Backup Encryption: How Secure Is It?February 15th, 2012 | Posted by in Backup Concepts & Methods
There are lots of claims about encryption security, citing all different types of encryption, with exotic names like “blowfish” or “military grade.” Reminds me of the advertisements for a certain vegetable slicer – it would perfectly slice tomatoes, as long as they were green.
• Here’s what counts in encryption:
• Is the algorithm safe?
• Is the key secure?
• Who has the key?
• Is the data encrypted during transmission?
• Does the data remain encrypted at rest?
First, let’s consider the algorithm. Most knowledgeable people would agree that the US Government document FIPS-140-2 is a pretty good authority on which algorithms are secure. FIPS stands for Federal Information Processing Standards and the document is published by the National Institute of Standards and Technology. Among the algorithms specified in Annex A is TDEA, or “3DES.” The algorithm has been thoroughly tested for over 25 years and has no known weakness so long as certain implementation standards are met (avoid known weak keys, and use Keying Option 1 as described in NIST Special Publication 800-67). Enveloc conforms to these requirements for 3DES, which is the algorithm we use to encrypt the already user-encrypted backup sets prior to transmission.
The other, more important algorithm we use, also specified in Annex A to FIPS-140-2, is the Advanced Encryption Standard, or AES. This algorithm is described in FIPS 197. AES can be used in 112 bit, 192 bit or 256 bit mode. Enveloc only uses the 256 bit implementation of AES as described in FIPS 197. This is the algorithm used to encrypt the computer data during the compression-encryption phase, as it is placed in the backup sets.
So note that the only encryption algorithms we use are those approved by FIPS-140-2: the Triple Data Encryption Algorithm or 3DES, and the Advanced Encryption Standard or AES. For 3DES use Keying Option 1 which requires three 56 bit keys. For AES we use only the 256 bit implementation.
What about the key? Some companies assign you a key and they have a copy. Or they let you make one up and they have a copy. This is like writing the combination on the safe. If anyone has the key and the data, no matter how secure the algorithm, someone can read your data, and can do so without your knowing it. At Enveloc, we require that you create the key, and we do not have a copy unless you explicitly request that we keep one. Your key is encrypted on disc (using either AES256 or 3DES plus another technique) so that only our software – not a prying co-worker – can open it to use it during backup time. Otherwise, you’d have to be standing by at backup time to enter the key.
By the way, if you choose to store the key with us, it does reduce your security, but we take many steps to safeguard it. It is only transmitted once, itself in an encrypted state with a system key so that our employees cannot discover it. Only the programming staff knows how to decrypt it and we keep them locked in the basement (just kidding about the basement). When the technical staff are called on by the customer to forward the key, the automated process records notices to management and the request is verified just to be sure everything is in order.
So here’s a general idea of how everything works: at backup time, the user’s key is checked to be sure it hasn’t been tampered with, then recovered from disk and applied to the file data of files as they are compressed into the backup sets using AES256 bit encryption. The backup sets are then tested for integrity by doing a test decompress-decrypt (without writing to disk). Then the backup sets are 3DES encrypted with an Enveloc key for transmission. When they are received by Enveloc servers, they are checked for integrity and authenticity, then the “outer wrapper” of 3DES is removed. The data in the compressed files always remains encrypted with 256bit AES. Remember – we don’t have the key.
So say someone broke into your office and stole just the printout of your encryption key. Could they log in to your account and download your data? No way – only the machine that backs up can access the account, and then only through the Enveloc software. By prohibiting direct access to folders on our servers, we provide yet another layer of security for your data.
What happens if your backup computer is toast and you need to restore to another machine? We have made provision for that. You just identify yourself to our servers in a fresh installation of Enveloc software and your credentials will be provided for accessing the old account. But you will still need your encryption key.
Because we don’t have a copy of the key, one thing is extremely important: Don’t lose that key! Without it, your backup sets are useless since they cannot be decrypted.
So to summarize: Enveloc uses secure, NIST approved algorithms; the key is secured with those same algorithms and never leaves the client machine; the data is encrypted during transmission and at rest.
Another day we’ll talk about the security of our network centers. Do you know that some backup companies keep their servers in a garage?
If you would like your company’s data to be extremely well protected against access, hacking, theft, data mining, or any other nefarious activities while it is backed up offsite, call Enveloc and take us up on our 30 day no-risk guarantee: if for any reason at all you are not totally satisfied with Enveloc software and service, there will be no charge. Thanks for using Enveloc!