Cryptography is assuming importance with cloud backup and recovery. Huge volumes of mission-critical data are being submitted by enterprises for storage in public, private or hybrid clouds with increased risk. The transmission of the information over the Internet (which is a public network) and the storage of information in shared IT resources require higher levels of security.
Third party certifications of encryption algorithms lend weight to the quality and strength of the algorithms used by cloud backup service providers. The National Institute of Standards and Technology (NIST), an agency under the US Department of Commerce has developed a number of standards for promoting, measuring cryptographic modules. The agency issues a Certificate known as the Federal Information Processing Standards Publications (FIPS PUBS) attesting to the quality of the cryptographic module in use by the cloud backup service provider. Secure Socket layer is an open source and freely implemented encryption technology that ensures data protection and encryption during transmission over the Internet. Versions of this protocol have been used in web browsing, electronic mail, Internet faxing, instant messaging and Voice over IP networks. Both the above encryption and data protection protocols used over the Internet are being used in tandem to provide additional security for information traveling to cloud backup servers.
The input strings used for encryption or the keys can be user defined or system defined. When the keys are user defined and stored exclusively with the user, the encryption mechanism is secure as even the cloud backup vendor has no access to the data stored in the vendor managed server. However, loss of the encryption key will result in loss of access to data. If the keys are system generated and stored with the vendor, the risk is greater and there is an urgent need to ensure that the vendor is bound and hedged around with all kinds of non disclosure agreements and responsibilities. If the key is maintained both at the user premise and the vendor premise a similar security need is identified.
Commonly used cryptographic algorithms in cloud backup are: Triple DES 192; AES 128 or 256 and Blowfish 64; 128; 256; 320; 384 and 448. Not all algorithms are implemented by all cloud backup services. Most services select one or the other of the algorithms and stick with it while others may allow users select the encryption type from a list. For instance, Asigra uses AES 256 while StoreGrid implements both Triple DES 192 and Blowfish (with bit variations).
The bottom line is that cloud backup service users must evaluate the kind of encryption protocols that are being provided; understand the implications and select their vendor accordingly. There are a range of encryption algorithms. The choice of the right algorithm is always yours.