Online Backup: SSL or AES encryption??

If you have been shopping around for an online data backup service, then you have probably noticed that many of the providers use two different terms when describing their encryption capabilities. Some say SSL, some say AES, and some say both. Which one is best? Here's the scoop:

SSL is an acronym for Secure Socket Layer. SSL is used to encrypt data during transmission. It scrambles data so that if someone taps the wire, they will only see scrambled data. Your browser knows how to decrypt the data from an SSL encrypted web page because when the request was made for the page, your browser and the web server exchanged a unique session key that is required to view the data. SSL is a well established and documented technology. In addition to browsers and web servers, many other data transmission systems implement SSL as well. This includes online data backup systems.

AES is an acronym for Advanced Encryption Standard. AES is a very secure encryption technology that has been through rigorous analysis and testing by the US Government as well as many universities and private organizations. AES is the encryption technology recommended for government top-secret documents. AES is used to encrypt any data for storage. Unlike SSL, AES is not a protocol that exchanges session id's and keys with a browser or any other system. When data is encrypted with AES, the same key that was used to encrypt the data is required to decrypt it. Whoever or whatever receives AES encrypted data, must have the encryption key to access the contents.

While SSL is good for encrypting data during transmission, AES is good for encrypting data for storage. Online backup is an interesting case for AES. Some of the secure online backup services encrypt the data with AES before it is transmitted to the off site Internet storage facility. This negates the need for SSL because the data is encrypted before it reaches the transport layer. Furthermore, the data will remain encrypted while at the offsite storage facility until a program beyond the transport layer uses the original encryption key to decrypt the data. In the case of a truly secure online backup service, the encryption key is never sent to the offsite storage facility, therefore, the data remains encrypted at all times and can only be decrypted by the owner who has the original encryption key. See this statement from one of the top-notch secure online backup services.

Just because an online backup service boast of SSL and AES doesn't necessarily mean they will keep your data secure. SSL by itself will prevent a wire-tapper from capturing your data as it flows through the internet, but it does nothing to protect your data from a number of other security problems. If a hacker gains access to the internal network of the online backup service provider, then your data may be exposed. But if your data is stored in encrypted form with strong encryption technology like AES, then a hacker would need your encryption key to get access to your data. But wait, there is another threat; what if a technician at the offsite data center uses your encryption key to access your private data. Don't rule it out, it is not unusual for businesses suffer losses due to inside jobs. If your data is strongly encrypted with AES, and your key is never known by the online backup service provider, then your data is safe from insiders as well as hackers. The last threat would be your own encryption key. As long as you use a reasonably good encryption key, your data will be safe, but if you use your name, telephone number, address, or any other personally identifiable information, then all bets are off.

So when you see an online backup service provider throwing around terms like SSL, encryption and AES; don't feel safe just yet, dig deeper and make sure they state how they use the technology to secure your data. And last but not least, use strong passwords and encryption keys.

Data recovered from hard disk drive after Columbia space shuttle disaster

Don't count on being this lucky with your data. The following article describes how hard disk drive data was recovered from a burned hard drive after the Columbia space shuttle crashed in 2003. There were other hard drives on board Columbia that have been recovered, but the data was not recoverable. In addition it can be quite expensive to recover data from a damaged hard drive. Your best bet is to backup your data on a regular schedule.



Data recovered from Columbia space shuttle disaster

By BRIAN BERGSTEIN
The Associated Press

Jon Edwards often manages what appears impossible. He has recovered precious data from computers wrecked in floods and fires.
Now Edwards may have set a new standard: He found information on a melted disk drive that fell from the sky when space shuttle Columbia disintegrated in 2003.
“When we got it, it was two hunks of metal stuck together. We couldn’t even tell it was a hard drive. It was burned and the edges were melted,” said Edwards, an engineer at Kroll Ontrack Inc.
Like other Columbia debris, the mangled disk drive turned up in Texas.

The recovered disk drive from Columbia had been used to capture data from a scientific experiment on the way xenon gas flows.

Comparing Data Backup to Insurance

Most responsible people understand why they need to buy insurance for their automobiles and homes. Insurance provides financial recovery in the event of an accident or loss. Most of us hope that we will never need to file a claim to recover from losses. In fact, most of us don't ever need to file a claim. Backing up your data is similar to automobile or homeowner insurance in that both are needed to recover from losses. However, there are some major differences worth noting.

Insurance is usually intended to protect against unexpected losses. You don't expect your house to burn down, and you don't expect to have any automobile accidents. You may not expect your hard disk to fail either, but this is where the big difference comes in. Every hard disk will fail, and most will fail without warning. There are almost no exceptions. I will say it again. Every hard disk drive will eventually fail!

Can you imagine how much your automobile insurance premium would be if you were certain to have an accident? In many cases the insurance companies expect you to have losses based on your driving record, and they charge you accordingly. Most of us have reasonable premiums because we drive carefully and avoid accidents. But, when you do have an accident, your premiums are probably going to go up.

Your data backup is there when you need it. And you certainly will need it. Your backup doesn't get more expensive based on how many losses you have experienced in the past. And the cost doesn't skyrocket as soon as you lose your data. Data backup is actually very reasonable in terms of cost when you consider the value that it is protecting.

Just like insurance policies, data backup systems are not all the same. Your insurance policy may have coverage limits, and exclusions. It may not cover every kind of loss. Same goes for data backup systems. If you are backing up to a portable hard disk, or dvd's, then you are protected against most hardware failures, but probably not protected against a natural disaster or even a fire at your home or office. If you are using an online backup system, then you may have the ultimate coverage that protects against wide variety of losses. When you compare the cost of an online backup subscription to the cost of an automobile policy, you will probably come to the same conclusion that I did. It's a great deal!