RE: cloud backup services, for EXE files ?

["McLauchlan, Kevin" <Kevin -dot- McLauchlan -at- safenet-inc -dot- com>]

If the service provider hangs onto the keys that encrypt/decrypt 
your data, then one of two situations might be in force:

a) they require a utility on each computer that accesses the data 
  (something has to do the encryption/decryption if it is performed 
at your end...)
or

b) the data could exist "in the clear" at some point between your 
computer and their encrypted database (or other repository). 

In scenario b), your data is probably safe enough from casual 
interception if it's protected by SSL using decent-size keys, 
until it gets to their house. After that, you are taking their 
word that they encrypt it as it arrives and never store or 
transport it unencrypted while they have it... and that they 
destroy it when it's no longer needed.

If you control your keys and encrypt data before it leaves you, 
and after it comes back to you, then it never exists "in the 
clear" outside your devices. Neither the service provider 
nor any third party can snoop your stuff or modify it. 

If the service provider controls the keys, they can overtly 
provide it to others (see if your service agreement names 
anybody in addition to "law enforcement or government agencies") 
or they could be hacked and unintentionally provide your 
data to unauthorized persons. 

And, about that service agreement... if it's modeled on 
the ones that Google and others use, it says something 
to the effect that they can modify it at their discretion. 
They could simply decide that this-or-that partner, or 
any of several foreign governments (with whom they wanted 
a friendlier working relationship) is now to be granted 
access to your data.   Look how BlackBerry (RIM) and others 
caved in to pressure from India and several other states 
that wanted access to what their people - and anybody 
talking/texting/e-mailing with them, and anybody just 
passing through - were saying. 

It's possible that your clients are aware of the implications 
and possibilities, and find them acceptable. It's also 
possible that they haven't understood what they might have 
agreed to.  You can give me a small credit in the White 
Paper that you create, to give to future clients.  :-)

> -----Original Message-----
> From: Monique Semp [mailto:monique -dot- semp -at- earthlink -dot- net]
> 
> > Do they allow you to strongly encrypt your data on
> its way to storage?
> 
> Yes, all the ones I've looked at do strongly encrypt the data. And
> Carbonite
> even allows you to have control of your own keys (vs. having them hold
> your
> keys) -- not recommended because if you lose the keys you've lost all
> ability to decrypt your data, but if you're really paranoid about not
> allowing the backup company to be able to see the data, you can keep it
> private.
> 
> And the ones I've looked at clearly spell out their security policies.
> They've been acceptable enough to all my clients, even a security firm.
> And
> I do tell all my clients (in the contract) that I will be doing secure
> online backups. Nobody has balked yet.
> 
> -Monique

The information contained in this electronic mail transmission 
may be privileged and confidential, and therefore, protected 
from disclosure. If you have received this communication in 
error, please notify us immediately by replying to this 
message and deleting it from your computer without copying 
or disclosing it.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot- 

To unsubscribe send a blank email to
techwr-l-leave -at- lists -dot- techwr-l -dot- com


Send administrative questions to admin -at- techwr-l -dot- com -dot-  Visit
http://www.techwhirl.com/email-discussion-groups/ for more resources and info.

Looking for articles on Technical Communications?  Head over to our online magazine at http://techwhirl.com

Looking for the archived Techwr-l email discussions?  Search our public email archives @ http://techwr-l.com/archives