A company’s backup policies define its backup strategy along with major components including critical system and data security, incremental time frequencies and full backup, backup administration, backup storage (data center / cloud), backed up data drive rotation and the restoration procedures. Critical bugs, vulnerabilities, library issue will occur, but these problems create a greater impact as it leaves large amount of private keys, confidential documents exposed to internet. Long term exposure of such issues will allow the attackers access, so leaving no trace of the attacks needs to be handled with an iron fist.
In 2014 backed up data had a major impact with flaws in the SSL/TLS, the encryption used to secure internet data transfer. And with OpenSSL cryptographic software, we faced a serious vulnerability called HeartBleed Bug. HeartBleed bug allows the attackers to interrupt the communication, so data can be stolen directly from the servers. As long as we have the OpenSSL in use we will have this vulnerability, but after the release of FixedSSL vendors distributed the fix in both the server and user end to stop HeartBleed bug. Also we have started implementing it in the OS, networked appliances and software used for backing up. This implementation problem is a programming mistake in popular OpenSSL library that provides SSL/TLS to the application and service, with the FixedSSL we have completely stopped this implementation issue.
Linux and MAC operating systems were ruling the market in terms of data security and lesser vulnerabilities. But when ShellShock issue came to light, OS giants woke up to fix the issues in the server. Bash is a software in many UNIX based operating system also in MAC OS, It’s a Shell, Bash command allows users to run any application in Linux/MAC OS. The ShellShock is a hole in bach command which lets a non-admin user/outsider to process the code and execute on servers machine. Most of the backup server will be running in Linux OS and with the ShellShock bug anyone can access the backed up data easily. Experts called ShellShock a bigger bug than the earlier witnessed HeartBleed. With HeartBleed opened up, massive privacy concerns is an issue where the attackers will only spy on the server, where as in ShellShock the attackers can easily control the entire server system. Linux vendors back in October 2014 fixed all the varieties of ShellShock vulnerabilities and updated as a patch all around the world.
With vulnerabilities and bug attacks in mind, many of the online application developers adapted end-to-end encryption for the backup and uninterrupted protection of data travelling between two parties. But most of the service providers can guarantee only the protection of communication from client to the server. End to End encryption is uncertified digital communication paradigm which provides both confidentiality and integrity. Well known online applications recently moved their encryption technique to end to end this quarter which eventually provided unbreakable encryption. Also the same techniques are followed when the data is stored online but if the user key is open then it is easy for the attackers to decrypt all the communication encrypted by that key.
Over this year our backed up data, the server environment and cloud implement faced major bugs and vulnerabilities and was successfully fixed by the platform developers. With this in place, computer scientist develops special kind of encryption which can be used by any application which is backing up confidential data from the client machine called a ‘mathematical jigsaw puzzle’. The researcher observed that when an application uses ‘mathematical jigsaw puzzle‘ it protects the intellectual property of the data by preventing any interruption in the communication or theft of new algorithms and also hiding the vulnerabilities or bugs. So when the application is affected by any bug or vulnerabilities, a software patch is designed to repair it. Implementing this type of technique will assure that we can fully eliminate any bug or vulnerabilities in the coming years.
