By Terry Fields, CEO at Yotta280
Feb 03, 2012

Yotta280 Online Data Backup Expert Tips: Backup and Recovery Security FIPS 140-2 – What & Why

Did you know that data travelling over the Internet is vulnerable? Hackers can gain unauthorized access to a session between two computers by exploiting what is called a session key (a session key is a key that is used to authenticate the connection). Hackers sometimes use source-routed IP packets to hijack information being passed between computers over a network. Alternately, they can use a sniffing program to watch the conversation (man in the middle attack). Therefore, it is not surprising that cloud service providers are concerned—nay, obsessed–with security and security protocols that will ensure that their customer data does not get hacked/diverted/stolen in transit from the client machine to the remote server. There is a scramble to reassure their customers regarding the security of their data backup and recovery services by developing encryption algorithms, certified as FIPS 140-2 compliant.

The Federal Information Processing Standard (FIPS) Publication 140-2 is a computer security standard that was developed by the US Government to accredit cryptographic modules. The guidelines for the development of such cryptographic algorithms have been published under the title “Security Requirements for Cryptographic Modules”.

FIPS 140-2 defines four levels of security numbered sequentially level 1 to level 4. The security levels required for specific types of applications are not prescribed. However, Level 1 offers the lowest level of security and Level 4 the highest. The FIPS 140-2 standard is the information security program for cryptographic programs produced by private software vendors, who would like to have their program certified for use in Government departments and industries, which are highly regulated—such as Financial and health care industries.

Cryptographic modules produced by backup and recovery vendors are tested in third party laboratories that are accredited as “Cryptographic Module Testing Laboratories”. The tests validate the modules against the requirements published in the FIPS 140-2 manual. Eleven areas pertaining to design and implementation are validated and each area is assigned a security level rating. The rating indicates the extent to which the requirements have been met. The overall rating confirms that a minimum number of independent ratings have been received for different areas and all the general requirements have been fulfilled adequately. The ratings received for different areas are listed out in the certificate that is issued to the cloud vendor.

Achieving FIPS 140-2 certification is not easy and hence customers find value in it. FIPS 140-2 certification makes a lot of difference in market positioning for the Cloud backup and recovery vendor. Cloud backup and recovery vendors who have received FIPS 140-2 certification offer advertise the fact as a proof of the robustness of their security algorithms. This assumes greater significance as security and privacy of data remains a major concern in cloud computing. The certification provides “hedging” to cloud vendors and customers who are anxious to find the right cloud backup and recovery vendor before they are ready to entrust their mission-critical information. Moreover, industries that are required to be compliance-heavy find it convenient to use the certification as a means of proving the compliance standards that they have implemented for the enterprise gathered information.

The security of your business data with FIPS140-2 certification is a definite plus and should be an expectation when reviewing recovery solutions.

Yotta280 recommends YottaVault, Powered by Asigra, an avant-garde cloud data backup and recovery solution specifically designed for Mid-sized to Enterprise organizations. Differentiated by its numerous value-added and industry leading features – agentless technology, on-site portable disaster recovery, multiple off site data centers, FIPS 140-2 certification and virtual environments support.

About the Author: Terry Fields, CEO of Yotta280, an Asigra cloud backup and recovery partner, has over 25 years of experience in the information management, disaster recovery, business continuity and data protection industry. Yotta280 has quickly become much more than a traditional online backup provider, allowing its customers to experience the most complete data protection and recovery capability available.

General Tags: online backup, CEO interviews, online data backup, online backup news, data storage, SaaS, online file backup, top rated online backups, backing up online, online backup reviews, online backup services, software as a service, online file storage, data security, online backup companies, cloud computing, compare online backups, online backup providers directory

Like us on Facebook

Do you like this post? Subscribe to our RSS feed ===========================

Sponsored Links:

Data Deposit Box


Bacula Systems



Related posts:

  1. Yotta280 Online Data Backup Expert Tips: Migrating from Tapes to the Cloud
  2. Yotta280 Online Data Backup Expert Tips: Why Continue to Build it Yourself?
  3. Yotta280 Online Data Backup Expert Tips: CapEx and OpEx Expenses in the Cloud
  4. Whitepaper – Yotta280 Online Data Backup Expert Tips: Getting the Right Service – Focus on SLA
  5. Symantec Achieves FIPS 140-2 and Common Criteria Certifications
  6. WinZip® 18.5 Enterprise Extends FIPS Security Compliance for Corporate and Government Accounts
  7. Yotta280 Launches New Backup and Disaster Recovery Website
  8. Panzura First Cloud Storage Controller to Achieve FIPS 140-2 Certification
  9. Yotta280 and CoNetrix Join Forces Through Innovative “Build IT Yourself” Cloud Backup Approach
  10. Yotta280 Forms a New Defense Line with the Jacksonville Jaguars

Tags: , , , ,