For most organisations, backups form an essential part of the day to day activities of IT operations. They keep users happy in the short term, as individuals can recover files lost due to accident, incompetence or system failure. They keep the business moving, as systems and services can be protected and recovered. And they help get things going again, in the case of ultimate disaster.
In all of these scenarios however, what we really mean is that it is the flipside of backup that is important. Backups are essentially a doorstop unless the systems or information can be restored to functional use. This is an area that all too many companies neglect to test regularly, and can be a significant business risk if not addressed. Tapes can, or more likely will, fail. Equipment such as the tape drive, once out of production, will rapidly become obsolete. While the backup may be tied closely to the physical system, even if the backup is good, a suitable system to restore to may not be available – although eBay may help in some cases! Even if one moves to use online or hosted services, there is no guarantee that the provider will remain in business, making backups even more important.
So, both backup and recovery are an essential element of business function and continuity. However, they are also a source of risk from a data protection point of view. Backups contain the low-level about the company – not just data, but entire systems, configurations and raw information. In addition, bnd backups tend to move about a lot. They move inside the organisation, they are transported outside and are frequently stored in multiple locations. Keeping track of backup media is hard, even for the best companies. We frequently hear of lost backups that cannot be traced.
Now, why should companies worry if the data on backups go missing? Surely we can just take another backup? That might cover the business risk internally, in terms of having something to restore should a failure or similar happen. However, it doesn’t cover the external aspects of the data loss, which is an area that is already under increasing scrutiny from regulators. Regulations surrounding the loss of data already have had sanctions increased while individual industry regulators may take their own view. With new regulations coming that will require any losses to be disclosed, the cost in terms of notification, compensation, reputation and brand will only go up and up.
The most effective method for reducing the level of risk associated with a backup is to encrypt the data it contains. This ensures that should the backup be lost or stolen, it is not feasible to access and restore the data without appropriate pass codes or decryption keys. Achieving this should be relatively straightforward, Many IT managers agree that backups are vital to protect, but few do so.
So if encryption of backups is so important, why isn’t everyone doing it? While not every organisation is aware of the risks of data loss through unprotected backups, there will also quite a number of companies that will have quantified the potential cost implications and decided to ignore the risks rather than doing anything about them.
Near the top of the list of challenges are also technology hurdles which get in the way of practical encryption implementations – software encryption has its own limitations such as loss of compression capability (increasing the number of tapes required), and higher processor requirements to encrypt the data. Hardware encryption may tie the backups to individual drives, resulting in complexities when recovering data.
Key management is another concern that has been talked about for years but still remains a bugbear. In many cases, different systems will have independent key management systems and processes. Bringing these together will be challenging, but necessary, with firm control of process, documentation and management tools. In many cases, key management for backup encryption will need to fit in with the key management systems across the business. Regular testing to ensure that nothing gets broken accidentally, particularly as systems are upgraded or keys are rotated. Crucially, testing should cover not just verification of recent backups which are top of mind in most cases, but should also cover the old information which is sitting in archive libraries, which many IT managers may have never touched.
Encryption on backups should be considered in the light of what it is that really matters, namely the successful restoration of systems and data, over a period of not only years, but potentially many decades given regulations regarding data retention for regulatory purposes. Perhaps the biggest mitigating factor is that encryption is not yet a seamless part of either process or infrastructure, leading to complex trade-offs and tactical decision making which fails to take the longer term issues into account.
Given the problems involved, it is no wonder that many companies choose to skirt the issue. As the shadow of compliance and legislation creeps ever closer, IT managers will have less and less wiggle room, so plentiful planning now will help to achieve a much better result at the end.
Originally published on InfoSecurity (www.infosec.co.uk)