Today we have an editorial that was originally published on Oct 9, 2006.
Yesterday I wrote about compliance tips and one of the things I mentioned was using encryption and passwords for your backups. It's a good idea that you should use even with disk backups. You never know when someone might get socially-engineered and hand over one of your .bak files to the wrong folks.
But using encryption isn't enough; you need strong key management that changes the passwords on a regular basis to prevent data losses from the passwords getting released over time. I've worked in a dozen companies and there are many cases where a password has been used for some shared function, some application, some particular feature, whatever. If this password has remained the same for over a year, it's been almost common knowledge throughout the company what the password is. I've seen business people, executives, even secretaries that knew the password to the point where it was useless.
Shared passwords will be a fact of life in many cases. Administrative teams grow, help desk people may need access, consultants help out and learn them, and others overhear them. It's going to happen, so you need to mitigate this risk.
I used to manage a nightclub and we had similar risks with the alcohol. Since turnover was a fact of life, we had a simple policy. When a manager left, for any reason, all alarm codes were changed. On the third occurrence of a manager leaving, we had all locks re-keyed. It was a simple policy to reduce risk.
The same thing needs to happen with your backups. Use one or even a few passwords to protect the various database backups. But then change those passwords every month or two and escrow or archive the old ones. You may not be able to prevent losses of the backup files, but by ensuring they are protected and the passwords changed regularly, you may just protect the data.
And your job.