Encryption Best Practices: Protecting Backed Up Data
•White Paper: Encryption Best Practices: Protecting Backed Up Data
Encrypting backed up data is increasingly becoming a priority, and developing procedures to easily manage encryption helps reinforce your data's security. The encryption types most commonly used, for example to secure commercial transactions over the Internet, are handled without requiring the user to know the encryption key. This kind of encryption, asymmetric encryption that uses a public key authority, is the most commonly used in protecting data.
To protect data you have backed up, symmetric encryption is preferable because the key is created, stored, and deleted locally, so the user backing up the data has control over the key. The fewer people that have access to the key, the more secure the encrypted data. A public key encryption method trusts the key value to an outside party; symmetric encryption protects the key with even greater security—local control. Along with control comes extra steps to protect the key. That means your site needs to put procedures in place so you protect the key, and at the same time, can quickly identify and retrieve the key when you need to decrypt the data.
As with most IT procedures, encryption best practices are simply a well thought-out series of standard tasks. Assuming that the encryption solution you are using enforces strong encryption, such as AES-256 (the federally approved encryption algorithm considered to be unbreakable), then the rest of the encryption best practices are simply a codification of common sense that includes:
- Having an overall security plan that includes the encryption of backed up data and defines the sets of data to be encrypted
- Identifying who can access encryption features and encrypted data
- Protecting key access with passwords and key nicknames (monikers) to shield the key so that the real key (that is, the numerical string) is never displayed as cleartext (that is, human readable text)
- Making backup copies of encryption keys
- Identifying how to track keys, passwords, and encrypted data
•White Paper: Encryption Best Practices: Protecting Backed Up Data