Secure Online Backup with unparalleled support
Header

We’ve all heard the old saw, “Hindsight is 20-20.” The problem is, correcting a deficiency AFTER the fact is generally helpful for the future, but of little immediate value when you have suffered a data loss. To successfully provide for any eventuality, planning is important – but the correct implementation is paramount.

In almost 30 years of working with computers I have seen more than my share of computers suffer hardware failures and cost their users valuable and critical data. In many cases, there was some sort of backup, but not all of them were actually usable for various reasons. Tapes can stretch, break or simply fail to be read. Thumb drives can be lost or damaged easily and hard drives can fail or develop file system errors that render them unreadable. Cloud-based backups put your data in some ethereal storage location and may make your data susceptible to hackers and other miscreants.Enveloc Remote Backup: No hindsight necessary.

Security is a rapidly-rising concern on the minds of the computing public as well. Many of us in the IT field are very happy to finally see this happening as the average user has historically been dangerously blasé about making sure their data is protected. If your backups are even encrypted in the first place, where is the key? Was it a key you made up and entered during installation or is it one that was generated for you? Who has access to that key and what measures are in place to prevent misuse?

Some people may think that effective remote backup services are expensive or difficult to manage. They are concerned that extra expenses and labor needs will make the solution not quite so cost-effective. Well, if you have a crystal ball, you can always just look ahead to the day your hard drive fails and then implement a plan a day or two beforehand. That will certainly save you money, time and effort. Unfortunately, that only works in fairy tales.

One more thing you should consider is the company behind the backup. Do the people who work there care about you, your data and whether or not you back up? Are they responsive and knowledgeable when you call them for support or just to ask a question or do they sound like they are reading from a script? Are they US-based or are they just part of a huge offshore call center handling thousands of companies’ customers? Most importantly, do they notify you if you do not back up on schedule? If the answer to all these questions is not a resounding “YES,” you are putting your faith in the wrong backup company.

The good news is the solution is fast, easy and affordable. Automatic offsite backup by the right company, using industry-proven methods and actively managing the backups can ensure that, regardless of what happens to your computer, your vital data is always protected.

Photo Credit: SaltyIrishDog @ Deviantart - Vault, Security, AES Encryption, Enveloc

There are lots of claims about encryption security, citing all different types of encryption, with exotic names like “blowfish” or “military grade.” Reminds me of the advertisements for a certain vegetable slicer – it would perfectly slice tomatoes, as long as they were green.

• Here’s what counts in encryption:
• Is the algorithm safe?
• Is the key secure?
• Who has the key?
• Is the data encrypted during transmission?
• Does the data remain encrypted at rest?

First, let’s consider the algorithm. Most knowledgeable people would agree that the US Government document FIPS-140-2 is a pretty good authority on which algorithms are secure. FIPS stands for Federal Information Processing Standards and the document is published by the National Institute of Standards and Technology. Among the algorithms specified in Annex A is TDEA, or “3DES.” The algorithm has been thoroughly tested for over 25 years and has no known weakness so long as certain implementation standards are met (avoid known weak keys, and use Keying Option 1 as described in NIST Special Publication 800-67). Enveloc conforms to these requirements for 3DES, which is the algorithm we use to encrypt the already user-encrypted backup sets prior to transmission.

The other, more important algorithm we use, also specified in Annex A to FIPS-140-2, is the Advanced Encryption Standard, or AES. This algorithm is described in FIPS 197. AES can be used in 112 bit, 192 bit or 256 bit mode. Enveloc only uses the 256 bit implementation of AES as described in FIPS 197. This is the algorithm used to encrypt the computer data during the compression-encryption phase, as it is placed in the backup sets.

So note that the only encryption algorithms we use are those approved by FIPS-140-2: the Triple Data Encryption Algorithm or 3DES, and the Advanced Encryption Standard or AES. For 3DES use Keying Option 1 which requires three 56 bit keys. For AES we use only the 256 bit implementation.

What about the key? Some companies assign you a key and they have a copy. Or they let you make one up and they have a copy. This is like writing the combination on the safe. If anyone has the key and the data, no matter how secure the algorithm, someone can read your data, and can do so without your knowing it. At Enveloc, we require that you create the key, and we do not have a copy unless you explicitly request that we keep one. Your key is encrypted on disc (using either AES256 or 3DES plus another technique) so that only our software – not a prying co-worker – can open it to use it during backup time. Otherwise, you’d have to be standing by at backup time to enter the key.

By the way, if you choose to store the key with us, it does reduce your security, but we take many steps to safeguard it. It is only transmitted once, itself in an encrypted state with a system key so that our employees cannot discover it. Only the programming staff knows how to decrypt it and we keep them locked in the basement (just kidding about the basement). When the technical staff are called on by the customer to forward the key, the automated process records notices to management and the request is verified just to be sure everything is in order.

Enveloc - AES 256-bit Encryption + Triple DES

So here’s a general idea of how everything works: at backup time, the user’s key is checked to be sure it hasn’t been tampered with, then recovered from disk and applied to the file data of files as they are compressed into the backup sets using AES256 bit encryption. The backup sets are then tested for integrity by doing a test decompress-decrypt (without writing to disk). Then the backup sets are 3DES encrypted with an Enveloc key for transmission. When they are received by Enveloc servers, they are checked for integrity and authenticity, then the “outer wrapper” of 3DES is removed. The data in the compressed files always remains encrypted with 256bit AES. Remember – we don’t have the key.

So say someone broke into your office and stole just the printout of your encryption key. Could they log in to your account and download your data? No way – only the machine that backs up can access the account, and then only through the Enveloc software. By prohibiting direct access to folders on our servers, we provide yet another layer of security for your data.

What happens if your backup computer is toast and you need to restore to another machine? We have made provision for that. You just identify yourself to our servers in a fresh installation of Enveloc software and your credentials will be provided for accessing the old account. But you will still need your encryption key.

Because we don’t have a copy of the key, one thing is extremely important: Don’t lose that key! Without it, your backup sets are useless since they cannot be decrypted.

So to summarize: Enveloc uses secure, NIST approved algorithms; the key is secured with those same algorithms and never leaves the client machine; the data is encrypted during transmission and at rest.

Another day we’ll talk about the security of our network centers. Do you know that some backup companies keep their servers in a garage?

If you would like your company’s data to be extremely well protected against access, hacking, theft, data mining, or any other nefarious activities while it is backed up offsite, call Enveloc and take us up on our 30 day no-risk guarantee: if for any reason at all you are not totally satisfied with Enveloc software and service, there will be no charge. Thanks for using Enveloc!