Encrypted Config Backups

Publication date: Sep 25, 2019

Last Published: Apr 16, 2021

Written by: Payam Pourkhomami, President & CEO, OSIbeyond

Table of Contents
Read Time : 4 minutes
encrypted config backup image

Data breaches are taking an increasing toll on organizations as administrators struggle to prevent data theft and keep sensitive information secure. According to Risk Based Security, more than 3,800 data breaches have hit organizations in 2019, an increase of 50% over the last four years.

“With organizations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs,” said Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services.

Encryption is one way how organizations can prevent cybercriminals from accessing business-critical files, but it’s important to encrypt more than personal files.

More specifically, the encryption of configuration backup files should be an integral part of every cybersecurity strategy because configuration backup files contain a host of vital information that should be kept private at all times, including admin passwords, usernames, emails, routing paths, Quality of Service (QoS) settings, Access Control Lists (ACLs), and more.

Benefits and Limitations of Encrypted Config Backups

Every organization needs to back up its files, and that includes configuration files. With organizations relying on a growing number of hardware and software products to satisfy their IT needs, ensuring that all the hardware and software assets a company owns are properly configured is vital. Each time an organization adds an asset to its network or replaces an existing one with an updated version, it relies on configuration backups to integrate the asset as quickly as possible.

The Need for Encryption

Without configuration backups, organizations would waste an unbelievable amount of time instead of spending it on more productive activities. However, storing the backups of configuration files of mission-critical hardware and software assets can be a double-edged sword because the files contain sensitive information that cybercriminals wouldn’t hesitate to exploit if they got their hands on it.

The solution is simple: encryption. By encrypting configuration backups, organizations make it impossible for cybercriminals to access the sensitive information contained in them without depriving themselves of the ability to quickly integrate new assets and recover from configuration problems caused by human error.

Benefits Outweigh Limitations

Data encryption transforms configuration backups into an unreadable, scrambled format with the help of a cryptographic algorithm and a secret key. Even if encrypted configuration backups get stolen by cybercriminals, it won’t be possible to read them. Only a secret key can reverse encrypted information back to a readable format, and it would take cybercriminals billions of years to crack the encryption.

The only noteworthy limitation of encrypting configuration backups is the fact that it blocks data deduplication, whose purpose is to decrease the size of backup files. From the point of view of the data deduplication software, all encrypted configuration backups appear as different though they may contain duplicate information. Achieving a higher deduplication ratio is possible only by disabling encryption. Considering the size of the average configuration file, losing data deduplication isn’t typically a problem, which is why the benefits of encrypting configuration backups greatly outweigh the limitations associated with data encryption.

Encryption Best Practices

For the encryption of configuration backups to be as effective as possible, it’s important to adhere to several encryption best practices, which include the following:

  • Automate the encryption process: Configuration backups should be encrypted automatically when created. Manual encryption is time-consuming, and relying on the human factor is never a good idea when it comes to security.
  • Use strong passwords: Even the strongest encryption algorithms are only as strong as your password. A good password doesn’t include any real information, such as dates, names, and telephone numbers, and it is at least 8 characters long, containing a mixture of alphabetic, numeric, and special characters.
  • Adhere to best password management practices: Just like organizations keep sensitive documents in a safe place, they must also protect their passwords from falling in the wrong hands by keeping them secret and changing them regularly.

When implemented correctly, the encryption of configuration backups can be a powerful defense tool against cybercriminals looking to exploit any sensitive information they can get their hands on.


Organization across all industries are at a growing risk of a data breach, and encryption is one of the most important methods for providing data security. Because configuration backups contain a lot of sensitive information, their encryption is an important part of every cybersecurity strategy, and neglecting it could have disastrous consequences.

To discuss implementing configuration backups within your organization, consult an experienced MSSP.

Written by: Payam Pourkhomami, President & CEO, OSIbeyond

Related Posts: