Encrypting only your backups is a waste of time!

So if you need to encrypt your backups due to sensitive data, but the source database is left unencrypted, this is pure folly, says Craig Moir of Encryptech.

If you are encrypting your backups but not your source database then you are wasting your time. Many organisations have databases with highly sensitive information in them and trustily encrypt their backups but leave the source databases unencrypted. This makes no sense at all as your backups are far less vulnerable than a database on a server, says Craig Moir of Encryptech.

Cyber criminals typically don't hack organisations backup and recovery infrastructure. This is too difficult. These systems are not customer/client/user/public facing systems and are predominantly offline. Additionally, somehow you have to find the right data amongst the other backups and catalogue sets, which could also be partial or incremental. And then it still has to be restored somewhere in order to steal it. The backup is probably encrypted anyway. The effort is futile.

Why try breach backups when cyber criminals can go straight to the unencrypted database itself and steal the sensitive information with minimum effort! And it is just so easy to find these databases, after all, everything is pointing to them, such as your user connections, application connections, Web servers etc.

To manually steal significant amounts of data is not practicable. It is much easier to steal whole databases containing millions of records than stealing the individual records themselves, so typically most data breaches are actually database breaches.

Once stolen, data from unencrypted databases is very easy to extract, as database servers store data in plain text. On the other hand, encrypted database are perfectly safe as you can't steal something you can't read.

A breach is not necessarily from the outside, insider threat also poses significant risk to organisations. A database administrator can extract data from the database files without even going into the database itself. Such data theft would go undetected as database security simply gets bypassed.

An unencrypted database is therefore at high risk from external and internal threats. Think #WikiLeaks, Edward Snowden and our own #GuptaLeaks and 'Master Deeds' leak.

So if you need to encrypt your backups due to sensitive data, but the source database is left unencrypted, then protecting something that is not really at risk while ignoring something that is at high risk is pure folly.

Encryption is the only effective way to secure any type of sensitive data, especially large volumes of data such as database servers. Your perimeter defences are going to get breached at some stage or another but at least make sure that when it happens you enjoy a 'Secure Breach' i.e. a breach where the stolen data is unusable as it has been encrypted and therefore you suffer zero data loss.

Encryptech can encrypt all types of databases on all platforms including Oracle Standard Edition and Enterprise Edition, SQLServer Standard Edition and Enterprise Edition, MySQL, PostgreSQL, e-mail servers, all Payroll and HR databases, file servers, document servers and Sharepoint.

We can encrypt on premises or in the cloud and offer hybrid solutions.

Click here to watch our database encryption video.

For more information on our Data Encryption services please contact us on:

info@encryptech.co.za
+27 11 593 2394
http://www.encryptech.co.za/

Share

Editorial contacts

Craig Moir
Encryptech
craig@mydba.co.za