Backups are an essential component of every enterprise’s digital strategy. However, backups can be read and altered by unauthorized third-parties if they aren’t properly protected. As use of third-party backup providers becomes more common, this problem is exacerbated.
Using GaraSign, you can encrypt and cryptographically timestamp your backups to help mitigate these risks. GaraSign integrates into existing backup processes and can be used with any third-party provider. Anyone can verify that the backups have not been altered since the timestamp was created, thereby aiding with potential legal processes, but only entities with access to the decryption keys can restore the backups.
Every enterprise should frequently create backups to ensure a quick recovery in the event of an incident. Of course, the backups must be kept secure in order to remain useful. Two common attacks on backups is unauthorized access and unauthorized modification. Preventing these attacks can go a long way in preventing ransomware attacks but doing so in a large environment can be challenging.
With GaraSign, backups are encrypted to prevent unauthorized users from reading the data, while the decryption keys remain secured in an HSM. GaraSign is agnostic to which third-party provider is being used to perform the backup and transparently integrates into any existing backup processes.
GaraSign supports cryptographically timestamping backups to ensure that data has not been altered since the backup was created. The backup is signed by the enterprise’s signing key and then a cryptographic timestamp is applied by a trusted timestamp authority (TSA). Using a client-side hashing approach, this process is performed extremely quickly.
GaraSign supports transparently encrypting, decrypting, signing, and verifying backup files. This allows GaraSign to integrate seamlessly into existing backup and restore processes, making deployment easy for organizations of any size.
Since backups are created far more often than restore processes occur, GaraSign’s advanced security controls can be applied to the decryption keys (used during restore) but not on the signing keys (used during backups). multi-factor authentication, device authentication, approval workflows, IP address whitelisting, notifications, and more.