Encrypted Config Backups

Publication date: Sep 25, 2019

Last Published: Mar 30, 2020

Written by: Payam Pourkhomami, President & CEO, OSIbeyond

Table of Contents
Read Time : 4 minutes
encrypted config backup image

Data breaches are taking an increasing toll on organizations as administrators struggle to prevent data theft and keep sensitive information secure. According to Risk Based Security, more than 3,800 data breaches have hit organizations in 2019, an increase of 50% over the last four years.

“With organizations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs,” said Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services.

Encryption is one way how organizations can prevent cybercriminals from accessing business-critical files, but it’s important to encrypt more than personal files.

More specifically, the encryption of configuration backup files should be an integral part of every cybersecurity strategy because configuration backup files contain a host of vital information that should be kept private at all times, including admin passwords, usernames, emails, routing paths, Quality of Service (QoS) settings, Access Control Lists (ACLs), and more.

Benefits and Limitations of Encrypted Config Backups

Every organization needs to back up its files, and that includes configuration files. With organizations relying on a growing number of hardware and software products to satisfy their IT needs, ensuring that all the hardware and software assets a company owns are properly configured is vital. Each time an organization adds an asset to its network or replaces an existing one with an updated version, it relies on configuration backups to integrate the asset as quickly as possible.

The Need for Encryption

Without configuration backups, organizations would waste an unbelievable amount of time instead of spending it on more productive activities. However, storing the backups of configuration files of mission-critical hardware and software assets can be a double-edged sword because the files contain sensitive information that cybercriminals wouldn’t hesitate to exploit if they got their hands on it.

The solution is simple: encryption. By encrypting configuration backups, organizations make it impossible for cybercriminals to access the sensitive information contained in them without depriving themselves of the ability to quickly integrate new assets and recover from configuration problems caused by human error.

Benefits Outweigh Limitations

Data encryption transforms configuration backups into an unreadable, scrambled format with the help of a cryptographic algorithm and a secret key. Even if encrypted configuration backups get stolen by cybercriminals, it won’t be possible to read them. Only a secret key can reverse encrypted information back to a readable format, and it would take cybercriminals billions of years to crack the encryption.

The only noteworthy limitation of encrypting configuration backups is the fact that it blocks data deduplication, whose purpose is to decrease the size of backup files. From the point of view of the data deduplication software, all encrypted configuration backups appear as different though they may contain duplicate information. Achieving a higher deduplication ratio is possible only by disabling encryption. Considering the size of the average configuration file, losing data deduplication isn’t typically a problem, which is why the benefits of encrypting configuration backups greatly outweigh the limitations associated with data encryption.

Encryption Best Practices

For the encryption of configuration backups to be as effective as possible, it’s important to adhere to several encryption best practices, which include the following:

  • Automate the encryption process: Configuration backups should be encrypted automatically when created. Manual encryption is time-consuming, and relying on the human factor is never a good idea when it comes to security.
  • Use strong passwords: Even the strongest encryption algorithms are only as strong as your password. A good password doesn’t include any real information, such as dates, names, and telephone numbers, and it is at least 8 characters long, containing a mixture of alphabetic, numeric, and special characters.
  • Adhere to best password management practices: Just like organizations keep sensitive documents in a safe place, they must also protect their passwords from falling in the wrong hands by keeping them secret and changing them regularly.

When implemented correctly, the encryption of configuration backups can be a powerful defense tool against cybercriminals looking to exploit any sensitive information they can get their hands on.

Conclusion

Organization across all industries are at a growing risk of a data breach, and encryption is one of the most important methods for providing data security. Because configuration backups contain a lot of sensitive information, their encryption is an important part of every cybersecurity strategy, and neglecting it could have disastrous consequences.

To discuss implementing configuration backups within your organization, consult an experienced MSSP.

Written by: Payam Pourkhomami, President & CEO, OSIbeyond

Related Posts:

CONFIGURATOR

Tell us about your organization.

What services are you interested in (select all that apply)?

CONFIGURATOR

IT Support for1 users

required licensing for remote control, patch management, and asset management at $6/user.

Remote Monitoring & Management

Retainer Plans

Subscription Plan

Unlimited remote, onsite, or after hours support $150 /user

CONFIGURATOR

Cloud Solutions

Private Cloud Hosting

Do you need an Application server (finance, AMS, CRM, Remote Desktop)? Includes 100GB hard drive, 8GB RAM, 1 CPU, Windows Server 2019, monitoring and patch management.

Yes No

Do you need a web server? Includes 100GB hard drive, 8GB RAM, 2 CPU, Windows Server 2019, monitoring and patch management.

Yes No

Do you need a Database server? Includes 200GB hard drive, 10GB RAM, 2 CPU, Windows Server 2019, monitoring and patch management.

Yes No

CONFIGURATOR

Enhanced Security Services

Includes:

Yes No

CONFIGURATOR

Equipment Lifecycle Management Subscription based equipment provided at monthly fee.

Do you need workstations?

Yes No

Do you need core infrastructure?

Yes No

CONFIGURATOR

Ready to get started?




















    View Itemized List

    Summary

    Organization
    IT Support
    Cloud Solutions
    Cloud Solutions2
    Enhanced Security Services
    Equipment Lifecycle Management
    Final

    Total Monthly Recurring Cost:$500

    SUMMARY

    Services

    • IT Support
    • Cloud Solutions
    • Enhanced Security Services
    • Equipment Lifecycle Management

    IT Support

    • RMM licensing $6/user per month

    Cloud Solutions

    Enhanced Security Services

    • + Email Security
    • + Multi-Factor Authentication
    • + Security Awareness Training

    Equipment Lifecycle Management

    • Core Infrastructure $175.00/mo
    Back to Form

    summaryTotal Monthly Recurring Cost:$