Ensuring that data backups are stored securely is crucial for protecting SMBs' business and customer data.

The Next Step in Data Backup: Security

September 15, 2015 Tech4BusinessNow Article

Are you backing up your SMB’s business data to the cloud? Take these steps to make sure it’s secure.

By Andrea Holved

The key to business continuity—and providing excellent customer service—is maintaining quality backups of all of your business data. Then, if disaster strikes, you can easily replace whatever data’s been lost and continue operations as usual—and your customers won’t have to face any negative consequences.

We’ve covered the topic of making sure your SMB has a strong strategy for data backup. In that story, we focused on how to ensure that you’ll be able to recover the data you’ve lost. Efficient data recovery is the whole point of creating backups, but another important aspect of data backups is making sure they’re secure.

Just because data is in the cloud and easy to access doesn’t mean it’s secure.  “Data in the cloud is usually constantly under attack. Not necessarily your data, or my data, but just cloud providers in general,” says Nick Espinosa, the CIO at Chicago-based IT consulting firm BSSI2. “If for some reason the provider you’re using isn’t properly securing the back-end… then you have a greater potential of having your data stolen.”

Major cloud storage providers are doing everything they can to protect themselves and their customers. But you should take steps to shield your business—and your customers—from your storage provider’s potential vulnerabilities.

Read more about how security threats pose big hurdle for BYOD.

Read more about protecting the passwords that protect your business.

“First you need to make sure that the backup file created on site is encrypted with AES 256 or higher,” says James Wirth, CEO of the Lexington, S.C.-based IT consulting firm SC IT Support. “Then you need to use a cloud storage that encrypts the data stream. And then they need to have a high level of security on site. Most importantly, you should be the only one that has the encryption keys. Then and only then can you be safe.”

Let’s break that down step-by-step:

Encrypt the backup file

“The most critical point to consider when securing a backup is, without a doubt, encryption,” Espinosa says.

You can encrypt anything from a single file to an entire drive using encryption software. There are dozens of options, some of which are open-source, cross-platform and free to use.

Your entire data backup should be packaged together as one file and that file should be encrypted at 256-bit AES—”at a minimum,” he says. “Anything less than that and you are susceptible to an attack.

“Ideally all encryption is running at 448-bit strength, though many providers are not at that level yet,” he says. “448-bit [encryption] would be essentially impossible to break… I consider it the gold standard.”

Upload to cloud storage provider via encrypted data stream

Your encrypted backup file, or container, should also be encrypted while it is being uploaded to your cloud storage provider—again, at a minimum of 256-bit AES.

“That is critical,” Espinosa says. And if your provider doesn’t or won’t disclose the encryption-level of their connection, don’t use them.

Ensure your cloud storage provider encrypts the ‘at rest’ file

“If you are storing your data in the cloud, you do not want your provider to have access to your data. All you want your provider to do is provide storage for your encrypted container,” Espinosa says. And that storage should be tightly encrypted itself at—you guessed it—a minimum of 256-bit AES.

“Any provider you’re planning on going with should be interviewed” with regard to their database security, Espinosa says, both in terms of encryption level and physical data-center protections.

Keep your encryption keys on lockdown

If security is up to par, your provider won’t be able to log into your account for you, or be able to reset your password. That may sound unnerving but, Espinosa says, “The best possible way to ensure your data is private is that no one has access to the data expect you.”

Of course, with no reset button to push, remembering your encryption key is essential to gaining access to your backup. Storing it somewhere separate from your data backup is essential, and usually the best bet is to store it in a secure physical location, like a safe.

“With a good encryption system,” Espinosa says, “if you lose the key, you’ve lost the data.”

This article was underwritten by HP: Introducing HP BusinessNow, the right technology to help your business grow.