May 16


Should I be encrypting my SQL backups?

By Charles

May 16, 2016

Encrypting backups is a relatively new feature in SQL server, first introduced in SQL 2014 but with recent data leaks you might be left thinking should I be encrypting my SQL backups?

I am not saying that when hackers steal data all they do is copy your backup files. Most attacks will be aimed at production systems where the most up to date data is found. The fresher the data the higher the price. However there is a much higher chance that the permissions have been incorrectly set on a backup drive as that is not where you have focused your attention. An admin might have set it up for read only access for everyone (either by mistake or just for convenience) on the network share instead of just a few authorized people.

With so much pressure to hit deadlines and generally just get things to work. The focus on the main goals leads to less consideration of the rest of the environment. The problem is people can get distracted and are sometimes lazy. Not just those trying to protect data but even the people who are trying to steal it. Why would I spend days or weeks breaking into a safe if there is a less well guarded repository with almost identical prizes in? I can assure you if I can steal a backup file in few hours instead of data from a production system in a week I am going to go with the path of least resistance.

[h2_heading]So should I be encrypting my SQL backups?[/h2_heading]

Do your backups leave your datacentre?

Do your backups leave your business?

The answer to both of those questions should probably be yes. If you do not have any off site backups and your site suffers from a disaster then you have lost your production systems and your backups too.

You might be worried about overheads, the speed hit and the size the backups will be. I have tested this and the size increase is negligible with a speed difference depending on if you are using HDDs or SSDs but in the long term neither should be a problem. So I would suggest doing some of your own testing but you really should be encrypting SQL backups.

About the author

Microsoft Certified SQL Server DBA with over a decades experience including work for large FTSE 250 companies amongst others. The SQL Server stack has been the focus of almost all of my career in IT. I have experience designing, supporting and troubleshooting large Data Platform deployments.

You might also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}