This article was originally posted on Data Center Journal. To see the original article, click here.
Following the relentless activities of cybercriminals trying to steal data for profitable ends, encryption has now almost become a de facto requirement to protect data. With data as a valuable commodity, the choice is no longer whether to encrypt, but how to do it most effectively.
While many companies invest heavily in fortifying their main systems, they neglect two critical areas: backup servers or drives. And, data transmission for backup or other reasons, when left neglected, can cause the same damage.
Encrypting data offers the obvious solution of allowing safe transport and storage for data. However, simply selecting a good encryption method from the plethora of options available and keeping the encryption key separate from the main data is not enough. With encryption, restoring data (when required) becomes harder, and organizations often forget to pay attention to this often overlooked, yet critical, factor.
Backup is only one part of the solution. Retrieving is the other half. Retrieving data requires maintaining a comprehensive catalog of backups, tagged with encryption keys or password management information. Even though this sounds simple and straightforward, this has stumped even the most meticulous and professionally run organizations. The fact that the retention period for data sets can extend out to decades also increases the challenge.
Some key challenges of encrypting backup data include:
- Having processes, backed by management tools and documentation, to keep a firm grip on encrypted data.
- Regular testing of restore capacity incorporated into the process to ensure that the backup data is retrievable when required. This should ideally become part of a formal Governance, Risk and Compliance (GRC) procedure.
- Extending regular testing of restore capacity, not just to recently archived data, but to old data as well. Unless the data is retrievable, there is no point in wasting resources storing it.
- Identifying clear responsibilities for encryption keys and ensuring these responsibilities are handed over when the employee leaves the organization.
Most organizations would not even dream of running operations for a single day without backups and recovery plans in place. However, neglecting to take due diligence with encrypted data and keys means they are doing exactly that without realizing it. At STORServer, we can provide you with consulting services on how best to handle encrypting backup data for your organization. Contact us today for a consultation.