data.day
backups / encryption / infrastructure

Backups Are Not Neutral. They Can Be the Biggest Leak.

You lock the front door, but you leave the backup tape on the porch. Why unencrypted snapshots are the most common source of total data exposure.

Lars Parse Lars Parse

The Shadow of Your Data

Security attention is usually focused on the “Live” system. We watch the login page. We watch the firewall. We monitor active users.

Meanwhile, at 3:00 AM every night, The Machine quietly takes everything you own, bundles it into a single file, and moves it to a storage bucket.

This file—the Backup—is dangerous.

In a live database, you have permissions. User A cannot see User B’s salary. In a backup file, those permissions often vanish. It is just raw text. If someone steals the backup file, they do not need a password. They do not need to hack the application. They simply open the text file and read.

The False Security: The “Internal” Network.

Many organizations argue: “The backup is safe because it is on our internal network.”

This is a misunderstanding of risk. Networks are porous. Ransomware gangs do not attack the live database first. They hunt for the backups. They find the archives, they exfiltrate them, and then they encrypt your systems.

If your backups are readable, they will blackmail you. “Pay us, or we publish your client list.”

If your backups were encrypted properly, the thieves would hold nothing but mathematical static.

The Mathematical Reality: Separate Keys for Separate States.

The architecture of a sovereign backup requires a key that is not stored with the data.

  1. The Process: The Machine generates the snapshot.
  2. The Encryption: Before the file touches the disk, it is encrypted with a Public Key.
  3. The Storage: The encrypted blob is moved to storage.

Crucially, the Private Key needed to decrypt this blob does not exist on the server. It exists offline. It is in your physical safe.

This means that even if a hacker gains “Root” access to your server, they cannot read yesterday’s backup. They can delete it, yes. But they cannot open it.

We must stop viewing backups as a chore. They are a concentration of risk. If you do not lock the copy as tightly as the original, you have not secured the system; you have merely displaced the vulnerability.

FAQs

Is the cloud provider's backup enough?

If the cloud provider holds the key to the backup, they can read it. If they can read it, a subpoena can read it.

What if I lose the backup key?

Then the backup is noise. It is useless. This is the definition of security. If it is easy to recover, it is easy to steal.

How often should I test the backup?

A backup that has not been restored is a hypothesis. You must test it quarterly to turn it into a fact.