RE: cloud backup services, for EXE files ?

Subject: RE: cloud backup services, for EXE files ?
From: "McLauchlan, Kevin" <Kevin -dot- McLauchlan -at- safenet-inc -dot- com>
To: Monique Semp <monique -dot- semp -at- earthlink -dot- net>, Laura Lemay <lemay -at- lauralemay -dot- com>, Katherine Noftz Nagel <lists -at- masterworkconsulting -dot- com>
Date: Fri, 10 Feb 2012 15:11:07 -0500

If the service provider hangs onto the keys that encrypt/decrypt
your data, then one of two situations might be in force:

a) they require a utility on each computer that accesses the data
(something has to do the encryption/decryption if it is performed
at your end...)

b) the data could exist "in the clear" at some point between your
computer and their encrypted database (or other repository).

In scenario b), your data is probably safe enough from casual
interception if it's protected by SSL using decent-size keys,
until it gets to their house. After that, you are taking their
word that they encrypt it as it arrives and never store or
transport it unencrypted while they have it... and that they
destroy it when it's no longer needed.

If you control your keys and encrypt data before it leaves you,
and after it comes back to you, then it never exists "in the
clear" outside your devices. Neither the service provider
nor any third party can snoop your stuff or modify it.

If the service provider controls the keys, they can overtly
provide it to others (see if your service agreement names
anybody in addition to "law enforcement or government agencies")
or they could be hacked and unintentionally provide your
data to unauthorized persons.

And, about that service agreement... if it's modeled on
the ones that Google and others use, it says something
to the effect that they can modify it at their discretion.
They could simply decide that this-or-that partner, or
any of several foreign governments (with whom they wanted
a friendlier working relationship) is now to be granted
access to your data. Look how BlackBerry (RIM) and others
caved in to pressure from India and several other states
that wanted access to what their people - and anybody
talking/texting/e-mailing with them, and anybody just
passing through - were saying.

It's possible that your clients are aware of the implications
and possibilities, and find them acceptable. It's also
possible that they haven't understood what they might have
agreed to. You can give me a small credit in the White
Paper that you create, to give to future clients. :-)

> -----Original Message-----
> From: Monique Semp [mailto:monique -dot- semp -at- earthlink -dot- net]
> > Do they allow you to strongly encrypt your data on
> its way to storage?
> Yes, all the ones I've looked at do strongly encrypt the data. And
> Carbonite
> even allows you to have control of your own keys (vs. having them hold
> your
> keys) -- not recommended because if you lose the keys you've lost all
> ability to decrypt your data, but if you're really paranoid about not
> allowing the backup company to be able to see the data, you can keep it
> private.
> And the ones I've looked at clearly spell out their security policies.
> They've been acceptable enough to all my clients, even a security firm.
> And
> I do tell all my clients (in the contract) that I will be doing secure
> online backups. Nobody has balked yet.
> -Monique

The information contained in this electronic mail transmission
may be privileged and confidential, and therefore, protected
from disclosure. If you have received this communication in
error, please notify us immediately by replying to this
message and deleting it from your computer without copying
or disclosing it.


You are currently subscribed to TECHWR-L as archive -at- web -dot- techwr-l -dot- com -dot-

To unsubscribe send a blank email to
techwr-l-leave -at- lists -dot- techwr-l -dot- com

Send administrative questions to admin -at- techwr-l -dot- com -dot- Visit for more resources and info.

Looking for articles on Technical Communications? Head over to our online magazine at

Looking for the archived Techwr-l email discussions? Search our public email archives @

cloud backup services, for EXE files ?: From: Monique Semp
Re: cloud backup services, for EXE files ?: From: Alec Chakenov
Re: cloud backup services, for EXE files ?: From: Monique Semp
Re: cloud backup services, for EXE files ?: From: Katherine Noftz Nagel
Re: cloud backup services, for EXE files ?: From: Laura Lemay
RE: cloud backup services, for EXE files ?: From: McLauchlan, Kevin
Re: cloud backup services, for EXE files ?: From: Monique Semp

Previous by Author: RE: cloud backup services, for EXE files ?
Next by Author: RE: REST vs. RESTful
Previous by Thread: Re: cloud backup services, for EXE files ?
Next by Thread: RE: cloud backup services, for EXE files ?

What this post helpful? Share it with friends and colleagues:

Sponsored Ads