Security Basics mailing list archives
Re: carbonite
From: "Steven Adair" <steven () securityzone org>
Date: Thu, 21 Jun 2007 17:20:07 -0400 (EDT)
This sounds like some questions you might want to bounce off of them. I don't see all the details while just lightly browsing their websites, but it does appear that the data is encrypted prior to it being stored at their location. Now some questions this brings up to me is: 1) How exactly is it encrypted? They say with the same encryption as banks and ePayment websites. Well, there are still some that don't use encryption and do they just mean encrypted in transit or stored? 2) If the data is encrypted on their servers, do they require key-escrow or are they the one that issued the encryption keys? (i.e. can they peak into it if they want to) 3) Is there any disaster recovery? What are the service levels? What if they lose your data? You can also ask them if they have gone through some sort of ISO 17799, SAS 70, or NIST 800-53 type audit. Even if they have that doesn't mean it covered everything you'd be concerned with. At least you'd know they took some extra measures of involving a (potentially useful/useless?) third-party. It's really a tough call unless they really spill the beans or they have someone trusted come out and weigh in on the overall security of the place. Steven securityzone.org
I have some corporate users that are asking for consent to use carbonite (carbonite.com) for maintaining backups of files etc. XM has been advertising this as a consumer tool for business continuity/disaster recovery etc. I have not seen or heard any pro's or cons about their security set up or if it's actually hardened to where it's a realistic alternative to traditional storage. Are there any security industry endorsements? Regards, Fred Martin
Current thread:
- carbonite fm16923 (Jun 21)
- Re: carbonite Jason Ross (Jun 22)
- Re: carbonite Steven Adair (Jun 22)
- RE: carbonite Dan Denton (Jun 22)
- Re: carbonite Brad Bendily (Jun 22)
- Re: carbonite Jason Ross (Jun 22)
- Re: carbonite Isaac Perez Moncho (Jun 22)
- Re: carbonite Isaac Perez Moncho (Jun 22)
- <Possible follow-ups>
- Re: carbonite evilwon12 (Jun 22)
- Re: carbonite krymson (Jun 22)
- Re: carbonite bluesoldier007 (Jun 22)