How do you prevent physical backups from being stolen?

Question

I'm sure, by now, we're all aware of the need to encrypt backup disks, but what can be done on the physical security side of things to prevent backups from being stolen or damaged?

Particularly:

What physical security solutions are available for backup disks in long-term storage?
What physical security solutions are available for backup disks during transit?
What considerations should be taken for secure long-term storage locations?
Are there specific solutions for different types of media? e.g. DVD, hard disk, solid state, tapes.

score 19 · Accepted Answer · edited Aug 13 '12 at 19:09

On-site storage

Fireproof safe/cabinet in a access controlled environment is often considered safe enough, It is manual labor to actually put the drives/tapes into the container. Example:
Attached fireproof media container. An example here is SentrySafe. A cheaper example is ioSafe.
Site redundancy. When you already have site redundancy for your applications you may also have the backup redundant on both sites. This can be a cheap solutions if you already have site redundancy for your solutions. (Example: A site which is reachable, but site is both in UK and US. Often solved through global load balancing).

The not so obvious solutions for physical security:

Each storage device should be marked with unique identifier. This should be stored for bookkeeping. Bar codes can be a good solutions for easy scanning devices in and out.
Keep inventory of all backup devices.
Access control on access to storage room.
Keep records of who has access and who invokes access for what times. Keep in mind seperation of duties is important.

Off-site storage

Vaulting - You let someone else store your drives/tapes. Banks and security firms can often provide this type of service. They will however most likely store it just like they store other valuables.
Electronic storage - You copy the data to the other party who stores your backup. A simple example is Dropbox or Google Drive.

Storing off-site will most likely increase the expenses, but will help you a great deal in case of anything happening to the on-site property. This can often be considered as a last line of defense.

During transit

Drive Carrying Case, A Hard-shelled Waterproof Case - From Amazon

Backup media rotation

One should adopt a good backup strategy (like grandfather, father, son system). Once a system like this is in place it is recommended to rotate the use of hard-drives and tapes so you can easily identify how much the media device has been used. This is so you can easier calculate when to replace disks or tapes when their life expectancy has worn out.

Everett · Answer 2 · 2012-08-26T04:02:23.267

For the sake of having some fun, I'm going to answer this question exactly wrong. Just to get some practice in pointy haired boss thinking. If this isn't appreciated I have no doubt a moderator will delete it and threaten me.

First, have only one person responsible for backups, ever. This way when anything goes wrong you know who to blame.

Next, have the backups out in the open, all over the place, unlabeled as you don't want people to know what they are. You do, and that's enough because nobody really wants to hear about IT security.

Definitely, under no circumstance, should you ever try recovering from these backups. That just eats up company time wasting money.

It's a bad idea to tie up the network by sending backups through it to different locations world wide. And encrypting this just slows everything down. You are wasting valuable resources here buster...

If you feel you HAVE to use encryption, a stream cypher across all those tapes is probably your best option. There are so many free ones to choose from.

Save money and have employees take the tapes home for "off-site" storage.

Save money on backups by using the same tapes for decades.

Forgo backups entirely, this is a 24/7 shop, what leads you to believe we have time to do backups?

Use all the money you saved by following these methods as a reason for why you are spending a gobzillion dollars on data recovery specialists when the time does come...

I mentioned these things only because I've had to stop people from doing them.

Sometimes negative examples are the best for driving home the point. I'd add to the list, **Having spent a gobzillion dollars on failed data recovery, flounder around for a month or more unable to properly service your customers and then go bankrupt six months later from the lingering damage.** In small businesses that is a distinct possibility, everythings lost, accounts receivables payment status is in question, all your customers are upset and decide to go get professionals to do their work as you obviously are not. — Fiasco Labs, Aug 26 '12 at 16:30

score 8 · Answer 3 · edited Apr 13 '17 at 12:13

Nothing can prevent physical items being stolen by a sufficiently determined adversary; even the British crown jewels have gone AWOL over the years, and they live in the Tower of London.

What mitigates the risk, for me, is encrypting my backups. Most enterprise-grade backup software, including the excellent bacula, allow the encryption of backups. Once this is routine, the loss of backup tapes has no implications other than the unavilability of that tape if a restore is needed, and if that's a huge problem for you, you can use a library that writes to two tapes in parallel.

It also simplifies the problem of securely disposing of end-of-life tapes: I just throw them in the bin (after ripping off the tape header; there's no need to court disaster).

If you decide to go this way, a slightly longer writeup of mine can be found at https://serverfault.com/questions/299512/are-encrypted-backups-a-good-idea/299543#299543 ; the upshot is to test rigorously and regularly that your encrypted backups are still good, and to document the restore procedure.

score 7 · Answer 4 · edited Jun 16 '20 at 09:49

In the guise of one question, you're really needing the answer to two.

How should one physically protect backups from theft? Which is covered quite well already.
How should one protect the backups when they're stolen?

When building out your solution you should always assume that your physical protections will fail. Sometimes this can be due to a determined attacker, and sometimes a flawed procedure. In either case, there are a couple of things you can do to help mitigate problems.

Develop a formal transportation and storage procedure

This should actually feel like a bit of a no-brainer. What you want is a step-by-step process of how the backups will be handled. When are they transported? Does it matter how? Where do they go? Who is responsible for moving them? A formal and clearly written procedure allows even the recently hired intern to follow your directions (see linked article above).

Encrypt all backup volumes using strong encryption

Let's face it, ROT13 just isn't good enough anymore. Use a modern encryption scheme and protect your keys/passphrases. In this way even if your tapes are stolen, the data is probably safe. It's also worth noting that within the US the Data Breach Notification laws enacted by many states do not require notification if the data is encrypted. Definitely check your own jurisdiction first, but this gives us two very good reasons to encrypt the data. One being privacy, and the other being risk mitigation.

Don't transport all your tapes together

In most cases you'll want to store them together to make it easier to catalogue and/or restore from backup. If you can manage it transport them in bundles. Dealing with tapes is funny business, if you only have 5 tapes from a 15 tape set then your chances of getting good data is a lot lower. If the data is encrypted as well? Well, nothing's bullet proof, but it should certainly be good enough for the vast majority of use cases. This could be handled by staging the off-siting of backups. That is, taking half in the morning then half in the evening, or multiple trips for one person, or sending multiple people all at once.