subject: Safeguard Your Encryption Key With Your Life [print this page] Safeguard Your Encryption Key With Your Life
Today was one of those days. First thing in the morning I had the unpleasant experience of providing support to a client who had just lost all of their email and contacts in Microsoft Outlook. The unpleasantness mentioned previously wasn't due to trying to help this poor guy out; it was due to the end result. Let's call him Gentleman X.
I'm not sure if you have ever had to communicate with a person who has lost something as critical as all of their business email and contacts but it can be quite emotional. Gentleman X was no different and ranged from being extremely irate and yelling to moments where he sounded like he was holding back tears while on the phone.
I tried to calm Gentleman X down and asked him for his account information. In looking it up through our backup server admin I was able to see his backups were up to date with his last one completing successfully at 11pm the previous night. I felt a sense of relief as I begun to walk him through the process of restoring his files.
Everything was going like clockwork until we hit the point where Gentleman X needed to enter his encryption key. "What encryption key?" he said. Oh ohhh I thought. "The encryption key you chose when you changed your encryption key settings to Use a specific customer encryption key instead of Use a randomly generated encryption key setting that was selected when we installed your software for you" I said.
A few tech details to explain, we install our software with the default of using a randomly generated key for client backups with detailed instructions regarding the other encryption options. A randomly generated key is by session and the client doesn't require retaining it. If they choose to change their settings to using a specific customer encryption key then they are responsible to safeguard the key. Without it their files cannot be restored.
"I didn't change those settings" Gentleman X said, "my IT guy did. He was adding more directories to the backup profile and felt that it would be in our best interest and more secure for us to do it."
I told him that he was right and that it was the most secure method but the client was responsible to maintain their own key with that setting and that with it, the data could be restored. Gentleman X replied that his IT consultant never gave him a copy of it and that he would contact him right away to get it. That was at 9am this morning. A courtesy call at the end of the day revealed that he wasn't any further ahead. The IT consultant couldn't remember off the top of his head what the key was and was trying to track it down. I wouldn't want to be in his shoes. I certainly hope that when I call tomorrow I'll be met with good news and all will be fine.
You don't have to be a rocket scientist to figure out what I am going to say next. If you subscribe to any form of backup process that requires you to select and retain an encryption key to restore your data, then ensure that you do so. This is your data people, your livelihood, your business, your future. Take an active interest in protecting it and understand the full process of what needs to be done to restore what you may lose. If you're too busy, make sure you partner with someone you can count on and trust. Safeguard your encryption keys in multiple secure locations accessible by more than one trustworthy source.
