We’re happy to announce that SnapShooter now will encrypt backups stored in the cloud. This new optional setting is now generally available on the platform.
Using a customer’s public key, we will use AES encryption on your files on the fly before they are sent to their ultimate storage destination. You will then be able to decrypt them using your private key.
But AES is a symmetric encryption, you might be saying. Yes, you are correct. This is why we have SnapShooter users generate an RSA public and private key pair. Using that public key, we generate a unique key per backup using OpenSSL and encrypt the data on the fly. We do this because the rsautl program isn’t great at encrypting large amounts of data, so we use OpenSSL to do the encryption. Specifically, the command we’re using is openssl enc -aes-256-cbc.
Here’s why this is important. Unlike some of our competitors, we will never ask you to store your private key on your server. We feel that’s a bad security practice, so we never have access or store your private key. It stays, well, private, for you to manage as you need to.
When it comes time to restore your encrypted data, we’ll prompt you to unlock the backup unique key using your private key. We will then decrypt the backup and restore. Your private key is never shared with SnapShooter. Easy peasy and secure!
This encryption is optional and is now available on business and agency plans. If you have more specific questions about this process, please let us know, we’re happy to go into greater detail.