Data Integrity

Bayham Consulting, LLC ensures data security by using TrueCrypt, a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted or decrypted right before is loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. The entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc)

.

Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When consultants restart Windows or turn off their computers, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, we have to mount the volume (and provide the correct password and/or keyfile).

 

Stealth Technology

Until decrypted, a TrueCrypt partition/device appears to consist of nothing more than random data (it does not contain any kind of "signature"). Therefore, it is impossible to prove that a partition or a device is a TrueCrypt volume or that it has been encrypted. Additonlu,file-hosted TrueCrypt volumes (containers) do not contain any kind of "signature" either.

 

 

Bank Grade Encryption

Client files are protected using 448 bit Blowfish Encryption prior to storage in our offsite storage/backup facility. This extremely secure bank grade encryption algorithm has never been cracked. Files are then stored in this encrypted state at our secure data center. Further protection is provided with Individual Data Security. With KineticSecure, each Bayham Consultant gets his or her own individual account and password. This is significant because it means that each user also gets a unique encryption key. This encryption key ensures that while clients’ data are securely stored at our data center, only your consultant have access to your data. In fact, even our most privileged systems administrators do not have the ability to decrypt your data.

 

Our Secure Data Center

Clients’ data are securely stored in our Carrier Grade data center. Our all Cisco based switched network employs redundant Internet providers, redundant routers, and redundant firewalls. We use BGP and HSRP protocols to implement fail-over and redundancy. Even during the big blackout of August 2003 our data center was up and running without any interruption of service.

We use only Carrier Grade computer hardware from major manufacturers to store clients’ data. There are no ―clones‖ in our data center. All systems operate on redundant power. Servers have dual power supplies fed from separate electrical panels. The facility includes triple redundant diesel generators, dual redundant UPSs, the latest fire suppression equipment, and 24 hour guards on-site.

There are two key things to know about our Data Center: your data is safe from crashes; your data is safe from hackers.

As each file is transferred to our data center, we carefully verify its integrity against a known CRC signature. Files are re-verified each time they are written to disk. If any file fails verification, it is retransmitted from your system or recovered from the replica server. This ensures that the data stored on our servers is the same data that was stored on our system.

 

Secure Protocol

The KineticSecure client communicates with our servers over a proprietary protocol that was designed specifically for Internet backup. Other Internet backup products that use popular web protocols like HTTP, FTP, or WebDav can be vulnerable to hacker and virus attacks. The extreme popularity of these protocols makes them a target. It is extremely unlikely that a hacker is going to invest the time and effort to go after a proprietary protocol. Even if they did, the 448 bit Blowfish Encryption has never been broken.

 

 

Our Continuous Backup and Why It's Better

Continuous Online Backup, the patented system only available with KineticSecure, is the best solution because it means we are always watching your files and looking for changes. Whenever a change is detected, our continuous online backup engine immediately extracts the changes, compresses them, encrypts them, and securely transfers them to our data center.

What's Wrong with a Scheduled Backup?

Most online backup tools do scheduled backups. Scheduling means the PC has to be online and running when the backup happens at its scheduled time. For example, an administrator may set the backup to happen at 8:00pm every night. If the PC is shut down at that time, or the Internet connection is lost even temporarily, the online backup fails and must wait for the next schedule to kick in.

How Is Continuous Backup Different?

Instead of one big backup at a pre-scheduled time, we do many tiny backups throughout the day. Each little change we make is like a little backup we’ll likely never notice, because these smaller backups are incremental and happen faster. And since there is no schedule to miss, we will never miss an opportunity to have your files backed up, nor have to manually back them up.

 

 

We Keep Multiple Versions of Each File

Every time your files change, the new versions of each file will be backed up automatically. But that doesn't mean we discard previous versions. In fact, the service will keep three previous versions by default, and can be set to keep up to 28.