You could upload your data to online storage and rely on the storage provider for the safety and privacy of your data, however, if your data is highly sensitive then this is not advisable. A secure and free online backup procedure posted on windows7library.com would provide the necessary security through BitLocker encryption and virtual hard drives. BitLocker is a full volume encryption and system protection feature that is available on computers running the Enterprise and Ultimate editions of Windows 7.

To learn how to create your own secure and free online backup solution go here:
http://www.windows7library.com/blog/bkup/secure-and-free-online-backup-procedure/

Encryption provides confidentiality, integrity and authentication of data. Confidentiality is the protection of information or data in motion and at rest. Integrity is keeping information or data in motion and at rest from being altered or modified without authorization. Authentication is a proof of the identities of sender and recipient.

Cryptography is the use of encryption to hide data. Cryptanalysis is the process of discovering the original data. Cryptosystem is a system for encrypting and decrypting data. An encryption key is an alphanumeric string used in encrypting and decrypting data.

Where encryption is not normally deployed? – open Wi-Fi, general web browsing, non-sensitive public data, non-sensitive emails and storage of non-sensitive data. On the other hand, we find encryption in Wireless Protected Access and Virtual Private Networks.

Note that disclosure of sensitive data may occur through stolen laptops, smart phones and flash drives if these devices do not use data encryption techniques and keep in mind, that encryption is effective if both the secret key and algorithm used are strong. Therefore, weak algorithms, short keys, shared keys, aged keys and data in clear text will make encryption weak.

Some practical uses of encryption are found in SSL/TLS implementations. The Secure Sockets Layer (SSL) also known as Transport Layer Security (TLS) provides end-to-end encryption, strong authentication and verifies that data in transit was not modified. It prevents man-in-the-middle attacks and spying on the content. The process of SSL is as follows: The client sends message to a web server, the server sends certificate to the client and the client sends certificate to server. Server and client create secret session key through mutual negotiation. The session keys last until the session expires.

The main advantages of Cloud Computing are its rapid provisioning of resources and its elasticity (scalability). With a click of a button you can add or remove resources. Major Cloud service providers possess massive bandwidth connections and provide broad on demand network access. With respect to costs, the concept of pay-per-use is one of the most attractive elements for businesses.

We find three Cloud service models which are SaaS, IaaS, and PaaS. From an application point of view SaaS is an application hosted by provider and made available over the Internet, IaaS is when the Cloud vendor provides hardware (CPUs, servers, storage, etc.) over the Internet, and PaaS is when the Cloud vendor provides the application development platform and all underlying infrastructure.

Cloud setups can be deployment in four models which are Public, Private, Community and Hybrid Cloud setups. The Public Cloud is the largest due to economy of scales while the private is the safest where an organization has an exclusive use of the Cloud resources hosted internally. A Community Cloud is when a group of organizations or entities share the same Cloud setup. For example, Local government bodies share same security requirements through a Community setup. The Hybrid Cloud involves all cloud models, for example, an organization can have front services running in a Public Cloud while, backend services running in a Private Cloud.

The business aspects of Cloud Computing include the lower Cap Ex costs, improved business continuity, and a reduction in running costs which allows an organization to focus on other objectives such as core business goals.
The Security aspects of Cloud Computing cannot and shouldn’t be ignored. We all know what happened to Sony, Sega, and Epsilon and their confidentiality issues. Availability is another issue which is keeping more customers away from Cloud Computing. The recent Amazon outage is a typical case!

Organizations need to look at security in terms of risks vs. values – the values should outweigh the risks. The visibility of security controls and platforms of the Cloud Service Provider is an important security requirement – demand it! Take all security measures from the organization point of view – for example, who/when can access the resources, monitor accesses, etc.

Understand your business functionality and criticality – check the Cloud vendors’ guarantee of availability and SLA details – check for fine prints that define scheduled outages. Get what type of data backup, data restoration, BC and DR plans the vendor has in place. Additionally, understand any regulatory requirements your business may need to be compliant with.

It is highly recommended to implement data encryption and key management, so check that these are supported by the vendor. Consider segregation of data, data retention when data is deleted and sharing of responsibilities in this mixed environment. Finally, ask a simple question, can I move my data out of this platform, in other words avoid vendor lock-in. Check for data migration capabilities!

In a nut shell, the disk was a 120GB 3.5” 7200rpm IDE Maxtor drive, two years old. It was housed within an aluminium external drive case. It was hooked up to a standalone Windows XP computer. It was spinning, no unusual noises such as clicks or retry access sounds. The file directory could be read. The client had last successfully placed data on the medium less than 15 days before.

I immediately got a hunch about what the problem was. As long as the word “green” didn’t factor in our conversation a chance of success remained. About 30 minutes later the client arrived at our office with the problem disk. I plugged the disk into one of our recovery units, powered it up and a few seconds later was looking at its contents. All file names were in green rather than the usual black font. This meant that the files had been encrypted using Windows XP’s Encrypted File System (EFS). EFS provides a file system level of encryption that allows files to be transparently encrypted from attackers who gain physical access to the computer.  EFS first made its debut in Windows 2000.

I asked the client whether he had reinstalled or replaced the computer on which he had last successfully accessed the data. He replied that this was an old computer and he had donated the machine to his church about 10 days before. I got a negative reply when I asked whether he had ever backed up this computer or made a copy of its encryption keys and certificates.

Have you ever watched a TV program of a high alert situation? That’s what happened next; I explained to the client that his only chance of getting back the data on that drive was if the computer he had donated was still intact. We looked up the church’s phone number and once found (God bless search engines) the client dialled the number. About half a dozen rings someone picked up at the other end. I won’t bore you with the conversation; when the client hung up we had all the details of the person who had volunteered to format the machine and install it from scratch. The second phone call was answered by this person’s mother. She told us that he had brought a computer home a few days ago. From this lead we got the mobile phone of the person my client was so desperately trying to contact.

The client managed to get hold of our make or break person. When asked whether he had formatted the computer the reply was a yes… but using a different hard disk. The hard disk on the original computer was very small and he had decided to replace it with a higher capacity one. The contents of the original hard disk were intact.

A couple of hours later we had rigged the original hard disk within the donated computer and had successfully copied the contents of the data on the external hard disk to unencrypted storage. Without getting too much into the technicalities what follows is a simple explanation of how EFS works. The first time a user enables the EFS, the system automatically generates a public/private key pair for that user if one doesn’t already exist.  This information is held in the user’s profile. For each file / folder, EFS generates a random number and uses the public key to encrypt the file. In order to decrypt the file, the private key is necessary.

Once the private key is lost decrypting the data is impossible.

I would like to thank the client who offered the entire team as well as the chap who had not formatted the hard disk dinner. As he put it “My life depended on that data”. Sadly not all stories end like this.