Understanding data security in backup software
by Clay Levering, on Feb 19, 2015 3:09:40 PM
“Backup Software” is so much more than just your vacation photos
Over the years, I’ve had many conversations with friends or family members where I’ve had to explain not just what I do as a “Senior Product Manager” but also what the “Backup Software” industry is itself. Many people hear the word “Backup” and they tend to think about nothing more than if they have copies of their photos or videos. While that isn’t wrong (in fact it’s really important!), it doesn’t do much to convey the larger or more important aspects of “Backup Software.”
Eventually, I found a way to describe “Backup Software” in a way that seems to strike a much clearer image and helps many of those people I mentioned earlier understand what I’m working on. Not only do they now understand what I do, many of them also start to ask questions about their own backup strategies. The description I’ve found that works best in these conversations is almost deceptively simple:
Backup software is the Life Insurance plan for your most valuable data.
Often, I’ll immediately follow up with questions like:
- “If tomorrow morning you woke up and every computer and cell phone you own today had been stolen or destroyed, how much data would you lose?”
- “If your data was stolen, how much personal or private data would the thief have access to that they shouldn’t like a Social Security number or bank information?”
- “How many days would you be out of work, or would your business have to close its doors to recover?”
- “Could it recover at all if every Excel or Word document was nowhere to be found?”
Renaming “Backup Software” to “Data Insurance”
No matter what level of “tech” the person I’m talking to ends up being, these questions and statements help get the point across that “Backup Software” isn’t really just “Backup Software”, it’s “Data Insurance”. Even my friends that don’t have life insurance (or they do but don’t know the details of it), are likely going to understand how important it is and by renaming it, the same is true for “Backup Software”. Even the simplest life insurance policy or backup policy is going to require forethought and some very clear decision making. Actually, choosing backup software and a backup policy has quite a few similarities to choosing an insurance company and a specific life insurance plan.
One incredibly important aspect that both backup data and insurance policies share is that they both (generally) contain personal or private data that needs to be secured against theft or misuse. For an insurance policy, this might be done by buying a fire-proof safe or renting a safety deposit box. When attempting to secure your backup data, there are many methods that can be used such as: data encryption, rotating media sets or even re-using that fire-proof safe you’re using with the life insurance policy.
In this series - Understanding data security in backup software - I’m going to do my best to outline some of these methods. In this post, I’ll be outlining the basics of data encryption and some simple definitions we’re going to need for the rest of the series. The rest of the series will focus on choosing encryption methods, creating a backup policy to help increase data security through process, and we will also outline some industry-specific concerns about backup data security.
Data encryption at a glance
The topic of data encryption or cryptography is so large and important that there are entire economies built around it and I would do it a disservice to try and work through every aspect available. If you’d like to learn more about encryption, Google will never fail you. That said, I would recommend starting with this excellent comic by Jeff Moser for both some historical and technical aspects of modern encryption.
Instead of going down every path possible, I’m going to review just a few of the most modern data encryption technologies and terms in use today:
- Data Encryption - The actual process of encrypting data is a bit too complex to cover here (see Jeff Moser’s comic above), but can be neatly summarized:
Data Encryption is the process of completely re-writing the bits of a particular file or stream of data using an algorithm so that the data itself is obscured from being read without providing a secret key / password of some type.
• Using our life insurance analogy above, data encryption is the fire-proof safe you’re storing the policy inside.
- Algorithm / Cipher - An algorithm (or cipher) is the method / formula used when reading or writing an encrypted file. The simplest example is the Caeser Cipher where you shift any letter over by 1 letter. So “Caeser Cipher” becomes “Dbftfs Djqifs” (C+1 = D, a+1 = b, etc).
• Going back to our analogy, the algorithm is what material the safe you’re using is constructed from.
- Key / Secret Key / Password - These three terms don’t always mean the same thing in every case, but for our purposes these terms define a user-entered value that works to “customize” an encryption algorithm. Once an algorithm has been customized by a key, only the people or applications that are given that user-defined value will be able to interpret that data - even if the app or person knows the original, un-customized algorithm.
• For our analogy, the key is the code on your safe’s lock.
- “Bit” / “Bitrate” - In the context of data encryption, these two terms help indicate how complex or strong an encryption setting will be. For example, selecting “AES-256” encryption means that it will use a 256-bit key to customize the AES algorithm.
• Back to our analogy, the bitrate is how many digits need to be entered into the lock on the safe to open it.
- AES - Short for Advanced Encryption Standard, the AES algorithm has become the ‘de facto’ standard due to its wide acceptance by governments and its open-source nature. AES will typically be referenced with an associated number / bitrate to indicate its complexity / strength, such as: AES-256.