Backblaze Backups, A False Sense of Data Privacy
Hey All! Recently, I was asked to take a look at Backblaze as an offsite data recovery solution for personal computers in a high security environment. At first, the solution looked very promising, as they boasted, "Your data is encrypted on your computer, sent over an encrypted connection, and stored encrypted. Want more security? You can add your own passphrase for another layer of privacy." Sounds great, as one of my customer's requirements was they needed the backups to be totally encrypted and inaccessible by whoever was storing them. But this sentence is actually misleading, and going through the entire process I learned of some security holes that you should be aware of before backing your data up to this service.
For starters, the default install will instantly start backing up your data, and while it is encrypted over the wire, by default there is no passphrase for this encrypted data and it will all decrypt at the click of a button on the Backblaze servers! But wait, if I add a passphrase then surly Backblaze can't decrypt my data right? Wrong. Backblaze requires you to submit your passphrase to their website before any of your data is decrypted on their server, then made available for you to download as a zip over SSL! But wait, that means if it's decrypted on their server, then what technically prevents them from reading my companies' private backups/data?? As far as I can tell, nothing.
My final cautionary note, when selecting backup solutions, go through the entire process of backup to restore. Often times, we buy into the hype of a product vendor and jump right in, without seeing that just below the surface they could be operating in a way that puts our private data (and our customers' data) at risk.
For starters, the default install will instantly start backing up your data, and while it is encrypted over the wire, by default there is no passphrase for this encrypted data and it will all decrypt at the click of a button on the Backblaze servers! But wait, if I add a passphrase then surly Backblaze can't decrypt my data right? Wrong. Backblaze requires you to submit your passphrase to their website before any of your data is decrypted on their server, then made available for you to download as a zip over SSL! But wait, that means if it's decrypted on their server, then what technically prevents them from reading my companies' private backups/data?? As far as I can tell, nothing.
My final cautionary note, when selecting backup solutions, go through the entire process of backup to restore. Often times, we buy into the hype of a product vendor and jump right in, without seeing that just below the surface they could be operating in a way that puts our private data (and our customers' data) at risk.