Call us on: 0800 033 6633
Contact Us
Company
Support
Clients
Partners
Home  |  Online Backup  |  Other Services  |  Products
 
Call Sales on 0800 033 6633
Data Centre Tour
Free Trial

Software Awards

Hardware Awards

Online Backup Data Security
You are here: Home   Online Backup   Security   Data Security   Encryption

Data encryption

Arxcis Televaulting Software - Data Security and Encryption

The Arxcis Televaulting software which is used by Databarracks in the provision of its online backup service has been developed over 18 years. Arxcis is trusted by some of the largest companies in the world to protect their data and keep it secure. Security of data is paramount and data is encrypted within its own environment, it is never transmitted or stored in an unencrypted format.

Below are some of the encryption features of the software:


  • Choice of DES or AES encryption
  • Choice of encryption bit length 128/192/256
  • Encryption of data 'in-flight'
  • Encryption of data 'at-rest'
  • Encryption Keys are only ever known to the client
  • Encryption Keys are never escrowed at service providers location

A small selection of the companies that use the software:


  • Department of Trade and Industry (DTI)
  • National Health Service (NHS)
  • Porsche
  • Invesco
  • Charles Russell LLP
  • US Airforce
  • Coca-Cola

A small selection of Databarracks customers who use the software:


  • Centre for Medicine Research International (CMR)
  • Thomson Corporation
  • General Motors
  • Aegis Defence Systems
  • London Oncology Clinic
  • Moorcrofts LLP
  • Dixons Group PLC

Extract Below Taken From a White Paper Written by The Enterprise Strategy Group, Inc.


Data encryption

To prevent a "man-in-the-middle" from intercepting confidential traffic, all client/server data communications is encrypted using standard encryption algorithms like AES 128, AES 192, or AES 256. What's more, all encryption/de-encryption operations are done solely by the DS-Client. This masks the actual data content from the server provider assuaging the risk of an insider attack by a rogue employee. Even within a remote facility on a trusted LAN segment Arxcis will use existing native protocols to retrieve the data (e.g. SSH communication to Unix Servers, Oracle & DB2 native DB APIs)

Password protection

All backup servers need to have sufficient credentials access to each node in order to kick off a backup job. If these passwords are somehow compromised, an attacker could gain access to critical machines and data. Arxcis recognizes and protects against this threat by encrypting access passwords using AES 128 in its database while the DS-Client encryption keys are stored in encrypted format in the registry. The DS-Client access is done via the existing O/S security and the DSClient will not maintain its own login credentials and will forward login requests to the underlying O/S.

Client and system side logging

What happens if a legitimate administrator makes system changes in order to set up an insider attack? While this "worst case" scenario is hard to prevent, Arxcis provides detailed logging on the DS-Client and DS-Server that captures any configuration or database changes while monitoring events like a string of failed logins. This information can act as an alert of suspicious activity or a paper trail of clues for forensic investigations.

Perimeter security

Even with these security features built in, Arxcis still recommends that customers deploy a perimeter firewall to further protect DS-Client and the DS-System. As always, a properly configured firewall can allay the risk of an outsider doing an IP or port scan to discover the DS-Client or access it remotely.


Arxcis's backup software is unique in some ways because it is based on agentless access to backup clients over standard protocols like RPC, SSH, CIFS & various native database API protocols (Oracle, DB2, MS SQL Server etc.). Doesn't this type of standards-based open communications increase risk? ESG does not believe so. Since most organizations monitor their internal networks, LAN-based communication is unencrypted so Arxcis simply sends traffic over a standard protocol rather than a typical backup vendor's proprietary protocol. No increased risk here. Arxcis also can address internal threats with its support of SSH for critical UNIX, Oracle, or DB/2 data. Once data is aggregated at Arxcis's DS-Client, all client/server communication is transmitted and stored in an encrypted format as well.

In truth, Arxcis's architecture does not introduce incremental risk. On the contrary, an agentless backup software actually reduces vulnerabilities, risks, and threats associated with remote backup through the use of SSH, encrypted password storage, and encrypted client/server traffic.

Jon Oltsik 2006

The Enterprise Strategy Group

 Back to Top

Flash content. To view this content you need to install Adobe Flash Player

Description: Scrolling list of client and partner logos.

Privacy | Terms of Use | Trademarks | Site Map

© Copyright 2008 Databarracks Online Backup.