Copyright © 2005-2008 eFolder Inc. All rights reserved. eFolder and the eFolder logo are trademarks of eFolder Inc. eFOLDER MAKES NO WARRANTIES, EXPRESSED OR IMPLIED, IN THIS DOCUMENT.August 2008
The Truth about Data Integrity
5 Questions to ask your Online Backup Provider
Introduction
Competition is fierce in the exploding online backup
industry. With so many providers, whom can you
trust with your customers’ data? As a managed
service provider, your customers are trusting you to
employ solutions that will get them back their data
when they come asking for it. Fewer issues are
more sensitive than lost or corrupt data.
Finding a place to backup data is easy these days,
but discerning which provider can get back the
verifiably correct data all the time every time is
much harder. Slick websites and smooth-talking
sales-people are no help here. This questionnaire
will help you discover the empirical facts you need
to determine whether or not to entrust your
customers’ data with an online backup provider.
Q1) Which established standards do you
follow for your cryptography?
In the complex world of cryptography, following
well-established standards is the only sure path to
safety. An excellent example is the proprietary GSM
A5/1 cell phone encryption algorithm, which was
subsequently broken. Another risk is that even if
the encryption algorithm itself is standardized (such
as AES), if the use of that algorithm (called cipher
mode) does not follow standards, it is subject to
serious flaws. For example, one provider used AES
in CTR mode, but chose to deviate from the NIST
800-38A standard and re-used the IV, causing their
solution to become vulnerable to known-plaintext
attacks. Ask about standards with respect to the
following: encryption, hashing, and MAC algorithms,
cipher modes, and pass phrase key generation.
Q2) Is your cryptography implementation
well-known and open-source?
Cryptography is hard to implement correctly and
securely, especially if it needs