Zero-Knowledge secure and compliant Backups with Bareos Open Source
Bareos (Backup Archiving Recovery Open Sourced) is a reliable network Open Source software to backup, archive and restore files from all major operating systems.
When backing up sensible data, diverse regulation and policies for retention periods and security measurements have to be considered, especially when using cloud storage for digital assets.
The goal for cloud based backups is zero-knowledge-backup. This means that a cloud provider or Backup-as-a-Services (BaaS) provider shall have zero information about the data you backup into the remote storage.
This talk gives an overview of Bareos and shows, how common requirements can be met with Bareos. This includes seamless transport encryption: since Bareos 18 TLS encryption between the components is pre-configured at activated by default.
The "secure erasure" feature was sponsored by a financial institue in order to comply with regulations setup by the German federal Bank (Bundesbank), several data encryption methods like on the client with individual and / or general keys as well as hardware encryption inside tape drives.
We will also introduce the complex scheduler and retention periods and give examples, how to implement different retention policies.