Encrypted Backups Still Not All That Common

from the data-is-as-data-does dept

When all those data leaks of backup systems happened earlier this year, one of the questions asked was why were so few of those backups encrypted? That resulted in a spirited debate, where people discussed the pros and cons of encryption, and pointed out the even more important point: if the backups are secured physically, then you shouldn’t need encryption. In other words, this isn’t even a question if companies properly secured their backups. Still, it’s pretty clear that plenty of important data isn’t secured physically and isn’t encrypted — and all those data leaks haven’t changed very much. A new study shows that there’s been virtually no change in the percentage of companies that encrypt their backups, even if plenty say they plan on doing so at some point in the future.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Encrypted Backups Still Not All That Common”

Subscribe: RSS Leave a comment
amasa howard says:

It's really not a public debate

Data backups really aren’t a matter of public debate, it’s really a technique decision by the supernumeral tech for the for the organization. In the realm of customer data, the problem of sensitive/personal data being unencrypted is merely a symptom of the root issue, which is that we as a culture have readily parted with our government issued serialization because we were told “that’s the way it is”. It’s a cultural issue, not a technique issue. There’s really no good reason to give your SSN and DOB to anyone, for any reason, but sadly we do it anyway so we can have our credit cards, our cable tv, our cellular phones, our homes, our cars, etc.
How secure is a password that never changes?

Prent Rodgers says:


Companies don’t encrypt their tapes because it costs a lot of resources to encrypt. If it is done on the client machine, the CPU goes to 100% and stays there for the duration of the backup. If it is done on the server, there may not be a long enough window to run the encryption. If it is done on an outboard device, like Decru or others, the device costs money. A typical installation will have one encryption appliance per tape drive (or two or three, depending on throughput). If the company has 20 tape drives, that’s an investment of $1m or more. Plus they need appliances at the disaster recovery center to decrypt the data. It gets expensive, and that moves it off the radar of IT managers.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...