Many organizations have a backup strategy and process, but deciding when and why backups should be encrypted can be a challenge. Our Technology Infrastructure experts have put together the information below to help you understand how to incorporate encrypted back ups into your overall back up strategy.
Considerations for why to encrypt
Deciding to encrypt your backups starts with assessing what data is included in your current back up process. If your backups contain any data that is important to an organization and there is a chance that that data could be accessed by non-authorized entities it should be encrypted. Essentially if there is any data that is or may be at risk the back up should be protected. If the backups end up in the wrong hands it may be possible to access the data.
Some common reasons that organizations encrypt backups:
- The media will be out of your hands (courier, briefcase, shipping).
- It could be misdirected (theft of tapes, remote site security breach).
- The backup data could be captured while replicating over a WAN link.
Considerations for when to encrypt
Encrypting backups can be a consideration for deduplication or performance. To get started, you should review your devices, connections, and procedures. This exercise will dictate where and how backups are encrypted to minimize impact while ensuring security.
- Traffic-shaping appliances to optimize WAN performance may see encrypted backups as all new data with a significant degradation or even elimination of dedupe. These can be tuned to reduce their impact or the encryption method may be adjusted.
- Some hardware dedupe appliances will not be able to dedupe encrypted data, depending on where it was encrypted and how they handle the encrypted data. It would be much better to encrypt at the appliance instead of in the backup software unless they are very tightly integrated.
- When the backups are written to disk and are in the same data center, there may not be a need to encrypt the data since the original data is in the same location. However, encryption might be justified if you are concerned about physical theft of a resource that contains sensitive information.
Encryption of the data should be part of your backup strategy and procedures. The design of your backup environment should include securing the data whenever there is a risk to it.
Please contact Peters & Associates if you would like a review of your backup environment and procedures. You can reach our Technology Infrastructure experts at firstname.lastname@example.org.