical. As experienced in Katrina on the Gulf Coast, a lot of companies lost not only their production servers but their backup tapes down the street at the bank or storage facility.

So when bandwidth became affordable and available and was sufficient to transmit changed data, the internet became the best solution for getting the backup offsite. And storage on hard drives is more reliable and less expensive than tape storage, and far easier to manage.

There are companies that risk keeping their backups on removable hard drives in their offices or at a local storage facility. A tornado, or hurricane, fire, or flood can easily ruin both original data and backup copies. Why take a chance? Enveloc is secure, offers several levels of offsite storage, and is accessible twenty-four hours a day. Try our no-risk solution today!

Photo Credit: SaltyIrishDog @ Deviantart - Vault, Security, AES Encryption, Enveloc

There are lots of claims about encryption security, citing all different types of encryption, with exotic names like “blowfish” or “military grade.” Reminds me of the advertisements for a certain vegetable slicer – it would perfectly slice tomatoes, as long as they were green.

• Here’s what counts in encryption:
• Is the algorithm safe?
• Is the key secure?
• Who has the key?
• Is the data encrypted during transmission?
• Does the data remain encrypted at rest?

First, let’s consider the algorithm. Most knowledgeable people would agree that the US Government document FIPS-140-2 is a pretty good authority on which algorithms are secure. FIPS stands for Federal Information Processing Standards and the document is published by the National Institute of Standards and Technology. Among the algorithms specified in Annex A is TDEA, or “3DES.” The algorithm has been thoroughly tested for over 25 years and has no known weakness so long as certain implementation standards are met (avoid known weak keys, and use Keying Option 1 as described in NIST Special Publication 800-67). Enveloc conforms to these requirements for 3DES, which is the algorithm we use to encrypt the already user-encrypted backup sets prior to transmission.

The other, more important algorithm we use, also specified in Annex A to FIPS-140-2, is the Advanced Encryption Standard, or AES. This algorithm is described in FIPS 197. AES can be used in 112 bit, 192 bit or 256 bit mode. Enveloc only uses the 256 bit implementation of AES as described in FIPS 197. This is the algorithm used to encrypt the computer data during the compression-encryption phase, as it is placed in the backup sets.

So note that the only encryption algorithms we use are those approved by FIPS-140-2: the Triple Data Encryption Algorithm or 3DES, and the Advanced Encryption Standard or AES. For 3DES use Keying Option 1 which requires three 56 bit keys. For AES we use only the 256 bit implementation.

What about the key? Some companies assign you a key and they have a copy. Or they let you make one up and they have a copy. This is like writing the combination on the safe. If anyone has the key and the data, no matter how secure the algorithm, someone can read your data, and can do so without your knowing it. At Enveloc, we require that you create the key, and we do not have a copy unless you explicitly request that we keep one. Your key is encrypted on disc (using either AES256 or 3DES plus another technique) so that only our software – not a prying co-worker – can open it to use it during backup time. Otherwise, you’d have to be standing by at backup time to enter the key.

By the way, if you choose to store the key with us, it does reduce your security, but we take many steps to safeguard it. It is only transmitted once, itself in an encrypted state with a system key so that our employees cannot discover it. Only the programming staff knows how to decrypt it and we keep them locked in the basement (just kidding about the basement). When the technical staff are called on by the customer to forward the key, the automated process records notices to management and the request is verified just to be sure everything is in order.

Enveloc - AES 256-bit Encryption + Triple DES

So here’s a general idea of how everything works: at backup time, the user’s key is checked to be sure it hasn’t been tampered with, then recovered from disk and applied to the file data of files as they are compressed into the backup sets using AES256 bit encryption. The backup sets are then tested for integrity by doing a test decompress-decrypt (without writing to disk). Then the backup sets are 3DES encrypted with an Enveloc key for transmission. When they are received by Enveloc servers, they are checked for integrity and authenticity, then the “outer wrapper” of 3DES is removed. The data in the compressed files always remains encrypted with 256bit AES. Remember – we don’t have the key.

So say someone broke into your office and stole just the printout of your encryption key. Could they log in to your account and download your data? No way – only the machine that backs up can access the account, and then only through the Enveloc software. By prohibiting direct access to folders on our servers, we provide yet another layer of security for your data.

What happens if your backup computer is toast and you need to restore to another machine? We have made provision for that. You just identify yourself to our servers in a fresh installation of Enveloc software and your credentials will be provided for accessing the old account. But you will still need your encryption key.

Because we don’t have a copy of the key, one thing is extremely important: Don’t lose that key! Without it, your backup sets are useless since they cannot be decrypted.

So to summarize: Enveloc uses secure, NIST approved algorithms; the key is secured with those same algorithms and never leaves the client machine; the data is encrypted during transmission and at rest.

Another day we’ll talk about the security of our network centers. Do you know that some backup companies keep their servers in a garage?

If you would like your company’s data to be extremely well protected against access, hacking, theft, data mining, or any other nefarious activities while it is backed up offsite, call Enveloc and take us up on our 30 day no-risk guarantee: if for any reason at all you are not totally satisfied with Enveloc software and service, there will be no charge. Thanks for using Enveloc!