Data Backup Digest

Do-It-Yourself Windows File Recovery Software: A Comparison

results »

Encrypted backups: security and performance

Although more and more businesses are becoming aware of how vital it is to back up, a surprising number are not encrypting their data. It’s all very well having copies of your data, but what happens if they go missing or get stolen? It is especially important when your data contains sensitive and private information about your customers or associates. Lose this and you could be in a whole load of trouble. Adding encryption to your backup ensures that there is an extra layer of security on your data to help keep unwanted eyes out.
One program that will provide encryption to your backups is the open source program OpenSSL, which is easy to add into your existing backups too. Another is Amanda, which works on a whole host of operating systems and claims to be the most popular open source backup and recovery software. It supports up to 4096-bit keys with public-key cryptography and 256-bit AES encryption. Amanda is also a program that is easy to customize and scale.
When you are encrypting large amounts of data you are likely to see a large impact on the CPU usage. It varies depending on which encryption algorithm you use. Crypt.Gen.NZ performed a variety of tests to see how encryption affects performance on 8 gigabytes of data on a 1.0GHz Intel server. Their results showed that DES and DES3 took the longest (with the latter being close to half an hour), while AES-128 and AES-256 were much quicker in comparison. It’s difficult to know what toll encryption will take on a system due to varying factors. For example, if the output device is slow in the first place then you might not notice the extra time. Conversely, a high speed device could cause the CPU load to be very high.
Some businesses will skip encryption because of the performance implications, but this shouldn’t really be a viable reason to miss out something so important. There are some methods to try and get around this. There are devices available, like the CryptoStor from NeoScale Systems, which will connect between the host system and the storage device and perform encryption. You can also get tape drives from companies like IMB and Sun which can encrypt data. Another method to try would be compressing the data beforehand and then encrypting it. This is because the best algorithm will be one that is purely random and uncompressible, which is only achievable when you compress before encrypting.
Remember, encryption on your backups will stop intruders, but it’s pointless if they can access your key to unlock the data. You need to keep this just as secure as the data itself. Store them somewhere safe and update them regularly or when there’s a change of staff. Losing the encryption key means that you’ve lost the data too.
Is encrypting your data worth it? The bottom line is absolutely. It might cause some performance changes (variable depending on the type of encryption), but the extra layer of security to your data could be a life saver.


No comments yet. Sign in to add the first!