The Necessity of Securing Backups
Another case of lost backups has recently been featured on the pages of Slashdot. Let’s just hope that the “proprietary compression and encoding tools” place the strength of their cipher on a key, rather than a proprietor’s secret cipher algorithm. The article seems to suggest that third-party security consultants were unable to decipher the data because of proprietary software. A reasonable person should wonder if these consultants may have been able to decipher the data, if they had access to the backup system’s proprietary technical information. A better test of the backup’s security provides such information to third-party consultants. Since people who have had exposure to the proprietary technical information are potential adversaries to the data’s security, the provision of the technical information strengthens the testing of the data’s security.
Not that strong ciphers are unbreakable, rather, all that is needed for success is some combination of computing power and time.