16 September 2010

Are Your Backups Really Safe?

Imagine for a moment if you will. As a DBA, and as the protector of your organization’s data, you have implemented many safeguards to protect your data. You have set up periodic jobs to back up your databases; you check daily to ensure that the backups were actually taken; and you periodically perform test restores to ensure your backups work. In addition, you have established an appropriate backup retention policy and you store backups offsite. With all of this planning and hard work, you are confident that your organization’s data is safe. But is it?

What would happen if your backups, in transit from the data center to the offsite storage, were misplaced or stolen? Or what would happen if the backups at the offsite storage location were stolen? Sound unlikely? Not really. There have been many reported instances of backups being misplaced and stolen. In fact, I personally know of a multi-billion dollar company that sends their backup tapes to their offsite location using an employee’s car, then stores them in a locked, but very cheap metal cabinet that could be broken into in seconds with a crowbar. What would be the organization’s liability if their data was stolen? I’m even afraid to think about it.

Although it is unlikely that your backups will be misplaced or stolen, I personally don’t want to take the risk that this might happen to the backups I am responsible for. As you probably know, by default, data from a SQL Server database backup can easily be restored to any other computer and the data viewed. The exception to this is if the data has been encrypted, which is the exception rather than the rule.

In SQL Server 2008, Transparent Data Encryption (TDE) was introduced in the Enterprise Edition of SQL Server. This feature allows data at rest (such as backups) to be fully encrypted and protected should a backup be misplaced or stolen. If you are using SQL Server 2008 Enterprise Edition, I recommend you take a look at TDE and consider implementing it.

But what if your company doesn’t use the Enterprise Edition of SQL Server 2008, how do you protect your backups from prying eyes? Currently, your only realistic choice is to use a third-party backup compression program that offers data encryption as a feature (which virtually all do). This way, your backups, wherever they are located, will be protected and you can rest assured that your organization’s data won’t be compromised.

So my first question to you is this, do you think backup encryption is as important as I think it is? And second, how do you go about protecting your backups? Do you encrypt them, do you use some other form of backup protection, or are you crossing your fingers, hoping that you never face the situation of missing or stolen backups?

Keep up to date with Simple-Talk

For more articles like this delivered fortnightly, sign up to the Simple-Talk newsletter

This post has been viewed 2221 times – thanks for reading.

  • Rate
    [Total: 0    Average: 0/5]
  • Share

Related articles

Also in Blogs

Azure SQL Data Warehouse Lives!

Frequently when a new piece of tech that I’m excited about is launched, total nerd that I am, I’ll start quoting Colin Clive in, still the best, James Wale’s Frankenstein. It’s ALIVE! ALIVE! Well, time to get excited. On Monday, July 11, Azure SQL Data Warehouse moves from being in preview on Azure to a … Read more

Join Simple Talk

Join over 200,000 Microsoft professionals, and get full, free access to technical articles, our twice-monthly Simple Talk newsletter, and free SQL tools.

Sign up

See what's happening behind the scenes

Take a peek at the bowels of the ship – the lower decks – the actual servers of SQL Server Central itself.

See what's happening