Data should be encrypted in transit. That’s the answer. Six words. This could be my shortest piece of advice I’ve ever given. When some company ships a pile of backup tapes from point A to point B, that’s “in transit.” Data on those tapes should be encrypted. Period. End of argument.
Let me put this another way. When people connect back to your network over the Internet, you’re using some kind of VPN, right? That would include encryption. You wouldn’t think of shutting down your IPsec or SSL VPN and going back to unencrypted PPTP, would you? “Of course not,” you say. Well, that’s data in transit. And they’re encrypted. Not because you think that anyone is necessarily trying to listen in. But just in case.
And it’s the same way with backup tapes that you plan to ship around. You can probably send tapes out every day, twice a day, even, for years and never lose a set. But you know what? As good as FedEx is, they’re going to lose one sooner or later. People lose things. It happens. And, just in case, the data should be encrypted. It’s cheap—there’s no excuse for not encrypting. By networking standards, tape drives are dog slow. Your average $300 home firewall will encrypt at 70 or 80 Mbps, nearly twice as fast as your typical DLT tape drive. And that dual CPU, 3.2 GHz server you’re using to drive the tape drives can do it without breaking a sweat.
What bothers me about this issue is the amazingly long rivers of text I’ve been seeing written by people who don’t get it about operations managers who should be fired. This is not a complex issue. This is a simple issue. I feel like Hemingway here. Encrypt your data.
Of course, I know why the tapes aren’t encrypted. It’s that status quo thing I wrote about last month. Operations managers have been directing backups for 10, maybe 20 years. Back then we never thought about the security of data on tapes and they’ve just never revisited the issue. The security team probably never thought to call up the operations team and ask about this topic.
But when the first lost backup tape story hit the news months ago, it should have shocked every single operations manager in the world into saying “I need to start encrypting data tomorrow.” Anyone who isn’t encrypting their backup tapes today needs to get fired tomorrow. There’s no excuse for not doing that today, other than incompetence.
Sure, if you want to do it right, there’s lots of details involved. Key management and escrow. Performance. Long-term compatibility. And those need to get solved. But you know what? You don’t have to do all that stuff if you just want to get started. You can click on the “Encrypt It” box in your backup software, put in a nice long password, and at least get started on the problem. You already have a procedure for managing passwords, right? A book, a vault, something like that? Use that, at least to start. Not being able to do it right on the first day is no excuse for not doing it at all.
Once we get those people out of the way, we can start in on the IT people who are passing out corporate laptops without encrypted hard drives. And a hint to the security team: if you’re not reaching into every corner of your company and asking these questions, your services could be “no longer required” shortly.