30 Oct 2018
In a word: encryption. An encrypted backup makes data useless to anyone without the encryption key – a highly secure passcode that not even your backup service provider should have. In other words, you create the encryption key, so even we don’t know what it is.
Put simply, encryption randomly ‘scrambles’ the data you store in the cloud and guarantees it can’t be used by anyone else. What’s more, with BackupVault you encrypt data before it leaves your computer or server, and not even we know what the encryption key is. So, your encrypted backup is fully secure en-route to our trusted cloud storage, as well as when it arrives and remains encrypted when at rest. Even if it’s intercepted, it’s not like anyone can use the encrypted data in its current form.
For the more technically minded, we use 256bit AES Galois Counter Mode encryption to encrypt customer data.
Only you have the encryption key. So the moral of this tale is… don’t lose your encryption key! With BackupVault there’s no way to reset an encryption key. This makes ours one of the best cloud backups available, so make sure you don’t do any of these things:
The most common ways of losing your encryption key
We’ve all done it: written something extremely important down, hidden it somewhere, and completely forgotten where – we’ve been so keen to keep it a secret that we’ve effectively lost it. Maybe we’ve been clever, and further encrypted it ourselves, like hiding a PIN in a telephone number, or by calling it something else. It’s admirable, but it can backfire if you’re the only one that has any idea what or where it is – especially if we’re talking about access to business-critical data in a fully secure offsite backup, whether that’s in the cloud or in a remote physical server.
It’s also worryingly common for the person who originally created and securely stored the encryption key to have left the company without passing on the encryption key, leaving you high and dry with no way to decrypt your secure offsite backup data. Ouch!
Yet perhaps the most ‘face-palm’ true story of all is the BackupVault customer who randomly entered a very long key in Word, and saved the file on the very server to be backed up with full encryption. The server then had a RAID disk failure. A bit of creative thinking involved asking a data recovery company really nicely to just locate the word document in question. Once we had this file and encryption key we could restore the rest of the data from the backup.
With these nightmare scenarios in mind, let’s look at some simple ways to ensure you avoid them…
How to store your encryption key safely (but still have access to it)
One of the most secure ways to store your encryption key is to keep it with your solicitor. There may be a nominal fee, but the reassurance will be well worth it – and it will almost certainly be less than the cost of effectively losing important data that’s may be stored securely in an encrypted backup. With a solicitor looking after it you can assign specific colleagues to be able to access the key, plus there will be a record of anyone requesting it, which adds another level of security. You will likely have some kind of insurance against the solicitor losing the encryption key, through theft, fire or flood, too. Another option is to give it to your bank manager.
Many customers simply give the responsibility to the company director and document this so that if he or she departs the business or organisation, there is a clear process for handover. You could even stipulate that the company director keeps another note of the key offsite at their home in a secure safe. After all, you don’t want to negate the value of having your most sensitive or business-critical data in one of the best cloud backups, by effectively losing the key to it.
All of this might sound a bit over the top, but we just want to ensure you enjoy the benefits of using BackupVault’s superior data security options.
Added data security with advanced encryption for cloud backup
An encrypted backup is one of the easiest and most effective ways to ensure your all-important data is protected – and that even if it is lost or intercepted by hacking, it’s no use to anyone without the encryption key. BackupVault takes great pride in being one of the most trusted and secure offsite backup providers, and our ‘hands-off’ approach to encryption is an important part of upholding our reputation. The least we can do is help you ensure you can access your encrypted backup data when you need it.
BackupVault provides fully automated, hassle-free, UK-based backup services to organisations all over the world – from small business to global brands, to public-sector clients and large corporate enterprises.