A little over thirty years ago I managed a small mini-computer. We had half a dozen dumb terminals (ADM 3a’s to be specific), a printing terminal and a couple other CRT devices. The total disk storage varied at times from five to seven megabytes. We backed up on 9-track magnetic tape.
The tape drive we had was good, but tapes themselves were notorious for failing in spots. One could do a backup, test it by re-reading the tape, store the tape and come back a few weeks later to find that the tape was corrupted at some point and the backup could not be read. For that reason many computer professionals argued that backups should not be encrypted. The argument was that if an unencrypted tape had been corrupted, with great work some of the data could be recovered; but with an encrypted tape all data after the error were lost. Part of the issue was the design of the encryption software, of course.
Today the vast majority of backups are encrypted. Storage is more reliable and people are more careful about what they might expose to unauthorized individuals. But not all backups are encrypted. We discuss the encrypting of backups in Learning Tree’s introduction to security course.
The data stored on the computer I managed was primarily student homework. There were some grades and possibly other sensitive stuff, but for the most part the files were not of a nature that could lead to ID theft or other serious consequences in the case of a breach.
In today’s world individuals and even small businesses have sensitive data on their computers. Because of this online backup companies such as Carbonite store their clients’ data encrypted. They even encrypt the data before sending it and while in transit so an eavesdropper can’t snag the data before it reaches their servers. This is good. (If you are evaluating an online backup service you should check to see how they manage encryption and encryption keys before you contract for the service.)
Many companies take physical backups using various media types and then send that data offsite. This is a good practice. Like online backup, it ensures that a fire or other catastrophe at the business’ site will not destroy the backups. Some companies even have much more complex data-continuity processes that involve backup data centers and the like. Those processes sometimes involve transfer of backups containing sensitive information to a remote location. Those backups should be encrypted.
Last week (the week of 8 October 2012) TD Bank revealed that it had lost some unencrypted backup tapes. Stories, such as the one in the Portland Press Herald, report that over a quarter of a million patrons’ data had been on those tapes. When I contacted TD Bank and asked why the backups had been unencrypted, the response of their spokesperson Rebecca Aceveda was “This is an isolated incident. TD takes customer privacy very seriously and we have policies and procedures in place to safeguard customer information. We continue to strengthen and enhance our processes to prevent this from happening again.”. It is understandable that the Bank would not comment further on the details. I wouldn’t, either.
So, do you encrypt backups? Should everyone?