Using AES-256 Encryption and Bare Metal Restore to Protect Your Hosting Business

Posted by Ben Austin on Dec 31, 2015 11:00:00 AM

AES-Encryption-Bare-Metal-Restore_R1Soft.png

You don’t have to be in the hosting industry long to recognize the sheer quantity and variety of threats that are targeted at companies within this space. Hosting and cloud providers pose a uniquely appetizing situation for cybercriminals because:

  1. This is an industry that relies almost entirely on online customer interactions.
  2. Service providers aren’t only responsible for storing their own transactional data, they’re also responsible for maintaining their customers’ business-critical data.

That's a two-lane highway straight to El Dorado as far as cybercriminals are concerned. Much like the banking sector in 20th century, the hosting industry is increasingly becoming a target for the more sophisticated criminals out there. The difference lies in the fact that banks, eventually, changed their processes, insured their assets and told their tellers not to resist, allowing the criminals to get away with what they wanted but not causing a significant financial loss to the bank in the process.

That’s not quite as good of an option when it comes to end-user data, server downtime, and the integrity of your hosting business.

According to the Alert Logic’s Cloud Security Report, published earlier this year, attackers are putting more and more pressure on organizations with infrastructure in the cloud. As mentioned above, this is partly because the criminals, like the rest of us, want to invest their time and energy into a job that will give them as large a return as possible. But according to the Cloud Security Report, it’s also partly because hackers are realizing that there can often be a misconception, or simply a lack of communication between service providers and their customers, about who is actually responsible for the safety and security of the data.

Of course, the simple act of communicating your SLAs with your customers is a great (and necessary) first step, but that conversation is going to go a lot smoother if you’re well-prepared with the infrastructure and safety nets in place to ease any concerns they may have.

Starting with the right equipment to protect your own, along with your customers’, data can go a long way in preventing any kind of disaster. Whether it’s an unlucky hardware failure or a malicious attack, there are a handful of strategies and standards that you can implement upfront in order to keep your customer data secure and accessible.

Here are two of the most effective ways to show your customers that you’re prepared to do exactly that.

 

AES-256

Advanced Encryption Standard (AES) was officially adopted by the United States government as the new golden standard of encryption in 2001 after a five-year process to replace the outdated and flimsy Data Encryption Standard (DES). Since then, much of the rest of the world has standardized on AES to protect everything from classified government documents to online transactions.

So what is it, exactly, that makes AES so effective compared to its predecessors?

  • It's more secure - the algorithm uses stronger and longer keys
  • It's faster - though some today may argue that it's not quite fast enough
  • It is very flexible - low RAM requirements allow it to perform well on a wide variety of hardware 
  • and easy to implement

Getting a little more specific, there are three variants of this cipher: AES-128, AES-192, and AES-256. While the algorithm is essentially the same between all of the different variants, the difference lies in the number of rounds of shuffling applied during the encryption process. 

  • AES-128 = 10 rounds
  • AES-192 = 12 rounds
  • AES-256 = 14 rounds

Encryption keys are applied between each of the rounds, so you end up with a longer encryption key with each increasing variant of AES. The downside to this is that larger keys generally imply increasingly CPU overhead, slightly extending the amount of time the encryption process takes. Depending on performance requirements and the sensitivity of the data, there are instances that it doesn't make sense to use anything larger than AES-128.

However, as was mentioned above, this is an industry that is often within the cross-hairs of cybercriminals. It's also an industry built almost entirely on the integrity of your business and the trust that your customers have with your ability to keep their data safe and accessible. Because of its increased resilience against certain attacks, including brute force attacks, it's highly encouraged that hosting providers utilize AES-256. Whether it's part of your production environment, backup infrastructure, at rest or in transit, it's crucial that you are protecting your customers' most sensitive data with this sturdy industry standard. That said, if you can find a product, particularly a backup product, that allows you to selectively choose what servers need to be protected with that level of encryption and which servers are not actually at risk.

"Okay, but how are service providers supposed to turn that into true value for their business?"

Honestly, this part is simple. Whether or not your customers understand all of the mathematics and technical details behind how AES-256 actually protects their data doesn't actually matter. More likely than not, trying to explain it in technical terms will just bore them and won't do much to bring perceived value to your offering (if they are interested, feel free to share a fun explanation for them instead of doing it yourself).

What you should really focus on are the high-level accolades of this cipher. Simply creating a small amount of sales or marketing messaging around the fact that you protect their data with the top-tier industry standard is going to give them all the peace-of-mind that they'll need. Spell out for them that you're using the same encryption process that is used to protect some of the most top-secret government information. It's simple. It's straightforward. But it that kind of messaging, showing them that you go the extra mile for them right from the start, goes such a long way in securing a happy, long-term customer.

 

Bare Metal Restores

To re-iterate: preventing data from falling into the wrong hands is extremely, extremely important. But keeping it from falling into an unrecoverable abyss may be equally as important to a lot of your customers. This is where a backup product that allows for Bare Metal Restore can swoop in and save the day.

Being able to perform Bare Metal Restores (BMR) is just one of the many benefits that come with a backup solution built to work from the block level. Block-level backup actually captures a bit-by-bit copy of the devices themselves. As a result, if an unfortunate situation does occur – a hardware failure or data corruption, for instance – the ability to do a BMR allows you to go back in time, decide what the point in time you want to recover to, and you stream those blocks directly to the device itself.

Depending on the backup product you are relying on, you'll be able to use this to quickly recover a lot more than just lost files - as is the case with file-based backup products. For instance, Server Backup Manager allows you restore the partition tables, all the files, the directories and more all in one fell swoop. As far as recovering to full health after a disaster, that's a home run compared to the outdated DR products of the past

As for messaging this to your prospects or existing customers, it may just be best to keep this secret weapon to yourself until the time is right. Sometimes it's just better to have something in your back pocket that will make you look like an absolutely hero when everything goes wrong for a customer. Bare Metal Restore can easily be used as the man behind the curtain that continually keeps your own customers in awe of how great your hosting powers truly are.

See also:

 

 

Request a Demo of Server Backup Manager  

Topics: Bare-Metal Restore, BMR, disaster recovery, encryption

Recent Posts

Posts by Topic

see all