How Data Backups and Recovery Companies Can Prevent Data Leaks with Fortanix
Data breaches can have devastating consequences, including financial losses, reputational damage, and regulatory penalties.
One recent example of a data breach is the incident that occurred at Facebook in 2019 [source]. In this case, the personal information of over 530 million users was exposed online. This included sensitive details such as phone numbers, full names, locations, email addresses, and biographical information.
The breach resulted from a vulnerability that allowed unauthorized access to the data. The fallout from this incident was significant, causing users to lose trust in the platform’s ability to safeguard their details and resulting in scrutiny from regulatory authorities.
The Role of Backup Companies
Secure backups include implementing encryption and access controls. This ensures that the data remains protected from unauthorized access even if a backup falls into the wrong hands. Backup providers often offer advanced security features such as end-to-end encryption and multi-factor authentication to ensure secure backups.
Secure backups protect against data breaches and support disaster recovery efforts. An encrypted backup can help restore critical business operations quickly in case of a ransomware attack or natural disaster. This minimizes downtime and mitigates financial losses for the organization.
How Data Backups Can Fail
Data backups can fail due to several critical shortcomings in the security and management of backup processes. One common issue is inadequate encryption. If backups are not encrypted, they remain in an accessible format, making them easy targets for cybercriminals who can exploit this weakness to gain unauthorized access to sensitive data.
Another problem is improper access controls. Without stringent access protocols, backups may be accessed by unauthorized personnel, increasing the risk of tampering or data exfiltration.
Additionally, inadequate physical protection can lead to theft or damage due to environmental factors. Outdated or infrequent backup strategies can lead to incomplete or outdated data restoration. Lack of regular security assessments and vulnerability scans on backup systems can expose them to new and evolving threats.
One notable example of a data backup failure is the case of Code Spaces in 2014 [source]. The hacker had already created several backup logins despite changing the control panel password. As Code Spaces attempted to recover the account, the hacker randomly deleted artifacts from the panel.
Code Spaces reported that most of their data, backups, machine configurations, and offsite backups were either partially or completely deleted. This incident features the need of secure offsite backups for any sensitive data.
In cloud infrastructure, many organizations mistakenly believe they receive geographic distribution and redundancy ‘for free’ with cloud services. However, the Code Spaces example illustrates that relying solely on cloud providers for data backup can be a critical mistake.
The Solution
This is where Fortanix can help, offering innovative solutions to empower backup and recovery companies to improve the security of their offerings and protect against data leaks.
Fortanix specializes in confidential computing and data security solutions to protect sensitive data across various environments.
By leveraging advanced technologies such as secure enclaves and cryptographic techniques, Fortanix offers a comprehensive suite of solutions to address the security challenges associated with data backups.
1. Confidential Computing: Traditionally, data is encrypted when stored or transmitted, but it must be decrypted for processing, leaving it vulnerable to attacks during this phase. Confidential computing addresses this gap by providing a secure, isolated environment known as a “secure enclave” or “trusted execution environment” (TEE). Within these enclaves, data remains encrypted, ensuring that it is protected from unauthorized access and potential breaches even during computing processes.
Backup companies can greatly benefit from adopting confidential computing. By executing backup and recovery operations within secure enclaves, these companies can ensure that sensitive data remains secure throughout its lifecycle. This means that even if the backup infrastructure is compromised, the sensitive data being processed is safeguarded and kept confidential.
2. Secure Key Management: Fortanix Key Management Service (KMS) enables backup and recovery companies to generate, store, and manage encryption keys securely. Using HSMs that are FIPS 140–2, Level 3 compliant, Fortanix KMS ensures the confidentiality and integrity of backup data.
The Federal Information Processing Standards (FIPS) 140–2 is a U.S. government standard used to validate the effectiveness of cryptographic modules. Level 3 compliance offers extensive security measures such as tamper detection and response, strong role-based authentication, and physical safeguarding mechanisms.
3. Tamper-Proof Audit Logs: Data backup and recovery firms can employ tamper-proof audit logs to monitor encryption key usage meticulously. By maintaining these records, they gain a comprehensive view of their data security posture and can pinpoint potential breaches or misuse of sensitive information. Monitoring access attempts and usage patterns enables companies to swiftly detect unauthorized access and take prompt action to mitigate risks.
Tamper-proof audit logs are invaluable for demonstrating compliance with data protection regulations and industry standards like GDPR, HIPAA, and PCI DSS. These logs allow organizations to generate comprehensive reports and serve as concrete evidence during audits to substantiate compliance efforts and avoid penalties.
4. Integration with Backup Solutions: Fortanix collaborates with leading recovery vendors to integrate its advanced security solutions seamlessly into their platforms. These integrations allow backup and recovery operations to be conducted with enhanced security measures, ensuring that sensitive data remains protected at every stage.
Example Integration: Fortanix and Veeam
Veeam, a leading backup and recovery vendor, enhances its data protection services with Fortanix’s advanced security technology. By integrating Fortanix Data Security Manager (DSM), Veeam ensures the generation, storage, and secure access to data encryption keys. Veeam uses the KMIP standard to communicate with Fortanix DSM, allowing authorized key usage. This integration provides robust data security, ensuring encryption keys are accessible only with authorized access.
Example Integration: Fortanix and Cohesity
The joint Cohesity and Fortanix solution provides a unified data security platform that includes immutability, WORM, RBAC, and full enterprise key lifecycle management, a FIPS 140–2 level 3 HSM, and encryption to protect backup data from ransomware and data breaches.
Conclusion
By integrating Fortanix’s innovative security solutions, backup and recovery vendors can significantly upgrade their clients’ data protection. Security measures such as confidential computing, secure key management, and tamper-proof audit logs are not just an option but a necessity.
Adopting Fortanix’s solutions is remarkably straightforward. With seamless integration capabilities, these solutions can be easily incorporated into existing backup and recovery platforms, minimizing operational disruption and maximizing security benefits. Fortanix partners with leading vendors and demonstrates practical implementation.
Contact our team today to learn more about how Fortanix can revolutionize your backup and recovery operations.
