Compression vs Encryption
Many years ago, when designing backup strategy for our server, we decided to take advantage of one typical aspect of FileMaker databases. Because a lot of information is repeated many times in the database, such as values from value lists, item names, etc., compressing the database can often save more than 75 % of the occupied disk space. So by using a simple bash script, we could easily keep a history of 4 times more backups than without compression.
We created a very “paranoid” backup strategy, covering all different kinds of failures we could think of, and providing the fastest possible recovery time for each of them. Our strategy looked like this:
This worked very well for a long time, until we recently decided to increase our level of security by using the encryption at rest. What we forgot to think of was the impact on compression. It took just a few days before the backup disk got full and our backup script started failing. When checking why, we discovered that our compressed backups are now four times larger than before enabling the encryption.
It’s understandable, because encrypted data should look as random as possible, but the key outcome is that with FileMaker 16 you have to choose between encryption and compression for your backups. You cannot get both without too much extra hassle and without compromising the security. Actually, the only way to effectively utilize both compression and encryption at the same time, you have to take the backup, disable the encryption at rest, compress the database, then use a 3rd-party encryption to encrypt the compressed copy, and finally securely delete the temporary unencrypted copy.
If you are not using encryption at rest yet, or if this is even the first time you read about it, then make sure to check FileMaker Pro Advanced Help for more info about it. Also read this short thread in the FileMaker Community forum to learn why it’s important. To enable encryption at rest for your databases, you will need FileMaker Pro Advanced. Then in the Developer Tools dialog you will see it as one of the available options.
If you would like to be able to make compressed backups which retain the encryption at rest, you are more than welcome to support this idea submitted to FileMaker.
Until then, we suggest that you only turn on the encryption at rest for the files you really need it for, if you want to use compression to save space occupied by your backups, or buy larger storage and give up the compression completely.