If your organization deals with legal, financial, or medical information you have an even greater obligation to protect that information. Even if you don’t have a legal requirement to store your backups in encrypted off-site storage, do you want to take any chances with your backups? A proper secure offsite storage provider must provide the following:
- Encrypt your data (at time of backup) using AES-256 bit encryption or above. While most vendors secure your data while it is being transferred to them many don’t encrypt your data while it is stored on their servers (they depend on system security alone). This means your data is one security breach away from being stolen.
- Transfer your data across your Internet connection using Secure Socket Layer (SSL) encryption. Transferring data across an unencrypted Internet connection won’t provide you with the security you need to protect your data.
- Utilize an encryption key that is unique to you. Encrypting all user’s data with a single system-wide encryption key is just not good enough. You should insist that your data is encrypted with an encryption key that is unique to your individual account. That way a security breach requires the “bad guys” to break each encryption key individually.
- Only allow access to data to those people that you specifically designate. Your information should be available to you and to anyone that you designate.
shadowSafe provides every site with a unique encryption key that it uses to encrypt user’s backup images at backup time, uses SSL while data is being transferred across the Internet), and doesn't allow users direct access to their backup images from any forward facing website (i.e. only vitalEsafe can provide you with copies of your backup images). Backup images are stored in Amazon's Glacier highly secure long-term storage that provides data durability of 99.999999999% (yes that's 1 chance in 100 billion that data can be lost).
Reason 5 - Can't backup while users continue working